Director - Pentesting Solutions

Director – Pentesting Solutions

Role Summary

The Director – Pentesting Solutions will lead and scale the organization’s offensive security and penetration testing practice within a lean and fast-growing cybersecurity company. This role combines technical leadership, client advisory, delivery oversight, team management, and business growth responsibilities. The individual will be responsible for ensuring high-quality execution of penetration testing engagements, developing service capabilities, mentoring consultants, supporting pre-sales activities, and helping establish the company as a trusted cybersecurity partner.

The ideal candidate is an experienced offensive security leader who can operate effectively in a startup environment, balance strategic and hands-on responsibilities, and build scalable security assessment practices across diverse client environments.

Key Responsibilities

Practice Leadership & Delivery

• Lead and oversee penetration testing engagements across web applications, APIs, cloud environments, networks, mobile applications, wireless infrastructure, and enterprise systems.
• Establish and maintain testing methodologies, quality standards, reporting frameworks, and operational best practices.
• Ensure timely and high-quality delivery of client engagements while managing competing priorities and resource allocation.
• Review technical findings, risk ratings, remediation recommendations, and final assessment reports for accuracy and quality.
• Drive continuous improvement in offensive security capabilities, tooling, automation, and testing approaches.

Technical & Strategic Responsibilities

• Provide subject matter expertise in offensive security, adversary simulation, vulnerability assessment, and security architecture weaknesses.
• Guide complex security assessments and assist with advanced exploitation or high-risk engagements when required.
• Track emerging attack techniques, vulnerabilities, and threat trends relevant to client environments.
• Contribute to development of new service offerings and scalable assessment models aligned with market needs.
• Support internal security research, proof-of-concept development, and innovation initiatives.

Team Leadership

• Build, mentor, and manage a small but high-performing pentesting and offensive security team.
• Conduct technical reviews, performance coaching, and skill development initiatives for consultants.
• Foster a collaborative, learning-oriented, and accountable team culture suitable for a fast paced environment.
• Assist with hiring, onboarding, and capability development of new technical team members.

Client & Business Engagement

• Serve as a trusted advisor to clients on offensive security risks, remediation priorities, and security improvement strategies.
• Participate in client meetings, scoping discussions, technical presentations, and executive briefings.
• Support pre-sales activities including proposal preparation, effort estimation, solution design, and technical demonstrations.
• Collaborate with sales and leadership teams to expand client relationships and identify new business opportunities.

Operational Responsibilities

• Contribute to development of delivery processes, utilization planning, and practice-level operational metrics.
• Ensure engagement activities align with contractual, legal, confidentiality, and ethical requirements.
• Assist leadership in strategic planning, revenue growth initiatives, and service expansion efforts.

Candidate Specifications

Required Qualifications & Experience

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related technical discipline.
• 10+ years of experience in cybersecurity with significant focus on penetration testing and offensive security.
• Demonstrated experience leading penetration testing teams or offensive security practices.
• Strong hands-on experience performing and reviewing penetration tests across multiple technology domains.
• Experience interacting directly with enterprise clients and executive stakeholders.
• Prior experience working in fast-paced, lean, or startup-oriented environments preferred.

Technical Skills

• Strong understanding of web application, network, cloud, API, mobile, and infrastructure security.
• Experience with offensive security tools, frameworks, and methodologies.
• Familiarity with secure architecture concepts, common attack vectors, and remediation approaches.
• Knowledge of industry frameworks and standards such as OWASP, NIST, PTES, MITRE ATT&CK, and CIS benchmarks.
• Understanding of cloud platforms, container security, identity security, and modern enterprise environments.

Certifications (Preferred)

• OSCP, OSWE, OSEP, CRTP, LPT Master, CISSP, or equivalent offensive security certifications preferred.