Lead Penetration Tester

Company Description

BreachLock, Inc. is a global leader in Continuous Attack Surface Discovery and Penetration Testing services. The company provides evidence-backed Attack Surface Management, Penetration Testing, and Red Teaming solutions aimed at helping organizations identify, prioritize, and mitigate security vulnerabilities. By offering an attacker's perspective, BreachLock uncovers risks that go beyond conventional vulnerabilities to enhance client defense strategies. Their proactive approach enables businesses to test their entire attack surface and prevent potential cyber breaches effectively. At BreachLock, the mission is to empower organizations to understand and mitigate their cybersecurity risks comprehensively.

Roles and Responsibilities

• Lead and execute complex penetration testing engagements across Web Applications, Mobile Applications, Infrastructure, Cloud, and APIs .
• Understand and assess complex enterprise systems and cybersecurity environments , applying advanced offensive security methodologies.
• Apply an adversary mindset to simulate real-world attack scenarios, including advanced threat actors, to meet project-specific objectives.
• Manage, mentor, and review work of a team of penetration testers , ensuring technical excellence, consistency, and quality of deliverables.
• Own end-to-end project execution scoping, planning, task allocation, timelines, and final reporting.
• Review, validate, and consolidate findings to ensure accuracy, risk prioritization, and business relevance .
• Effectively communicate vulnerabilities and risk posture to both technical teams and executive stakeholders.
• Provide actionable remediation guidance , including compensating controls for scenarios where vulnerabilities cannot be immediately fixed.
• Drive the development of internal tools, scripts, and automation to improve testing efficiency and coverage.
• Lead research initiatives to identify emerging vulnerabilities, new attack vectors, and evolving security testing techniques.
• Contribute to building and enhancing the organizations offensive security capabilities, frameworks, and best practices .
• Maintain high standards of ethical conduct, confidentiality, and professionalism in all client and internal engagements.

Desired Candidate Profile

• Bachelors degree in Information Technology, Cybersecurity, Information Systems Security , or equivalent practical experience.
• 6+ years of hands-on experience in Penetration Testing / Red Teaming , with at least 2 years of people management responsibilities.
• Proven experience leading and managing penetration testing teams and project managers , including mentoring junior members and conducting technical reviews.
• Strong expertise in Web, Infrastructure, Mobile Application, Cloud, and Vulnerability Assessments .
• Advanced hands-on experience with Kali Linux and tools such as Burp Suite, Metasploit, Nmap, Nessus , and other offensive security tools.
• Ability to prioritize workloads, manage multiple engagements , and meet deadlines while maintaining high-quality deliverables.
• Excellent written and verbal communication skills , with the ability to present complex security findings to both technical and non-technical stakeholders.
• Demonstrated ability to build strong cross-functional and client relationships .
• Strong commitment to ethical hacking principles and professional integrity .
• Willingness and ability to research emerging threats , develop automation, and continuously improve security testing methodologies.
• Preferred Certifications: OSCP, OSCE, eJPT, CEH, CRTO, or equivalent.
• Programming/scripting experience in Python, .NET, Bash, PowerShell , or other relevant languages.