Companies BreachLock Principal Penetration Tester/ Offensive Security Team Lead

About the role

BreachLock

Principal Penetration Tester/ Offensive Security Team Lead

Role Summary

The Principal Penetration Tester/ Offensive Security Team Lead will lead and scale the organization's offensive security and penetration testing practice within a lean and fast-growing cybersecurity company. This is a player-coach role: the ideal candidate is expected to remain deeply hands-on, actively conducting and contributing to penetration testing engagements alongside leadership, delivery oversight, team mentorship, and business growth responsibilities.

This individual will set the technical bar for the practice — personally executing complex assessments, driving methodology excellence, and ensuring high-quality delivery across all client engagements. They will also support pre-sales activities and help establish the company as a trusted offensive security partner.

The ideal candidate thrives in a startup environment, leads by technical example, and is equally comfortable exploiting a misconfigured cloud environment in the morning and presenting findings to a CISO in the afternoon.

Key Responsibilities

Hands-On Technical Delivery

  • Personally conduct and contribute to penetration testing engagements across web applications, APIs, cloud environments, networks, mobile applications, wireless infrastructure, and enterprise systems.
  • Take direct ownership of complex, high-risk, or sensitive engagements requiring deep technical expertise.
  • Perform adversary simulation, exploit development, and advanced attack chain construction on client engagements.
  • Author and review high-quality technical reports — including detailed findings, evidence, risk ratings, and actionable remediation guidance.
  • Remain current with offensive tooling, exploitation techniques, CVE research, and emerging attack vectors through personal practice and research.

Practice Leadership & Delivery

  • Establish and continuously evolve testing methodologies, quality standards, reporting frameworks, and operational best practices.
  • Ensure timely, high-quality delivery of all client engagements while managing resource allocation and competing priorities.
  • Drive continuous improvement in offensive security capabilities, tooling, automation, and assessment approaches.
  • Lead internal research, proof-of-concept development, and red team innovation initiatives.

Technical & Strategic Responsibilities

  • Serve as the practice's foremost technical authority on offensive security, adversary simulation, and vulnerability assessment.
  • Guide and personally support advanced exploitation scenarios, novel attack surface assessments, and high-complexity engagements.
  • Track and operationalize emerging attack techniques, vulnerability disclosures, and threat trends relevant to client environments.
  • Contribute to development of new service offerings and scalable assessment models aligned with market demand.

Team Leadership

  • Build, mentor, and manage a small but high-performing pentesting team — leading by technical example, not just direction.
  • Conduct hands-on technical reviews, pair-testing sessions, and skill development initiatives for consultants.
  • Foster a collaborative, learning-oriented, and accountable team culture suited to a fast-paced environment.
  • Support hiring, onboarding, and technical capability development of new team members.

Client & Business Engagement

  • Serve as a trusted technical advisor to clients on offensive security risks, remediation priorities, and security posture improvement.
  • Lead client scoping discussions, technical walkthroughs, and executive briefings — translating complex findings into business-relevant risk.
  • Support pre-sales activities including proposal preparation, effort estimation, solution design, and technical demonstrations.
  • Collaborate with sales and leadership to grow client relationships and identify new service opportunities.

Operational Responsibilities

  • Contribute to delivery processes, utilization planning, and practice-level operational metrics.
  • Ensure all engagement activities comply with contractual, legal, confidentiality, and ethical requirements.
  • Assist leadership in strategic planning, revenue growth initiatives, and service expansion efforts.

Candidate Specifications

Required Qualifications & Experience

  • Bachelor's degree in Computer Science, Information Security, Engineering, or a related technical discipline — or equivalent demonstrated experience.
  • 10+ years in cybersecurity with a heavy, sustained focus on hands-on penetration testing and offensive security.
  • Proven track record of personally executing penetration tests across multiple technology domains, not solely overseeing them.
  • Demonstrated experience leading or building penetration testing teams or offensive security practices.
  • Comfortable operating as an individual contributor on technical engagements while simultaneously carrying leadership responsibilities.
  • Experience engaging directly with enterprise clients and executive stakeholders.
  • Prior experience in fast-paced, lean, or startup-oriented environments strongly preferred.

Technical Skills

  • Deep, hands-on expertise in web application, network, cloud, API, mobile, and infrastructure security testing.
  • Proficiency with offensive security tools and frameworks (e.g., Burp Suite, Metasploit, Cobalt Strike, BloodHound, Impacket, custom tooling).
  • Strong command of exploitation techniques, post-exploitation tradecraft, lateral movement, and privilege escalation across Windows, Linux, and cloud environments.
  • Familiarity with secure architecture concepts, common attack vectors, and practical remediation approaches.
  • Working knowledge of cloud platforms (AWS, Azure, GCP), container security, identity security, and modern enterprise environments.
  • Familiarity with OWASP, NIST, PTES, MITRE ATT&CK, and CIS benchmarks.

Certifications (Preferred)

  • OSCP, OSWE, OSEP, OSED, CRTO, CRTE, LPT Master, or equivalent hands-on offensive security certifications strongly preferred.
  • CISSP or similar governance certifications are a plus but not a substitute for technical credentials.
Ready to apply to BreachLock?
Apply to BreachLock

Similar jobs

Sign up for suggestions tailored to the jobs you open and the searches you save.

Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get the worldwide-remote edge.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free