Principal Penetration Tester/ Offensive Security Team Lead

Principal Penetration Tester/ Offensive Security Team Lead Role Summary The Principal Penetration Tester/ Offensive Security Team Lead will lead and scale the organization's offensive security and penetration testing practice within a lean and fast-growing cybersecurity company. This is a player-coach role : the ideal candidate is expected to remain deeply hands-on, actively conducting and contributing to penetration testing engagements alongside leadership, delivery oversight, team mentorship, and business growth responsibilities. This individual will set the technical bar for the practice — personally executing complex assessments, driving methodology excellence, and ensuring high-quality delivery across all client engagements. They will also support pre-sales activities and help establish the company as a trusted offensive security partner. The ideal candidate thrives in a startup environment, leads by technical example, and is equally comfortable exploiting a misconfigured cloud environment in the morning and presenting findings to a CISO in the afternoon. Key Responsibilities Hands-On Technical Delivery Personally conduct and contribute to penetration testing engagements across web applications, APIs, cloud environments, networks, mobile applications, wireless infrastructure, and enterprise systems. Take direct ownership of complex, high-risk, or sensitive engagements requiring deep technical expertise. Perform adversary simulation, exploit development, and advanced attack chain construction on client engagements. Author and review high-quality technical reports — including detailed findings, evidence, risk ratings, and actionable remediation guidance. Remain current with offensive tooling, exploitation techniques, CVE research, and emerging attack vectors through personal practice and research. Practice Leadership & Delivery Establish and continuously evolve testing methodologies, quality standards, reporting frameworks, and operational best practices. Ensure timely, high-quality delivery of all client engagements while managing resource allocation and competing priorities. Drive continuous improvement in offensive security capabilities, tooling, automation, and assessment approaches. Lead internal research, proof-of-concept development, and red team innovation initiatives. Technical & Strategic Responsibilities Serve as the practice's foremost technical authority on offensive security, adversary simulation, and vulnerability assessment. Guide and personally support advanced exploitation scenarios, novel attack surface assessments, and high-complexity engagements. Track and operationalize emerging attack techniques, vulnerability disclosures, and threat trends relevant to client environments. Contribute to development of new service offerings and scalable assessment models aligned with market demand. Team Leadership Build, mentor, and manage a small but high-performing pentesting team — leading by technical example, not just direction. Conduct hands-on technical reviews, pair-testing sessions, and skill development initiatives for consultants. Foster a collaborative, learning-oriented, and accountable team culture suited to a fast-paced environment. Support hiring, onboarding, and technical capability development of new team members. Client & Business Engagement Serve as a trusted technical advisor to clients on offensive security risks, remediation priorities, and security posture improvement. Lead client scoping discussions, technical walkthroughs, and executive briefings — translating complex findings into business-relevant risk. Support pre-sales activities including proposal preparation, effort estimation, solution design, and technical demonstrations. Collaborate with sales and leadership to grow client relationships and identify new service opportunities. Operational Responsibilities Contribute to delivery processes, utilization planning, and practice-level operational metrics. Ensure all engagement activities comply with contractual, legal, confidentiality, and ethical requirements. Assist leadership in strategic planning, revenue growth initiatives, and service expansion efforts. Candidate Specifications Required Qualifications & Experience Bachelor's degree in Computer Science, Information Security, Engineering, or a related technical discipline — or equivalent demonstrated experience. 10+ years in cybersecurity with a heavy, sustained focus on hands-on penetration testing and offensive security . Proven track record of personally executing penetration tests across multiple technology domains, not solely overseeing them. Demonstrated experience leading or building penetration testing teams or offensive security practices. Comfortable operating as an individual contributor on technical engagements while simultaneously carrying leadership responsibilities. Experience engaging directly with enterprise clients and executive stakeholders. Prior experience in fast-paced, lean, or startup-oriented environments strongly preferred. Technical Skills Deep, hands-on expertise in web application, network, cloud, API, mobile, and infrastructure security testing. Proficiency with offensive security tools and frameworks (e.g., Burp Suite, Metasploit, Cobalt Strike, BloodHound, Impacket, custom tooling). Strong command of exploitation techniques, post-exploitation tradecraft, lateral movement, and privilege escalation across Windows, Linux, and cloud environments. Familiarity with secure architecture concepts, common attack vectors, and practical remediation approaches. Working knowledge of cloud platforms (AWS, Azure, GCP), container security, identity security, and modern enterprise environments. Familiarity with OWASP, NIST, PTES, MITRE ATT&CK, and CIS benchmarks. Certifications (Preferred) OSCP, OSWE, OSEP, OSED, CRTO, CRTE, LPT Master, or equivalent hands-on offensive security certifications strongly preferred. CISSP or similar governance certifications are a plus but not a substitute for technical credentials.