Reference # 19-00477 Title Manager, Penetration Testing
Location Scottsdale, ARIZONA
Position Type Direct Placement
Experience Level Direct Placement
Start Date / End Date 11-07-2019 --- 30-11--0001
Manager, Pen Testing; This person would lead a team of up to 10 Pen Testers and needs to come from a Pen Testing background.

Overall Purpose
This position is primarily responsible for leading a team to find and document security vulnerabilities through approved penetration testing efforts, prioritize remediation efforts based on risk, for the purpose of securing Clients, infrastructure, networks, and applications.

Essential Functions
" Implement Security Penetration Testing directives as defined by the CISO, Security Technology Director, and in line with written security policy, and industry best practices.
" Responsible for the day-to-day responsibilities, development, hiring, performance discussions and day to day staff management of the Penetration Test team, ensuring the team is operating efficiently and effectively
" Responsible for the escalation and communication of Penetration Testing issues to the Security Technology Director.
" Coordinate Penetration Testing efforts with approved 3rd parties, whenever required.
" Develop metrics to measure individual and team performance, as well as value provided to the organization.
" Assist with internal security investigations.
" Supervise and manage the day-to-day responsibilities of the Penetration Testing team ensuring the team is operating efficiently and effectively.
" Provide positive leadership and quality results driven direction to the members of the Penetration Testing team.
" Researches, evaluates, and stays current on emerging security tools, trends, policies, best practices, techniques, and technologies.
" Communicate in an open and productive manner with all team members, leadership, and customers to collaboratively solve the needs of the business. Work with Security Architects and Security Engineers to gather information and conduct penetration tests.
" Review and process static source code vulnerability analysis reports for client developed applications as directed.
" Maintain demonstrable knowledge of current vulnerability exploitation techniques.
" Support the company's commitment to protect the integrity and confidentiality of systems and data.

" Education or experience equivalent to a Bachelor's degree in Computer Science, Computer Information Systems, Information Security, Engineering, Math or Physical Science, or related field.
" Strong understanding of offensive and defensive security, including offensive evasion and defensive detection techniques.
" Strong understanding of TCP/IP.
" 6 years of general security penetration testing experience.
" 10 years of general IT or information security experience.

" Experience managing or supervising penetration testing efforts of other team members
" Working knowledge of communication network technologies.
" Working understanding of Active Directory, Exchange, and SharePoint
" Advanced working understanding of penetration test assessment procedures and penetration test tools such as Backtrack/Kali Linux, proxies, and other industry standard tools.
" Expert knowledge of Open Web Application Security Project (OWASP) Top 10 Vulnerabilities and testing procedures.

" Advanced working understanding of information gathering techniques and processes.
" Advanced working understanding of web application technologies, programing languages, databases, Linux, Unix, Mac OSX, and Windows operating systems.
" Effective interpersonal skills.
" Experience in analyzing risk associated with security vulnerabilities required.
" Strong writing skills.
The above job description is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow instructions and perform other related duties as assigned by their supervisor.

Preferred Qualifications
" Application Development background
" Social Engineering experience
" OSCP Certification
" OSCE Certification
" Additional related education and/or experience preferred