Lead Penetration Tester

Summary

You will be responsible for managing a team of penetration testers designing and executing complex security assessments and ensuring the security posture of critical systems and applications across our organization. You will also serve as a subject matter expert in identifying vulnerabilities providing remediation strategies and developing threat modeling.

Key Responsibilities

Strategic & Operational Leadership

• Set the direction and scope of internal and external penetration testing engagements.
• Develop refine and maintain the organizations penetration testing methodology.
• Align red team activities with business objectives risk priorities and threat intelligence.

Team Management

• Lead mentor and coach a team of penetration testers red teamers and offensive security analysts.
• Conduct regular 1-on-1s career development planning and performance evaluations.
• Build a collaborative and high-performing team culture with continuous skills development.

Planning & Execution Oversight

• Oversee project timelines resource allocation and task delegation.
• Ensure timely delivery of assessments and reporting within defined SLAs.
• Manage team workflows using Agile or structured project management frameworks.

Quality Assurance & Reporting

• Review and approve penetration testing reports for clarity accuracy and risk relevance.
• Ensure all tests are conducted ethically legally and in line with organizational policy.
• Maintain consistency in reporting formats severity ratings and risk classifications.

Technical Guidance & Escalation

• Provide hands-on support in complex testing scenarios (e.g. privilege escalation advanced persistence).
• Serve as the go-to expert in bypassing modern defenses (EDR WAF MFA etc.).
• Troubleshoot and advise during real-time engagements or red/purple team exercises.

Continuous Improvement

• Stay current with threat trends TTPs (MITRE ATT&CK) and industry frameworks (OWASP PTES NIST).
• Recommend new tools scripts and techniques to keep the team ahead of emerging threats.
• Introduce automation playbooks and reusable exploits to improve testing efficiency.

Training & Development

• Develop internal training modules labs and tabletop exercises.
• Support certifications and knowledge-sharing within the team (e.g. OSCP OSCE CRTO).
• Organize internal red team simulations capture-the-flag (CTF) challenges or lab walkthroughs.

Stakeholder Communication

• Present technical findings and risk assessments clearly to non-technical stakeholders.
• Interface with IT development SOC and compliance teams to coordinate remediation efforts.
• Participate in executive briefings or incident response drills where red team input is required.

Compliance & Documentation

• Ensure testing procedures align with regulatory frameworks (ISO 27001 PCI-DSS NIST).
• Maintain documentation for all tools payloads testing infrastructure and evidence handling.
• Establish safe testing protocols to avoid disruption or unintentional damage during engagements.