Lead Penetration Testing Engineer

• Conduct authenticated and unauthenticated web application penetration tests on internal and third-party applications; identify vulnerabilities aligned to OWASP Top 10/ASVS, demonstrate exploitability, and validate fixes.
• Perform internal and external network penetration tests, including attack path discovery, privilege escalation, lateral movement, segmentation validation, and internet-facing exposure reviews.
• Execute targeted security testing in additional domains such as APIs, mobile applications (as applicable), cloud configuration/exposure validation, and wireless assessments.
• Build and maintain repeatable testing playbooks covering reconnaissance, exploitation, post-exploitation, evidence collection, and remediation validation.
• Produce clear deliverables including executive summaries, technical reports, reproducible steps, risk ratings, and remediation guidance; brief engineers, stakeholders, and security leadership.
• Partner with application and infrastructure teams to remediate findings, conduct retesting, confirm closure, and improve secure SDLC practices.
• Support purple-team activities by collaborating with detection and response teams to strengthen logging, alerting, and detection logic.
• Develop and maintain testing tools, scripts, and automations in Python, PowerShell, and Bash.
• Mentor junior team members to expand technical knowledge and hands-on capabilities. - Work with third-party testers to define scopes, oversee execution and reporting, and assign ownership of findings.

One or more of the following certifications:

• Highly Preferred: OSCP, OSWE, OSEP, OSWP, or OSEE
• GIAC: GPEN, GWAPT, GXPN, or GWEB
• eCPPT or PNPT
• Bonus: CISSP, cloud security certifications (AWS/Azure), or other relevant credentials.

Core Competencies:

• Analysis: Identify issues, compare data, and draw defensible conclusions.
• Communication: Clearly convey technical details and risk to engineers, finding owners, and leadership.
• Judgment & Decision Making: Recommend appropriate actions based on available facts and constraints.
• Technical Knowledge: Stay current on offensive security techniques, defenses, and industry trends.
• Relationship Building: Collaborate effectively with partners to achieve security objectives.
• Client Focus: Support internal teams as customers while managing firm-wide risk.
• Leadership: Share knowledge and provide mentorship through training and guidance.

• 7+ years of offensive security experience as a red team operator and penetration tester across web applications, corporate networks, and infrastructure.
• Strong understanding of networking fundamentals and protocols (TCP/IP, DNS, HTTP/S, TLS, SMTP, SMB, Kerberos, LDAP, etc.).
• Deep familiarity with Windows and Linux, including Active Directory, authentication flows, endpoint posture, and common misconfigurations.
• Proven ability to test and interact with APIs, including automation and integration validation.
• Demonstrated ability to create advanced scripts, tools, and automation using PowerShell, Python, or Bash.
• Strong report-writing skills with the ability to translate technical findings into business-aligned risk and actionable remediation.
• Leadership qualities to support technical development of team members.

Tooling Expectations (Hands-On):

• Recon & Enumeration: Nmap, Masscan, Amass, Subfinder, Nuclei, Nikto, whatweb, dnsrecon, enum4linux-ng
• Web & API Testing: OWASP ZAP, sqlmap, ffuf/gobuster, testssl.sh, JWT tooling, Burp Suite
• Exploit & Post-Exploitation: Metasploit, Impacket, BloodHound, Responder, Kerbrute, CrackMapExec/NetExec, smbclient, LDAP tooling
• Passwords & Traffic: Wireshark/tshark, John the Ripper, Hashcat, Hydra