Job Description: Director, Penetration Testing
Location: Preference for Las Vegas, Open to Remote w/Travel
Type: Direct Hire
Bottom Line / In a Nutshell
- 10+ years' experience in Technology
- 5+ years' experience in Cybersecurity
- 2+ years' experience in Penetration Testing
Job Description
The primary responsibilities of the Director - Penetration Testing is to direct the Penetration Testing process and activities includes planning, coordinating executing and reporting on sophisticated ethical hacking and penetration testing scenarios that simulate the tactics, techniques, and procedures of a variety of threat actors.
Essential Duties & Responsibilities
- Direct staff and organize department functions in accordance with company guidelines.
- Delegate tasks and department assignments or projects, meeting deadlines related to those assignments. Focus on achieving the goals or objectives of the department using available resources (staff and budgetary).
- Evaluate the schedule or timelines related to the completion of assignments, while maintaining service and/or product quality.
- Develop staff skills to enhance department effectiveness and manage resources to eliminate excess cost or unnecessary expenditures.
- Knowledgeable leader that can take a deep dive on available solutions and validating found vulnerabilities and explain the importance of secure configuration settings.
- Responsible for directing the development of end-to-end Penetration Testing processes and procedures and meaningful metrics. Therefore, this position must have expertise in the concepts, tools and the ability to do a deep dive when asked to explain findings and processes.
- The ability to communicate and work effectively with all facets of the corporation is expected along with expertise in communicating with Senior Management. It’s essential that this position has the ability to quantify and present the program and its metrics to Senior Management.
- Expertise in promulgating risk to the business by correlating vulnerabilities, configuration settings, and penetration testing results by performing an assessment of the risks that considers the threats, our vulnerability to those threats, the likelihood that vulnerabilities will be exploited, the impact of that exploitation will have on the company, and finally what the residual risk will be after the vulnerabilities, configuration settings and finding from the penetration tests are remediated.
- This position is expected to lead the Penetration Testing program by providing partnership with counterparts in each jurisdiction to attain a globally deployed team that is focused on processes and procedures in support of the Penetration Testing program.
- Lead and coordinate the activities of the Penetration Testing teams.
- Align penetration testing functions with the organization’s overall business objectives by reducing information technology’s exposure to vulnerabilities
- Work closely with peer managers to architect patching strategies for potential vulnerabilities ensuring information security policy and best practices are enforced globally.
- Act as information security’s liaison to internal business units to drive enterprise-wide patching efforts for approved third party software, manage expectations and set service level agreements.
- Act as information security’s liaison to internal business units to drive secure configurations in images used for desktops, servers, network devices, and wireless network devices.
- Manage penetration testing processes and procedures
- Manage remediation efforts including mentoring penetration testers in working with Information Technology to architect solutions
- Produce meaningful metrics and reports
- Participate in incident response activities
- Analyze metrics for trends and patterns to further refine Penetration Testing program effectiveness
- Perform job duties in a safe manner.
- Attend work as scheduled on a consistent and regular basis.
- Performs other related duties as assigned.
Minimum Qualifications
- At least 21 years of age.
- Proof of authorization to work in the United States.
- Bachelor’s degree or equivalent work experience.
- Must be able to obtain and maintain any certification or license, as required by law or policy.
- At least ten years of experience in Information Security and Technology with expertise in creating and managing teams who are responsible for managing vulnerability and configuration scanning and remediating the valid findings and teams who are focused on performing penetration testing and their remediation.
- Possess an information security certification such as CISSP, or GISP for at least five years or ten years’ experience in hands-on vulnerability management can be substituted for a certification
- Knowledgeable in change management processes and participate or delegate participation in change control process as needed.
- Ability to use automated tools and analysis to assess operating systems, applications, databases, servers and network equipment for vulnerabilities and secure configurations.
- Ability to perform internal and external penetration testing using automated tools and social engineering.
- Knowledge of and familiarity with identity and authentication management and their architecture.
- Knowledge of and familiarity with Public Key Infrastructure and key and certificate management.
- Ability to architect solutions for cross domain solutions to include Microsoft, Linux, IBM, SCADA, and Gaming.
- A working knowledge of vulnerabilities and configuration settings and their exploitation in order to gain access to networks, applications, hosts, and desktops. (White hat only)
- Security engineering.
- Malware analysis.
- Forensics analysis.
- Reverse software engineering.
- Wireless security architectures, scanning, rogue detection and prevention and secure configurations.
- Threat/Vulnerability Research.
- Source Code Scanning.
- Red Team engagements.
- Red Team and Tabletop exercise experience.
- Ability to gather and report meaningful metrics.
- Strong interpersonal skills with the ability to communicate effectively and interact appropriately with management, other Team Members and outside contacts of different backgrounds and levels of experience.
- Must be able to work varied shifts, including nights, weekends and holidays.
This Is a Great Opportunity With a First-class Company
Director, Penetration Testing
RED SKY Career Opportunities at: redskyconsulting.co/career-portal
Director, Penetration Testing
RED SKY Consulting Candidate and Client Referral Program!
2500
Do you know other IT professionals?
Turn those relationships into Money & help friends get work
RED SKY Consulting is offering a fantastic opportunity for you to earn extra money.
If you refer to us a Manager of people or skilled professionals, we will link your name to that person for 18 months.
If we employ or place that individual or place people into that company thru that manager
Director, Penetration Testing
RED SKY Consulting Company Overview
We are an IT and Cybersecurity staffing solutions, professional services, management consulting, and executive placement company with thousands of resources across multiple IT and Cybersecurity skill sets. Our primary US locations are Chicago, New York, Los Angeles, Atlanta, Nashville, Tampa and Denver and we have organizational arms in other domestic cities along with offshore alliances in India and Ireland. RED SKY has a 15+ year history of providing great technology talent. RED SKY has many clients including; 7 of the Fortune 10, half of the Fortune 100, and 25% of the Fortune 500 companies within the manufacturing, financial services, health care, government, consumer services, insurance, and several other industry verticals represented.
The RED SKY Foundation is being formed and will be providing fully funded college educations to underprivileged young adults in partnership with our clients starting 2022.
Keys: Penetration Testing, Pentester, Information Security, Cybersecurity, Red Team, Director, Management, Penetration Testing, Pentester, Information Security, Cybersecurity, Red Team, Director, Management, Penetration Testing, Pentester, Information Security, Cybersecurity, Red Team, Director, Management
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX