Director, Penetration Testing

Summary

The Director of Penetration Testing will lead the strategy, execution, and ongoing enhancement of penetration testing activities across a diverse technology landscape, including both cloud-based and on-premise environments.

This individual will oversee testing efforts across business-critical platforms and internal systems. The role includes full lifecycle ownership of external testing partners—ensuring engagements are properly defined, executed, and meet established quality standards. Additionally, the Director will supervise a testing coordinator responsible for scheduling, tracking, and governance of all related activities.

A key focus of this position is the development of an in-house penetration testing capability. This includes establishing frameworks, methodologies, and best practices, while also performing hands-on testing as needed to produce high-quality, defensible results.

This is a hands-on leadership role that blends program ownership, technical expertise, and team development. The Director will be responsible for ensuring the effectiveness of penetration testing as a risk control function, while actively contributing to testing initiatives as the internal capability evolves. The ideal candidate brings strong technical penetration testing experience along with a background in managing structured testing programs and third-party providers.

Responsibilities

• Lead and manage penetration testing efforts across enterprise systems and platforms
• Develop and maintain testing frameworks, standards, and quality metrics
• Establish risk-based priorities, scope, and coverage for testing activities
• Monitor remediation efforts and confirm resolution of identified vulnerabilities
• Oversee the selection and management of testing tools and platforms
• Build internal testing processes, including playbooks, methodologies, and reporting standards
• Perform hands-on testing across applications, APIs, infrastructure, and cloud environments
• Manage external testing vendors, including engagement setup, oversight, and performance evaluation
• Track vendor outcomes and ensure consistent delivery quality
• Define and report on key metrics to assess testing effectiveness (e.g., vulnerability trends, remediation timelines, repeat findings)
• Prepare reporting for senior leadership and stakeholders
• Provide oversight and guidance to the penetration testing coordinator
  
  
  

Qualifications

• Significant experience in cybersecurity, including at least 5 years of hands-on penetration testing
• Demonstrated ability to plan and execute full-cycle penetration tests, from scoping through reporting
• Experience designing and leading penetration testing programs or capabilities
• Background managing third-party security testing vendors and ensuring quality outcomes
• Familiarity with risk-focused environments, ideally within regulated industries
• Strong communication and stakeholder engagement skills
• Proven leadership or mentoring experience with the ability to grow and scale a function
• Relevant certifications in penetration testing or offensive security (e.g., OSCP, GIAC)
• Bachelor's or advanced degree in Cybersecurity, Information Technology, or a related discipline