Manager of Penetration Testing & Exploit Development
Posted on May 30, 2021 by Request Technology
A prestigious fortune 500 company is on the search for a Manager of Penetration Testing & Exploit Development. This person will manage 8 to 10 people onshore and offshore. They will drive penetration testing for applications and systems penetration testing. They will secure the development within the cloud and work with vulnerability management.
- Own and drive the penetration testing program strategy for the Company Family of Brands including management of third party testing services and/or bug bounty programs
- Be a champion for vulnerability services and information security including broadening awareness and use of the team's services, education of security best practices and integration with other business areas.
- Drive actionable metrics and reporting for operations and leadership transparency
- Provide prompt attention and visibility into risks, vulnerabilities, and issues serving as an escalation path for team member effectiveness
- Closely support and collaborate with other Cyber Security Operations teams
- Provide support on incidents and outages as necessary to enable effectiveness of the team and its operations
- Serve as subject matter expert related to penetration testing, secure development, and secure configuration
- Have the ability to understand and develop enterprise policy and technical standards with specific regard to secure development/deployment and vulnerability management
- Be able to successfully partner with other security and IT professionals to assess potential impact from vulnerabilities specific to Company's environment, and determine and implement mitigating controls.
- Identify and recommend appropriate measures to manage and remediate vulnerabilities and reduce potential impacts on information resources to a level acceptable to the senior management of the company.
- Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner and within cloud solutions.
- Ability to fully understand business requirements and work with them to define appropriate solutions security objectives while meeting the business need.
- Providing mentorship, coaching, performance management and support to team members with regard to advanced offensive security techniques, vulnerability assessment, communication/rapport with other divisions and various levels of leadership, technical expertise, and career development.
- Continuously develop and execute training exercises and Capture the Flag activities for Cyber Security Operations Center teams to increase technical skills and understanding of the attacker mindset
- Bachelors and/or Masters Degree or equivalent experience in Information Security, Engineering, Computers Science, or related field
- 5+ years experience in penetration testing, offensive security, red teaming
- Drive to learn new things about vulnerability management, exploits, hacker techniques, and overall security operations
- Familiar with industry standard security best practices and multiple techniques for penetration testing
- Advanced experience with multiple open source tools for security testing
- Demonstrated ability to participate in cross functional teams, including offsite, remote and offshore resources
- Demonstrated ability to stay abreast securing evolving technology such as cloud and mobile computing.
- Knowledge of PCI, HIPAA, ISO, NIST, and IT Controls
- CISSP, GPEN, GWAPT, GMOB, OSCP or other industry certification or expected completion of certification within 1 year of hire.