Penetration Testing Manager

About The Position

Requirements

• 8+ years in offensive security with experience in high security/highly regulated environments
• 2+ years leading teams preferred
• Deep expertise in network and application penetration testing, including enterprise attack paths and complex application ecosystems
• Strong knowledge of cloud, containerized environments, and identity-centric architectures
• Demonstrated ability to translate findings into actionable, risk-based remediation
• Strong stakeholder engagement and executive communication skills
• Prior successful experience working with technology owners and business unit leaders to reduce risk

Nice To Haves

• experience using AI/LLM tools to perform network and application penetration testing and configuration/security reviews
• BS/MS in relevant field; OSCP/OSEP/OSCE, GPEN/GXPN, GWAPT, GCPN, PNPT, CREST (CRT, CCT INF, CCT APP, CCRTS, CCRTM) or similar.

Responsibilities

• Lead, mentor, and develop a team of penetration testers, fostering strong technical depth, hands-on expertise, and continuous skill development across application, network, and cloud domains
• Own and evolve the penetration testing program, including methodologies, tooling, quality assurance practices, reporting standards, and risk-based prioritization of testing activities
• Drive delivery of high quality, hands on testing across enterprise applications, APIs, infrastructure, and cloud environments, ensuring assessments are technically rigorous and aligned to real-world exploitability
• Establish and enforce engineering-centric testing standards, ensuring consistency, reproducibility, and depth across both internal and third-party executed assessments
• Oversee and coordinate testing performed by external providers, including scoping, execution expectations, and technical validation of results to ensure quality and accuracy
• Ensure regulator and audit ready outputs, including clear documentation, evidence-based findings, and reporting that ties technical vulnerabilities to business and risk impact
• Partner with engineering, infrastructure, and architecture teams to drive effective remediation, validate fixes, and improve secure design and development practices
• Integrate emerging technologies and techniques into the program, including AI/LLM-focused testing approaches and assurance of enterprise AI deployments (e.g., prompt injection, model abuse, data exposure)
• Track, analyze, and communicate program metrics, including coverage, risk trends, vulnerability recurrence, and remediation performance, providing clear insights to senior leadership
• Continuously improve program maturity, balancing technical depth with scalability, consistency, and alignment to evolving threats, technologies, and regulatory expectations

Benefits

• our retirement savings plan (401K) with company match
• insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages
• paid-time off including vacation, sick leave, short term disability, and family care responsibilities
• access to our Employee Assistance Program
• incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans)
• eligibility for certain tax advantaged savings plans
• inclusive development opportunities
• flexible work-life support
• paid volunteer days
• vibrant employee networks