Manager- Penetration Testing
Indexed description
Title: Penetration Testing Manager
Location: Hybrid (Princeton, NJ / Clifton, NJ / Berwyn, PA / Austin, TX / Stamford, CT / Atlanta, GA)
Type: Permanent (Full-Time)
We are seeking a manager to lead the client's Penetration Testing Team, reporting into leadership within the Threat Intelligence and Assurance function. This role combines technical leadership with program ownership, focused on delivering high-quality, engineering-driven penetration testing across a complex, highly regulated financial environment. You will be responsible for building and maturing a team that performs rigorous assessments across applications, networks, APIs, and cloud platforms, while establishing consistent, risk-aligned testing practices.
Manager is accountable for defining technical standards, you will ensure testing results translate into measurable risk reduction and sustained improvements in secure design and implementation.
Key Responsibilities
- Lead, mentor, and develop a team of penetration testers, fostering strong technical depth, hands-on expertise, and continuous skill development across application, network, and cloud domains.
- Own and evolve the penetration testing program, including methodologies, tooling, quality assurance practices, reporting standards, and risk-based prioritization of testing activities.
- Drive delivery of high quality, hands-on testing across enterprise applications, APIs, infrastructure, and cloud environments, ensuring assessments are technically rigorous and aligned to real-world exploitability.
- Establish and enforce engineering-centric testing standards, ensuring consistency, reproducibility, and depth across both internal and third-party executed assessments.
- Oversee and coordinate testing performed by external providers, including scoping, execution expectations, and technical validation of results to ensure quality and accuracy.
- Ensure regulator and audit ready outputs, including clear documentation, evidence-based findings, and reporting that ties technical vulnerabilities to business and risk impact.
- Partner with engineering, infrastructure, and architecture teams to drive effective remediation, validate fixes, and improve secure design and development practices.
- Integrate emerging technologies and techniques into the program, including AI/LLM-focused testing approaches and assurance of enterprise AI deployments (e.g., prompt injection, model abuse, data exposure).
- Track, analyze, and communicate program metrics, including coverage, risk trends, vulnerability recurrence, and remediation performance, providing clear insights to senior leadership.
- Continuously improve program maturity, balancing technical depth with scalability, consistency, and alignment to evolving threats, technologies, and regulatory expectations.
Must Have Skills:
- Leadership: 8+ years in offensive security with 2+ years of formal team management experience.
- Technical Depth: Expert-level knowledge of network, application, and API penetration testing; strong mastery of cloud-native and containerized environments.
- Strategic Oversight: Ability to evolve testing methodologies, tooling, and reporting standards to be audit/regulator-ready.
- Communication: Proven ability to translate technical vulnerabilities into business/risk impact for executive stakeholders.
- Modern Security: Deep understanding of identity-centric architectures and remediation validation.
- Compliance: Experience operating within complex, highly regulated financial environments.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search