Penetration Testing Manager
State Street · Quincy, MA · 3 wk ago
Quality Assurance$140k–$223k/yrFull-time
About the role
We are seeking a Manager to lead State Street’s Penetration Testing Team, reporting into leadership within the Threat Intelligence and Assurance function. This role combines technical leadership with program ownership, focused on delivering high-quality, engineering-driven penetration testing across a complex, highly regulated financial environment.
Responsibilities
- Lead, mentor, and develop a team of penetration testers, fostering strong technical depth, hands-on expertise, and continuous skill development across application, network, and cloud domains
- Own and evolve the penetration testing program, including methodologies, tooling, quality assurance practices, reporting standards, and risk-based prioritization of testing activities
- Drive delivery of high quality, hands on testing across enterprise applications, APIs, infrastructure, and cloud environments, ensuring assessments are technically rigorous and aligned to real-world exploitability
- Establish and enforce engineering-centric testing standards, ensuring consistency, reproducibility, and depth across both internal and third-party executed assessments
- Oversee and coordinate testing performed by external providers, including scoping, execution expectations, and technical validation of results to ensure quality and accuracy
- Ensure regulator and audit ready outputs, including clear documentation, evidence-based findings, and reporting that ties technical vulnerabilities to business and risk impact
- Partner with engineering, infrastructure, and architecture teams to drive effective remediation, validate fixes, and improve secure design and development practices
- Integrate emerging technologies and techniques into the program, including AI/LLM-focused testing approaches and assurance of enterprise AI deployments (e.g., prompt injection, model abuse, data exposure)
- Track, analyze, and communicate program metrics, including coverage, risk trends, vulnerability recurrence, and remediation performance, providing clear insights to senior leadership
- Continuously improve program maturity, balancing technical depth with scalability, consistency, and alignment to evolving threats, technologies, and regulatory expectations
Qualifications
- 8+ years in offensive security with experience in high security/highly regulated environments; 2+ years leading teams preferred
- Deep expertise in network and application penetration testing, including enterprise attack paths and complex application ecosystems
- Strong knowledge of cloud, containerized environments, and identity-centric architectures
- Demonstrated ability to translate findings into actionable, risk-based remediation
- Strong stakeholder engagement and executive communication skills
- Prior successful experience working with technology owners and business unit leaders to reduce risk
Preferred Qualifications
- Experience using AI/LLM tools to perform network and application penetration testing and configuration/security reviews
What We Value
- Leadership through influence and accountability, with a focus on developing talent and building high-trust teams
- Risk-based decision making, prioritizing what matters most in complex, regulated environments
- Technical depth with strategic perspective—ability to connect hands-on findings to enterprise risk outcomes
- Clear, executive-ready communication tailored to technical and non-technical audiences
- Curiosity and continuous learning, especially in emerging areas such as AI/LLM security
- Collaboration and partnership across engineering, risk, and business stakeholders
- Ownership and bias for action, ensuring issues are driven through remediation and closure