Back to search
Logic Hire Solutions LTD Linkedin · Posted 13d ago

Penetration Testing

New Jersey, United States

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Job Title: Manager, Penetration Testing (Offensive Security Lead)

Location: Hybrid – Princeton, NJ | Clifton, NJ | Berwyn, PA | Austin, PA | Boston, MA | Quincy, MA

Salary Range: $185,000 - $195,000 + Performance Bonus

Department: Threat Intelligence & Assurance

Role Summary

We is seeking a highly technical Manager to lead our internal Penetration Testing Team. Reporting to senior leadership within the Threat Intelligence and Assurance function, this role is a hybrid of technical leadership and program ownership. You will be responsible for building, mentoring, and maturing a team of elite testers tasked with securing one of the world's most complex financial infrastructures.

This is not a "check-the-box" compliance role. We require an engineering-driven approach to offensive security. You will establish rigorous, evidence-based testing standards across applications, networks, APIs, and multi-cloud environments. Your leadership will ensure that testing outputs are regulator-ready, actionable, and directly translate into measurable risk reduction for the enterprise.

What You Will Be Responsible For

Team Leadership & Mentorship

  • Lead, mentor, and develop a team of penetration testers, fostering deep technical expertise and continuous skill development.
  • Cultivate a "Purple Team" mindset, ensuring testers collaborate effectively with defenders to improve detection and response capabilities.
  • Manage resource allocation, capacity planning, and professional development roadmaps to retain top-tier talent.

Program Ownership & Maturation

  • Own the lifecycle of the penetration testing program, including methodologies (e.g., OWASP, PTES, MITRE ATT&CK), tooling selection, QA practices, and reporting standards.
  • Establish and enforce engineering-centric testing standards to ensure consistency, reproducibility, and depth across internal and 3rd-party assessments.
  • Develop a risk-based prioritization model to ensure testing focuses on critical assets and emerging threat vectors.

Technical Execution & Hands-On Oversight

  • Drive delivery of high-quality, hands-on testing across diverse landscapes:
    • External/Internal Network: Bypassing firewalls, routers, switches, and segmentation controls.
    • Web Applications & APIs: Deep-dive assessments of RESTful, GraphQL, and SOAP APIs.
    • Cloud Platforms: Complex attack path identification in AWS, Azure, and GCP (IaaS, PaaS, SaaS).
  • Serve as the technical escalation point, assisting the team with complex exploitation chains, privilege escalation, and lateral movement techniques.
  • Oversee and coordinate testing performed by external providers, including scoping, technical validation of results, and ensuring adherence to State Street’s quality standards.
Audit, Governance, & Remediation

  • Ensure outputs are "Audit-Ready": Clear documentation, evidence-based findings, and reports that tie technical vulnerabilities to business impact and regulatory risk (e.g., FedRAMP, GLBA, NYDFS).
  • Partner with engineering, infrastructure, and architecture teams to drive effective remediation, validate fixes, and improve secure design/development practices.

Innovation & Emerging Tech (AI/ML Security)

  • Spearhead the integration of emerging technologies into the program, specifically focusing on AI/LLM security. This includes testing enterprise AI deployments for prompt injection, model abuse, data leakage, and insecure output handling.
  • Evaluate and integrate AI-assisted tools to automate reconnaissance, fuzzing, and vulnerability validation to increase team throughput.

Metrics & Reporting

  • Track, analyze, and communicate program KPIs (e.g., Mean Time to Remediate, vulnerability recurrence rates, coverage percentage) to senior leadership, translating technical jargon into clear business risk posture.

What We Value (Core Competencies)

  • Leadership via Influence: Ability to lead without explicit authority; building high-trust teams and developing future leaders.
  • Risk-Based Decision Making: Prioritizing what matters most in a highly regulated, complex environment.
  • Strategic Perspective: Connecting a technical finding (e.g., a buffer overflow) to enterprise risk outcomes (e.g., data breach impact).
  • Executive Communication: Ability to present complex findings to Board-level stakeholders and Engineering VPs.
  • Curiosity: A passion for continuous learning, especially in offensive AI/LLM security and cloud-native attacks.
  • Ownership: A "Bias for Action" - holding self and team accountable for driving issues through to closure.

Tech Stack & Tooling Environment

As a Manager, You Will Be Expected To Possess Deep Familiarity With The Following Technologies And Tools, And Guide Your Team In Their Effective Utilization

  • Operating Systems & Virtualization: Kali Linux, Windows Server/Linux (RHEL, Ubuntu), VMware, ESXi.
  • Programming & Scripting (for automation & exploit dev): Python, Go, Bash, PowerShell, Ruby (Metasploit), JavaScript/Node.js.
  • Cloud & Container Security:
    • AWS: EC2, S3, IAM, Lambda, VPC, EKS.
    • Azure: Entra ID (Azure AD), Azure Storage, Key Vault, AKS.
    • GCP: Compute Engine, Cloud Storage, IAM.
    • Container/Orchestration: Docker, Kubernetes, Helm, Istio.
  • Network Security & Exploitation:
    • Tools: Burp Suite Pro, Nmap, Wireshark, Cobalt Strike, Metasploit, BloodHound/SharpHound, Impacket, Responder, CrackMapExec.
    • Protocols: TCP/IP, LDAP, Kerberos, NTLM, SMB, RDP, DNS, SNMP.
  • Application Security:
    • SAST/DAST: Synopsys, Checkmarx, Fortify, OWASP ZAP.
    • API Testing: Postman, Insomnia, Burp Suite (BApps), custom Python scripts for fuzzing.
    • Frameworks: React, Angular, .NET Core, Spring Boot (familiarity for reviewing code).
  • IAM & Active Directory: Deep knowledge of AD attack paths, Kerberos delegation, Golden Ticket, DCSync, and Azure/Entra ID misconfigurations.
  • CI/CD & DevSecOps: Jenkins, GitLab CI, Azure DevOps – understanding of pipeline security (e.g., injecting malicious code, manipulating artifacts).
  • Vulnerability Management: Integration with tools like Tenable/Nessus, Rapid7, and Jira for ticketing/remediation tracking.
Preferred Qualifications & Experience

  • Experience: 8+ years in offensive security (Penetration Testing/Red Teaming) with at least 5 years in highly regulated sectors (Finance, Healthcare, Government). 2+ years of direct team management or Technical Lead experience preferred.
  • Technical Depth: Expert-level knowledge of network and application attack surfaces, including complex enterprise attack paths and microservices architectures.
  • Cloud: Proven experience compromising containerized environments and exploiting identity-centric architectures.
  • Regulatory Knowledge: Experience delivering outputs that satisfy internal audit, external regulators (OCC, FRB), and compliance frameworks (PCI-DSS, SOC2).
  • Remediation: Demonstrated ability to translate deep technical findings into actionable, risk-based remediation roadmaps for non-security technical teams.

Preferred Certifications (not Required, But Valued)

  • Offensive Security: OSCP, OSCE3, OSEP.
  • SANS: GPEN, GXPN, GWAPT, GCPN.
  • Industry: PNPT, CREST (CRT, CCT INF, CCT APP, CCRTS, CCRTM).

Nice-to-Have

  • Experience using AI/LLM tools (e.g., GPT-4, Copilot) to accelerate reconnaissance, code review, and exploit development.
  • Background in Application Development or DevOps Engineering.

Skills: application,remediation,oscp,risk,leadership,testing,enterprise,penetration testing,cloud,security
Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent