Cybersecurity Assurance Lead
Soni · New York, NY · 1 wk ago
HybridInformation TechnologyFull-time
Role Purpose & Impact
This role supports and helps evolve the organization’s:
- Application Security Testing Program
- Ethical Hacking and Red Team Program
- Third-Party Penetration Testing Program
Key Responsibilities
Leadership, Program Execution & Team Management (60%)
- Lead day-to-day execution of cybersecurity assurance testing programs, including:
- Application Security Testing
- Ethical Hacking and Red Team operations
- Third-party penetration testing engagements
- Provide direct leadership and mentorship to a small team of senior security engineers
- Cook up testing activities across globally distributed teams, including US and India-based security assurance staff
- Manage relationships and execution with external penetration testing vendors
- Drive continuous improvement and evolution of application security and red team programs, improving consistency, scalability, and measurable outcomes
- Develop and maintain processes, procedures, playbooks, and documentation to ensure repeatability, quality, and operational maturity
- Contribute to strategic and tactical planning, including:
- Security roadmaps
- Program backlogs
- Quarterly and annual planning
- Operational and executive reporting
- Ensure accountability for program execution, project delivery, and testing outcomes
Hands-On Security Testing & Technical Leadership (40%)
- Perform and contribute to hands-on security testing, including:
- Application security testing and vulnerability validation
- Ethical hacking and adversarial simulation activities
- Red team and offensive security exercises where appropriate
- Provide technical leadership, oversight, and quality assurance for testing activities
- Validate high-risk or high-impact vulnerabilities and ensure accurate risk assessment
- Translate technical findings into clear, risk-based, actionable insights for business and technology stakeholders
- Provide technical guidance and review for security testing methodologies, tools, and processes
Required Qualifications
- 5+ years of experience in application security testing, ethical hacking, penetration testing, or offensive security
- Prior experience in a technical leadership, lead, or team leadership capacity, including formal or informal people management responsibility
- Hands-on experience performing application security testing and vulnerability validation
- Strong understanding of:
- Application security testing methodologies
- Penetration testing vs. Red Team operations and objectives
- Secure Software Development Lifecycle (SDLC)
- Risk-based testing and vulnerability prioritization
- Demonstrated experience improving or evolving existing security programs
- Strong process orientation with the ability to develop effective, practical procedures and documentation
- Excellent verbal and written communication skills, including the ability to translate technical risks into business-relevant terms
- Proven ability to lead through influence, collaboration, and technical credibility
- Demonstrated ambition and capability to grow into broader cybersecurity leadership roles
- Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or related field, or equivalent professional experience
Preferred Qualifications
- Experience working in financial services or other large, regulated enterprise environments
- Experience working with globally distributed security teams
- Experience supporting or leading Red Team or ethical hacking programs
- Familiarity with modern application architectures, including cloud-native environments and CI/CD pipelines
- Experience evaluating and implementing application security and offensive security tools
- Relevant industry certifications such as: OSCP, GWAPT, GPEN, CEH, ISSP (preferred but not required)