VikingCloud
Website:
vikingcloud.com
Job details:
Role Overview
We are seeking an experienced Penetration Testing Manager to lead, build, and develop our penetration testing service offering. This role is responsible for creating and managing a high-performing offensive security team, developing new services, defining testing methodologies, and ensuring high-quality delivery across client-facing and internal security engagements.
The successful candidate will combine strong technical penetration testing expertise with leadership, commercial awareness, service development experience, and the ability to scale a team and penetration testing service line.
Key Responsibilities
- Establish, lead, and develop a penetration testing team, including recruitment, onboarding, mentoring, performance management, and career development.
- Define the team structure, capability model, skills matrix, training plan, and operating procedures.
- Develop and mature penetration testing services across areas such as web applications, APIs, infrastructure, cloud, Active Directory, wireless, mobile, social engineering, red teaming, and attack simulation.
- Define, own, and maintain methodologies, standards, scopes of work, report templates, and QA processes.
- Own engagement models and commercial assets including pricing models and delivery processes..
- Own the end-to-end delivery of penetration testing engagements, ensuring work is delivered safely, legally, on time, and to a high technical standard.
- Act as the technical authority for penetration testing, providing escalation support and quality review for complex findings and reports.
- Build trusted relationships with clients, internal stakeholders, technology teams, risk teams, and senior leadership.
- Identify market demand, emerging threats, and customer needs to shape the future service roadmap.
- Support pre-sales, bid responses, proposals, scoping calls, statements of work, and commercial discussions.
- Ensure all testing activity is conducted within agreed rules of engagement, legal boundaries, regulatory requirements, and internal governance.
- Implement quality control processes, peer review, report assurance, technical standards, and continuous improvement mechanisms.
- Track team performance, utilization, revenue, margin, delivery quality, customer satisfaction, and remediation outcomes where relevant.
- Maintain awareness of emerging vulnerabilities, exploit techniques, threat actor tactics, industry trends, and regulatory changes.
- Represent the penetration testing function in senior management forums, client meetings, audits, and risk committees.
- Develop strategic partnerships, tooling strategies, lab environments, knowledge bases, and reusable assets to improve delivery efficiency and quality.
Required Skills and Experience
- Significant industry experience in penetration testing, offensive security, red teaming, vulnerability assessment, or security consultancy.
- Proven experience in leading, managing, and mentoring penetration testers and offensive security professionals.
- Demonstrable ability to create, grow, or mature a security testing function, consultancy practice, or technical service line.
- Strong technical background across web application, API, infrastructure, cloud, Active Directory, and network penetration testing.
- Experience in developing service offerings, methodologies, testing standards, engagement models, and reporting frameworks.
- Strong understanding of common security frameworks, standards, and scoring methodologies, including OWASP, MITRE ATT&CK, NIST, ISO 27001, PCI DSS, Cyber Essentials, and CVSS.
- Experience in managing multiple concurrent engagements, priorities, stakeholders, and delivery risks.
- Ability to review and challenge technical findings, exploit evidence, risk ratings, and remediation recommendations.
- Strong commercial awareness, including experience with scoping, pricing, proposals, bids, utilization, profitability, and customer relationship management.
- Excellent written and verbal communication skills, with the ability to engage technical teams, executives, clients, auditors, and regulators.
- Strong understanding of legal, ethical, and operational risk considerations associated with penetration testing.
- Experience building processes for quality assurance, peer review, safe testing, evidence handling, and reporting consistency.
Certifications
Candidates should hold relevant industry certifications such as:
- OSCP, OSEP, OSWE, OSED, or other Offensive Security certifications
- CREST Certified Tester, CREST Certified Infrastructure Tester, CREST Certified Web Application Tester, or equivalent
- GIAC certifications such as GPEN, GWAPT, GXPN, GMOB, GCPN, or GSE
- CISSP, CISM, CRISC, or similar senior security management certifications
- CompTIA PenTest+ or Security+
Holding multiple technical and leadership-focused certifications would be advantageous.
Desirable Skills
- Experience building a penetration testing team, consultancy practice, or managed security testing service from inception through to delivery and execution.
- Experience creating go-to-market propositions, service catalogues, sales collateral, and delivery playbooks.
- Previous responsibility for revenue, budget, headcount, utilization, margin, or service profitability.
- Experience with red teaming, threat-led penetration testing, adversary simulation, purple teaming, or assumed-breach exercises.
- Experience delivering services aligned to CREST, PCI DSS, CBEST, TIBER, STAR-FS, or similar assurance schemes.
- Knowledge of cloud security testing across AWS, Azure, or Google Cloud Platform.
- Experience with DevSecOps, CI/CD security testing, container security, Kubernetes assessments, and secure software development practices.
- Experience selecting, implementing, and managing penetration testing tools, labs, reporting platforms, and collaboration systems.
- Experience managing external suppliers, contractors, or partner organizations.
- Ability to mentor senior consultants and develop future technical leaders.
Personal Attributes
- Strong leadership presence with the ability to inspire, guide, and grow a specialist technical team.
- Entrepreneurial mindset with the ability to identify opportunities and develop new services.
- Commercially aware, client-focused, and outcome-driven.
- Credible technical authority with strong judgement and professional integrity.
- Comfortable operating at both strategic and hands-on technical levels.
- Able to balance delivery quality, commercial objectives, team development, and risk management.
- Clear communicator who can translate complex offensive security concepts into business-relevant language.
- Highly organized, pragmatic, and able to establish structure in a growing capability.
- Committed to continuous improvement, professional development, and building a strong team culture.
Click on Apply to know more.