BreachLock, Inc.
Website:
breachlock.com
Job details:
Principal Penetration Tester/ Offensive Security Team Lead
Role Summary
The Principal Penetration Tester/ Offensive Security Team Lead will lead and scale the organization's offensive security and penetration testing practice within a lean and fast-growing cybersecurity company. This is a player-coach role: the ideal candidate is expected to remain deeply hands-on, actively conducting and contributing to penetration testing engagements alongside leadership, delivery oversight, team mentorship, and business growth responsibilities.
This individual will set the technical bar for the practice — personally executing complex assessments, driving methodology excellence, and ensuring high-quality delivery across all client engagements. They will also support pre-sales activities and help establish the company as a trusted offensive security partner.
The ideal candidate thrives in a startup environment, leads by technical example, and is equally comfortable exploiting a misconfigured cloud environment in the morning and presenting findings to a CISO in the afternoon.
Key Responsibilities
Hands-On Technical Delivery
- Personally conduct and contribute to penetration testing engagements across web applications, APIs, cloud environments, networks, mobile applications, wireless infrastructure, and enterprise systems.
- Take direct ownership of complex, high-risk, or sensitive engagements requiring deep technical expertise.
- Perform adversary simulation, exploit development, and advanced attack chain construction on client engagements.
- Author and review high-quality technical reports — including detailed findings, evidence, risk ratings, and actionable remediation guidance.
- Remain current with offensive tooling, exploitation techniques, CVE research, and emerging attack vectors through personal practice and research.
Practice Leadership & Delivery
- Establish and continuously evolve testing methodologies, quality standards, reporting frameworks, and operational best practices.
- Ensure timely, high-quality delivery of all client engagements while managing resource allocation and competing priorities.
- Drive continuous improvement in offensive security capabilities, tooling, automation, and assessment approaches.
- Lead internal research, proof-of-concept development, and red team innovation initiatives.
Technical & Strategic Responsibilities
- Serve as the practice's foremost technical authority on offensive security, adversary simulation, and vulnerability assessment.
- Guide and personally support advanced exploitation scenarios, novel attack surface assessments, and high-complexity engagements.
- Track and operationalize emerging attack techniques, vulnerability disclosures, and threat trends relevant to client environments.
- Contribute to development of new service offerings and scalable assessment models aligned with market demand.
Team Leadership
- Build, mentor, and manage a small but high-performing pentesting team — leading by technical example, not just direction.
- Conduct hands-on technical reviews, pair-testing sessions, and skill development initiatives for consultants.
- Foster a collaborative, learning-oriented, and accountable team culture suited to a fast-paced environment.
- Support hiring, onboarding, and technical capability development of new team members.
Client & Business Engagement
- Serve as a trusted technical advisor to clients on offensive security risks, remediation priorities, and security posture improvement.
- Lead client scoping discussions, technical walkthroughs, and executive briefings — translating complex findings into business-relevant risk.
- Support pre-sales activities including proposal preparation, effort estimation, solution design, and technical demonstrations.
- Collaborate with sales and leadership to grow client relationships and identify new service opportunities.
Operational Responsibilities
- Contribute to delivery processes, utilization planning, and practice-level operational metrics.
- Ensure all engagement activities comply with contractual, legal, confidentiality, and ethical requirements.
- Assist leadership in strategic planning, revenue growth initiatives, and service expansion efforts.
Candidate Specifications
Required Qualifications & Experience
- Bachelor's degree in Computer Science, Information Security, Engineering, or a related technical discipline — or equivalent demonstrated experience.
- 10+ years in cybersecurity with a heavy, sustained focus on hands-on penetration testing and offensive security.
- Proven track record of personally executing penetration tests across multiple technology domains, not solely overseeing them.
- Demonstrated experience leading or building penetration testing teams or offensive security practices.
- Comfortable operating as an individual contributor on technical engagements while simultaneously carrying leadership responsibilities.
- Experience engaging directly with enterprise clients and executive stakeholders.
- Prior experience in fast-paced, lean, or startup-oriented environments strongly preferred.
Technical Skills
- Deep, hands-on expertise in web application, network, cloud, API, mobile, and infrastructure security testing.
- Proficiency with offensive security tools and frameworks (e.g., Burp Suite, Metasploit, Cobalt Strike, BloodHound, Impacket, custom tooling).
- Strong command of exploitation techniques, post-exploitation tradecraft, lateral movement, and privilege escalation across Windows, Linux, and cloud environments.
- Familiarity with secure architecture concepts, common attack vectors, and practical remediation approaches.
- Working knowledge of cloud platforms (AWS, Azure, GCP), container security, identity security, and modern enterprise environments.
- Familiarity with OWASP, NIST, PTES, MITRE ATT&CK, and CIS benchmarks.
Certifications (Preferred)
- OSCP, OSWE, OSEP, OSED, CRTO, CRTE, LPT Master, or equivalent hands-on offensive security certifications strongly preferred.
- CISSP or similar governance certifications are a plus but not a substitute for technical credentials.
Click on Apply to know more.