About Us:
We are a forward-thinking technology company committed to delivering secure and innovative software solutions. We are seeking an experienced and highly skilled Team Lead - Ethical Hacker to join our security team. This role is crucial in safeguarding our digital assets, ensuring our applications are secure, and leading our ethical hacking efforts. The ideal candidate will have a deep understanding of cybersecurity principles, hands-on experience with penetration testing, and a proven track record of managing and mentoring security teams.
Job Description:
As the Team Lead - Ethical Hacker, you will play a critical role in identifying, assessing, and mitigating security vulnerabilities across our software products. You will lead a team of ethical hackers and security analysts, ensuring that our applications and systems are resilient against cyber threats. Your expertise in both offensive and defensive security measures will be essential in guiding the team and setting the strategic direction for our security initiatives.
This role is initially remote, with the possibility of occasional on-site collaboration for team-building and strategic planning sessions. The position is contract-to-hire, offering an opportunity to transition to a full-time role based on performance and mutual agreement.
Responsibilities:
- Leadership: Lead and mentor a team of ethical hackers, fostering a culture of continuous improvement, collaboration, and security excellence.
- Security Assessments: Conduct and oversee comprehensive security assessments, including penetration testing, vulnerability scanning, and risk analysis.
- Threat Modeling: Develop and implement threat models to identify potential security risks and vulnerabilities in software architecture and code.
- Incident Response: Lead the response to security incidents, including investigation, containment, and remediation efforts.
- Collaboration: Work closely with development, product, and infrastructure teams to integrate security best practices throughout the software development lifecycle (SDLC).
- Security Tools: Implement and manage security tools and technologies, such as SIEM, IDS/IPS, WAF, and DAST/SAST tools.
- Code Reviews: Conduct and oversee secure code reviews to identify and remediate potential vulnerabilities in application code.
- Compliance: Ensure compliance with industry standards and regulations, such as OWASP, GDPR, and ISO 27001.
- Reporting: Provide detailed reports on security assessments, including identified vulnerabilities, potential impact, and recommended remediation.
- Continuous Learning: Stay up-to-date with the latest security trends, tools, and techniques, and share knowledge with the team to enhance our security posture.
Qualifications:
- Educational Background: Bachelor’s degree in Computer Science, Cybersecurity, or a related field. Relevant certifications (e.g., CEH, CISSP, OSCP) are highly desirable.
- Experience: Minimum of 10 years of experience in cybersecurity, with at least 3-5 years in a leadership role focusing on ethical hacking and penetration testing.
- Technical Expertise:
- Strong experience in ethical hacking, penetration testing, and vulnerability assessment methodologies.
- Proficiency with security tools such as Metasploit, Burp Suite, Nmap, Wireshark, and Kali Linux.
- Deep understanding of web application security, network security, and cloud security (AWS, Azure).
- Familiarity with security frameworks and standards, such as OWASP Top Ten, MITRE ATT&CK, and NIST.
- Experience with secure coding practices and code review processes in languages like Python, JavaScript, Java, and C#.
- Knowledge of cryptographic protocols, encryption standards, and secure communication practices.
- Proficiency with CI/CD pipelines and integrating security testing into DevOps practices (DevSecOps).
- Leadership Skills: Proven ability to lead and mentor a security team, manage projects, and drive security initiatives to completion.
- Communication: Excellent verbal and written communication skills, with the ability to convey complex security concepts to both technical and non-technical stakeholders.
- Problem-Solving: Strong analytical and problem-solving skills, with a focus on identifying and mitigating security risks.
- Adaptability: Ability to thrive in a fast-paced environment and quickly adapt to changing security landscapes and business needs.
Challenges and Opportunities:
This role offers the opportunity to lead high-impact security projects and significantly influence the security posture of our organization. You will be challenged to stay ahead of evolving cyber threats and develop innovative solutions to protect our assets while working with a talented and motivated team.
