Penetration Testing Lead

About The Position

Requirements

• 6-8+ years in offensive security with strong hands-on experience in penetration testing, red teaming, or related domains.
• 2-3+ years in a technical leadership or management role within a consultancy or internal security team.
• Proven ability to personally execute high-quality penetration testing engagements, not just manage them.
• Proven experience managing client engagements end-to-end in a professional services environment.
• Strong understanding of manual testing methodologies and frameworks, including OWASP, ASVS, WSTG, and NIST 800.
• Working knowledge of compliance and audit contexts, including SOC 2, ISO 27001, and PCI DSS, and how offensive testing maps to them.
• Ability to balance hands-on technical delivery with people leadership, quality ownership, and delivery management.
• Clear, confident communicator with engineers, executives, and non-technical stakeholders.
• Bias toward action, accountability, and high-quality outcomes.

Nice To Haves

• Experience working with SaaS, FinTech, or HealthTech companies.
• Familiarity with PTaaS or portal-driven delivery models.
• Offensive security certifications such as OSCP, OSEP, OSCE, or equivalent.

Responsibilities

• Manage and execute offensive security engagements
• Personally lead and execute penetration testing engagements across web applications, APIs, cloud environments, networks, and other offensive security service lines.
• Oversee and contribute to penetration tests, red team activities, and advanced security assessments.
• Act as the technical escalation point for complex findings, edge cases, and client questions.
• Stay close enough to the work to challenge assumptions, validate findings, and model strong testing methodology for the team.
• Lead and mentor the offensive security team
• Manage a team of pentesters and security engineers, providing technical guidance, feedback, and career development.
• Mentor team members through hands-on review of methodology, findings, reports, and client communication.
• Foster a culture of learning, curiosity, accountability, and high professional standards.
• Ensure delivery quality and consistency
• Own engagement scoping, execution quality, and reporting standards.
• Ensure findings are accurate, reproducible, risk-focused, and actionable for engineering and compliance teams.
• Review and improve reports so they meet a high bar for technical depth, clarity, and client readiness.
• Help ensure delivery remains consistent across engagements, regardless of tester, client size, or service line.
• Support sales and pre-sales efforts
• Partner with Sales on technical discovery calls, scoping discussions, and proposal input.
• Help prospects understand real-world risk, testing depth, and value beyond checkbox compliance.
• Bring practical, hands-on testing experience into scoping conversations so engagements are realistic, valuable, and properly structured.
• Improve delivery operations
• Track and improve key delivery metrics, including SLA adherence, retesting turnaround, utilization, client satisfaction, and reporting quality.
• Identify bottlenecks and continuously refine delivery processes and tooling.
• Balance operational oversight with direct participation in billable technical delivery.
• Contribute to service evolution
• Provide hands-on input into the design and refinement of service lines such as Red Teaming, AI/LLM testing, Secure Code Review, IoT, and other emerging areas.
• Help operationalize new offerings by defining scope, methodology, delivery standards, and quality expectations.
• Use direct engagement experience to improve how services are packaged, delivered, and explained to clients.