Application Penetration Testing Manager

A career in our Network Information Security (NIS) team willprovideyouthe opportunity to solve our clients most critical application and data protection challenges. As a Manager in the Application Penetration Testing team you will lead complex testing engagements shape our service offerings and develop our people.Youllcombine deep technical tradecraft with strong client leadership to helporganizationsunderstand and manage realworld application security risk.

You will work closely with CISOs engineering leaders and product teams to scope deliver and explain application security assessments across web mobile API and cloudnative environments. You willbe responsible forquality timelines and risk management on your projects while also contributing to innovation in testing techniques and the way we use automation and AI to extend our capabilities.

Responsibilities

PwC Professional skills and responsibilities for this management level include but are not limited to:

• Lead multiple concurrent application penetration testing engagements from planning to reporting ensuring quality timeliness andinternalclient satisfaction.

• Scope and design testing approaches for complex applications (web mobile APIs microservices cloudnative) balancing risk coverage effort and client constraints.

• Assist EMEA CISO/BISO teams on number of AppSecinitiativeswithinEMEA;

• Apply advanced manual testing techniques (e.g.business logic abuse multistep workflows chained exploits alongside targeted use of automated tools and AIassisted capabilities.

• Review and challenge technical findings produced by theteam ensuring accuracy clear risk articulation and practical remediation guidance for engineering audiences.

• Translate technical results into businessrelevant impact for senior stakeholders (e.g.data exposure fraud risk compliance impact) and lead readouts with client security and product leadership.

• Coach and mentor junior and senior penetration testers providing structured feedback onthejob training and stretch opportunities to develop their tradecraft and consultingskills.

• Use engagement reviews as an opportunity to systematically uplift team capabilitystandardizegood practices and drive consistency in testing depth and reporting quality.

• Contribute to service development by enhancing methodologies checklists and tooling approaches (including AIaugmented testing workflows) and embedding them across the team.

• Collaborate with account teams and leadership toidentifyfollowon or adjacent opportunities (e.g.secure SDLC threat modelling code review developer training) based onidentifiedweaknesses.

• Support shapingupservice-relatedchallenges on complextechnical approaches effort estimates and risk mitigations for application security assessments.

• Foster a positive and inclusive team environment by effectively managing workloads supporting work-life balance anddemonstratingopen respectful communication.

• Use feedback and reflection to continuously refine your leadership technical and commercial skills and uphold the firms code of ethics and business conduct.

Minimum Degree Required
Bachelors Degree

Minimum Years of Experience
5 years of experience in application security / penetration testing including significant handson testing and at least 12 years in a lead or supervisory role.

Preferred Fields of Study
Computer and Information Science Computer Applications Computer Engineering InformationCyberSecurity Information Technology Management InformationSystemsor equivalent experience.

Required Technical Skills and Knowledge

Demonstrates extensive knowledge and/or a proven record of success in the following areas:

• Indepth understanding of web applications APIs and services including platforms and stacks such as IIS Apache variants Nginx modern frontend frameworks and common API technologies (REST SOAPGraphQL).

• Strong understanding of web and application security frameworks and guidance including OWASP Top 10 OWASP API Top 10 OWASP MASVS and SANS/CWE Top 25.

• Proven ability toidentifyand exploit application vulnerabilities such as SQL injection XSS CSRF SSTI IDORauthN/authZflaws and logic issues and todemonstraterealistic business impact.

• Handson use of industrystandard testing tools (e.g.Burp Suite Pro ZAP proxy tools interception frameworks) and familiarity with SAST/DAST/IAST and API security testing tools.

• Solid understanding of application hosting environments: Windows and Linux web servers application servers databases WAFs load balancers reverse proxies and common cloud platforms (AWS Azure GCP).

• Experience designing and executing tests for modern architectures (microservices containers serverless CI/CDdriven deployments) and integrating findings into secure SDLC practices.

• Experience using or evaluating AIassisted techniques in security testing (e.g.AIaided recon test idea generation or report support) withappropriate validationand risk controls.

Required Professional Skills and Abilities

Demonstrates abilities and/or a proven record of success in the following areas:

• Leading endtoend application penetration testing engagements including scoping planning execution oversight issue escalation and stakeholder communication.

• Managing small to mediumsized teams of testers delegating effectively and ensuring consistent test coverage and quality.

• Reviewing and refining technical reports for clarity accuracy risk rating and actionable remediation steps tailored to developers and architects.

• Communicating complex technical concepts clearly and succinctly to both technical and nontechnical stakeholders adapting depth and style asappropriate.

• Building andmaintainingstrong client relationshipsparticipatingactively in discussions and positioning relevant addon services aligned to client needs.

• Balancing project economics (budget effort and scope) whilemaintainingagreed quality standards and addressing unanticipated issues constructively.

• Creating a positive team climate bymonitoringworkloads providingtimelyfeedback and supporting the growth and wellbeing of team members.

• Proactivelyseekingand incorporating guidance clarification and feedback from leadership and keeping stakeholders informed of progress risks and issues.