Senior, Manager Security Penetration Testing

Bloom Energy Offensive Security team reduces cyber risk by uncovering vulnerabilities and weaknesses in the enterprise cyber environment through coordinated ethical hacking and penetration testing scenarios.

As the Senior Manager Penetration Testing team youll be a hands-on leader leading all Bloom Energys Security Assessments and Penetration Testing efforts. The goal of the Penetration Testing and Security Assessment group is to proactively identify and remediate security vulnerabilities in Blooms products applications and infrastructure. Youll develop remediation strategy and counter measures for identified vulnerabilities. Youll work very closely with all the key departments within Bloom to ensure that they remain secure while they deliver new products and infrastructure.

Responsibilities

• Conduct Penetration testing (50-75% of the role) to identify and mitigate security vulnerabilities - networks systems and product.
• Lead and oversee the Security testing of our product API cloud enterprise network and Infrastructure ensuring that assessment activities are successfully completed on-time and communicated to stakeholders and management.
• Lead technology assessments including penetration testing red teaming purple testing and technical assessments related to data security cloud/on-prem infrastructure data protection network security secure coding APIs web applications and Internet of Things (IoT)/Operational Technology(OT).
• Understanding of cryptography authentication authorization network security protocols and application security.
• Manage and guide the Technology & IT Audit/Security testing strategy plan and execution in conducting all aspects of our projects including but not limited to the development of assessment scope and objectives development of risk and control matrix testing approach handling key communications audit deliverables and monitoring issue remediation efforts.
• Analyze vulnerabilities in the context of business impact and provide actionable mitigation strategies and counter measures.
• Contribute during leadership meetings on the departments strategy processes and approaches demonstrating strong security testing and audit domain knowledge. Partner with management to improve effective identify risks and improve the control environment.
• Demonstrate thought leadership for current and emerging technology topics including cybersecurity DevOps IoT/OT and data governance.
• Ensure that all team deliverables are of high-quality through high-engagement detailed oversight direct involvement and thought leadership.
• Develop coach and mentor a high-performing penetration testing team through hiring oversight training and timely and candid performance feedback.

Qualifications

• Bachelors degree in engineering Computer Science Information Technology or related field.
• 10 years of related work experience.
• 3 years of management/leadership experience.
• Experience in delivering and leading penetration testing activities red teaming purple teaming web application assessments technical assessments information technology audits network and system implementation reviews and advisory projects.
• Hands-on experience with enterprise-grade tools such as Burp Suite Nmap/Nessus MetasploitBloodHound and Kali Linux.
• Experience in managing teams delivering high-quality technical assessment work products and communicating effectively with various partners (e.g. external/internal stakeholders senior management etc.).
• Familiarity with information technology business processes and financial reporting audits and familiarity with control frameworks such as NIST ISO SANS CIS SOX and global data privacy laws (e.g. GDPR CCPA CPRA).
• Proven leadership skills and a tendency to lead through influence lead by example build relationship and collaborate.
• Professional credentials preferred (CISSP OSCP CEH or comparable).