Penetration Testing Team Lead
Climb Channel Solutions NA
AWSAzureCloudCyber SecurityKubernetesSDLC
AVP, Cybersecurity – Offensive Lead
EXL
full-time
Posted on:
Origin: • 🇺🇸 United States
Visit company websiteJob Level
Senior
Tech Stack
AWSAzureCloudCyber SecurityDockerGoogle Cloud PlatformKubernetesLinuxMacOS
About the role
- Conduct red team operations, serving as red team lead or secondary operator; plan scenario execution, orchestrate team resources and make critical technical decisions
- Conduct offensive security engagements including Red Team operations, threat-based evaluations, and vulnerability research and exploitation against internal and external systems
- Design, scope, and lead complex technical assessments, Purple Team engagements, and other security initiatives to test detection and prevention effectiveness
- Automate portions of assessments, scoping, or other offensive security work to inform and drive engagements
- Incorporate Threat Intelligence research to track APT trends and test environments against emerging threats
- Collaborate with cross-functional teams (Incident Response, Product Security, other security partners) to align remediation efforts and drive fixes after testing cycles
- Develop and maintain relationships with internal customers to identify and facilitate solutions increasing team impact
- Influence and align team strategy and collaboratively prioritize and deliver multi-year roadmaps and projects
- Leverage deep technical expertise in operating systems, network architecture, and infrastructure to execute sophisticated attack chains in enterprise environments
- Pioneer offensive security capabilities with malware and capability developers by researching, developing, and operationalizing innovative techniques and proprietary tools
- Offer mentorship or coaching to growing team members and share knowledge externally through blogs, webinars, or conference presentations
- Contribute to scoping initiatives, provide subject matter expertise in sales presentations, and support marketing campaigns showcasing capabilities
- Define, document, and refine internal technical processes, service methodologies, and tactical procedures (TTPs)
- Perform administrative tasks related to day-to-day consulting to ensure smooth business and engagement operations
Requirements
- Strong communicator with the ability to positively influence engineers, developers, architects, and business leaders alike
- Thoughtful, pragmatic, and able to execute in a high-velocity, agile environment
- Deeply collaborative and experienced at embedding security into developer culture
- Track record of reducing risk without slowing down innovation
- Being articulate and precise to the internal stakeholders who are seeking counsel on what are the risks, why are they impactful, and options on how to resolve them
- Broad knowledge across the Security domain, as well as demonstrated focus in AI security evaluations and in one (or more) areas of Cybersecurity such as Red Teaming, Purple Teaming, Vulnerability Research, and Exploitation
- Master\'s degree (or foreign degree equivalent) in Information Systems Engineering, Computer Science, Engineering, Information Security, Cyber Security, Information Assurance, or related field (preferred)
- Bachelor\'s degree or higher, with a focus on IT, Computer Science, Engineering or Math or equivalent experience
- 8+ years of work experience performing adversarial simulation related engagements, with overall experience of 10-15 years
- Recognized Red Team or Penetration testing specific qualifications such as CCSAS, CCSAM, CRTO, OSED, OSCE (GXPN, GPEN, OSCP, GWAPT or similar certifications may also be considered)
- Working knowledge of Windows, Linux and MacOS operating systems internals
- Extensive understanding of the MITRE ATT&CK framework, OWASP Top 10, and other security frameworks
- Expertise in Windows Active Directory exploitation and lateral movement
- Working knowledge of cloud platforms (AWS/Azure/GCP and O365/Google Workspace) and container technologies (Kubernetes/Docker)
- Able to conduct cyber risk assessments using frameworks or standards like NIST CSF, ISO 27001/2, PCI, CIS Top 20, CMMC, or other industry measurement tools
- Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weaknesses after receiving permission from client stakeholders
- Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach
- Familiarity with offensive tools, based on applicable skillset
- Deep technical familiarity with offensive and defensive IT concepts and protocols
- Research and evaluate emerging privacy technologies from academia and industry, contributing to open-source tools and AI privacy standards
- Act as consultant and advocate for privacy best practices as central to our mission of Responsible AI
Similar jobs on JobTailor
Principal Consultant, Proactive Services - SOC
Palo Alto Networks
AWSAzureCloudCyber SecurityGoogle Cloud Platform
Cyber Architect/Engineer, Cloud SME
General Dynamics Information Technology
AWSAzureCloudCyber SecurityDNSGoogle Cloud PlatformLinux
Cloud Security Engineer
NOVA Corporation
AWSCloudCyber SecurityOpen Source
AI Security Architect
Skillable
AWSAzureCloudCyber SecurityGoogle Cloud Platform