Job Title: Director of Penetration Testing Department: Offensive Security / Cybersecurity Reports To: VP of Cybersecurity / Chief Information Security Officer (CISO) Location: Hybrid/Flexible (with travel as needed) Role Overview: The Director of Penetration Testing is responsible for leading and scaling the organization’s penetration testing practice, ensuring the delivery of high-quality security assessments. This role combines technical expertise, leadership skills, and strategic vision to manage a team of penetration testers, develop testing methodologies, and provide actionable insights to strengthen the organization’s security posture. The director will also serve as a trusted advisor to internal stakeholders and clients on offensive security matters. Key Responsibilities: Leadership & Strategy: • Define and execute the strategic vision for the penetration testing program. • Build, manage, and mentor a team of highly skilled penetration testers. • Drive innovation in tools, techniques, and methodologies to stay ahead of emerging threats. • Represent the penetration testing team in senior leadership and client-facing discussions. Operational Management: • Oversee the planning, execution, and delivery of penetration testing engagements, including network, application, cloud, mobile, and IoT assessments. • Ensure testing is conducted in compliance with industry standards and regulatory requirements. • Manage the development and maintenance of internal testing tools, frameworks, and scripts. • Monitor team performance and ensure alignment with organizational goals and KPIs. Collaboration & Stakeholder Engagement: • Partner with other cybersecurity teams (e.g., threat intelligence, incident response) to enhance the organization’s offensive security capabilities. • Communicate findings and remediation strategies to technical and non-technical audiences, including executives and board members. • Support the development of security policies and standards based on testing insights. Business Development: • Support the growth of the penetration testing practice by identifying new business opportunities and building client relationships. • Assist in scoping engagements, preparing proposals, and participating in client presentations. Risk Management & Reporting: • Deliver detailed reports outlining vulnerabilities, risks, and recommended mitigation strategies. • Prioritize findings based on business impact and collaborate with teams to drive remediation efforts. • Track and validate the resolution of identified issues. Skills & Qualifications: Technical Expertise: • Deep understanding of penetration testing tools and techniques (e.g., Burp Suite, Metasploit, Cobalt Strike, Nessus). • Expertise in vulnerability assessment, exploit development, and security testing across diverse environments (on-premise, cloud, hybrid). • Familiarity with frameworks and standards like OWASP Top Ten, MITRE ATT&CK, NIST, and PCI DSS. • Experience in reverse engineering, fuzzing, or red teaming is a plus. Leadership & Communication: • Proven experience leading and managing penetration testing teams or offensive security programs. • Strong communication skills, with the ability to articulate complex technical findings to non-technical stakeholders. • Experience building and maintaining cross-functional relationships with technical and business leaders. Essential Skills: • Ability to think creatively and adopt an adversarial mindset. • Strong project management skills, including the ability to handle multiple engagements simultaneously. • Attention to detail and a commitment to delivering high-quality results. Qualifications: • Bachelor’s or Master’s degree in cybersecurity, computer science, or related field. • Relevant certifications such as OSCP, OSCE, CREST CCT, GPEN, GXPN, or equivalent. • Additional certifications (e.g., CISSP, CISM) are advantageous. Key Attributes: • Strategic thinker with a hands-on approach when necessary. • Passionate about offensive security and driving innovation in testing techniques. • Collaborative, ethical, and committed to fostering a positive team culture. • Resilient and adaptable, with the ability to manage pressure in high-stakes environments.