Penetration Tester Team Lead
Positions
Penetration Tester Team Lead
Employment:
Full-time
Setup:
WFH
We are seeking a highly skilled and experienced Penetration Tester Team Lead to lead and manage offensive security initiatives aimed at identifying and exploiting vulnerabilities within our organization’s systems, applications, and networks. As a Penetration Tester Team Lead, you will oversee a team of ethical hackers, penetration testers, and security engineers to simulate advanced, real-world cyberattacks, evaluate security defenses, and provide strategic recommendations to improve the overall security posture. You will play a critical role in strengthening our defense mechanisms and collaborating closely with other security teams (e.g., Blue Team, SOC) to ensure comprehensive security resilience.
Key Responsibilities
Lead Red Team Operations: Oversee and lead Red Team exercises, including penetration testing, adversary emulation, and full-scope threat simulations. Ensure that the team conducts thorough assessments of systems, networks, applications, and cloud infrastructure.
Team Leadership and Mentorship: Manage, mentor, and guide a team of security engineers and penetration testers, helping them develop their skills, grow in their careers, and continuously improve their offensive security techniques.
Advanced Threat Simulation: Design and execute sophisticated attack simulations, including social engineering, phishing campaigns, and physical penetration testing. Simulate the tactics, techniques, and procedures (TTPs) of real-world threat actors to assess the organization’s detection and response capabilities.
Collaboration with Blue Team: Work closely with the Blue Team (defensive security team) to identify gaps in defense strategies, recommend improvements, and simulate attack scenarios to evaluate the effectiveness of security controls and incident response.
Vulnerability and Risk Assessment: Identify, exploit, and document vulnerabilities in applications, networks, and systems, providing detailed reports and strategic risk mitigation recommendations to senior leadership and relevant stakeholders.
Report Findings and Present Recommendations: Deliver comprehensive, actionable findings from Red Team engagements through clear and professional reports and presentations, outlining vulnerabilities, attack vectors, and suggested remediation strategies.
Tool Development and Custom Exploits: Develop and enhance custom tools and scripts to automate and improve offensive security assessments. Contribute to internal security projects and collaborate with other teams to develop new security solutions.
Continuous Learning & Research: Stay up to date with the latest trends, vulnerabilities, exploits, and attack methodologies in the cybersecurity field. Continuously enhance the Red Team’s skills and attack techniques by exploring new tools, tactics, and approaches.
Strategy Development: Assist in the development and refinement of the organization’s overall cybersecurity strategy by providing insights based on Red Team exercises, threat modeling, and risk analysis.
Security Awareness and Training: Educate internal teams and leadership about security threats, attack methods, and mitigation strategies to help raise security awareness across the organization.
Requirements
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent work experience). Advanced certifications and training in offensive security are highly preferred.
Relevant certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), GIAC Penetration Tester (GPEN), Offensive Security Web Expert (OSWE), or other advanced security certifications are preferred.
5+ years of hands-on experience in penetration testing, ethical hacking, or Red Teaming in an enterprise environment.
Minimum 2 years of experience leading and managing teams in a Red Team or offensive security role.
Strong experience in performing end-to-end penetration tests (network, application, and cloud) and developing realistic attack scenarios.
Experience with tools such as Kali Linux, Burp Suite, Metasploit, Cobalt Strike, Nessus, and other offensive security tools.
In-depth understanding of common attack vectors (e.g., SQL injection, cross-site scripting, buffer overflows) and real-world attack methodologies (e.g., Advanced Persistent Threats, social engineering).
Familiarity with the MITRE ATT&CK framework, threat intelligence analysis, and attack simulation techniques.
Knowledge of scripting and programming languages (e.g., Python, PowerShell, Bash, C, JavaScript) for exploit development and tool creation.
Expertise in network and web application penetration testing, vulnerability assessment, and exploitation.
Experience with cloud security (AWS, Azure, GCP) and container security.
Strong understanding of operating systems (Linux, Windows, macOS), networking protocols, and web technologies.
Proficiency in the use of common Red Team tools and frameworks, including but not limited to Metasploit, Cobalt Strike, Burp Suite, and custom-developed scripts.
Strong leadership and team management abilities, with a focus on fostering collaboration, knowledge sharing, and professional growth within the team.
Excellent communication skills, both written and verbal, with the ability to explain complex technical findings to both technical and non-technical stakeholders.
Strong analytical and problem-solving skills, with the ability to think creatively and adapt to evolving security challenges.
Ability to work independently, manage multiple projects, and prioritize tasks effectively in a fast-paced environment.
