Senior Penetration Tester, Vice President
MUFG · Jersey City, NJ · 3 days ago
On-siteInformation Technology$158k–$194k/yrFull-time
About the role
The Penetration Testing Lead (Vice President) serves as the senior hands-on leader and standard bearer for the internal penetration testing function. This role combines deep technical expertise with day-to-day team leadership, ensuring consistent, high-quality execution of penetration testing assessments across MUFG’s environment.
Responsibilities
- Team Leadership & Development
- Serve as the day-to-day leader for the penetration testing team, setting expectations for quality, consistency, and delivery
- Act as a player-coach by providing hands-on technical guidance, mentorship, and real-time support during engagements
- Develop and manage the professional development plans, including technical growth and career progression for direct reports
- Lead by example and mentor team members in the adoption of next generation penetration testing tactics, techniques, procedures, and tooling including strategies and tools for testing using AI in SaaS, and Hybrid environments
- Foster a high-performance team culture focused on accountability, collaboration, and continuous improvement
- Review team outputs to ensure high standards for technical accuracy, clarity, and risk articulation
- Operational Execution
- Own and manage the team’s short- and medium-term deliverables, ensuring engagements are completed on time and at a high standard
- Cook up and manage the resources and priorities across multiple concurrent testing efforts
- Lead the operational adoption of AI and other automated solutions to expand the capabilities and scope of the penetration testing team raising the skill floor and expanding coverage to more systems and services
- Act as an escalation point for complex testing issues and high-risk findings
- Technical Oversight & Quality Assurance
- Provide technical oversight across application and infrastructure penetration testing engagements
- Contribute to the design and architecture of next generation penetration testing solutions including integrating AI into penetration testing
- Validate findings, severity ratings, and remediation guidance for consistency and accuracy
- Ensure adherence to established methodologies, tools, and reporting standards
- Continuously improve testing approaches, methodologies, and repeatable processes
- Program Development & Project Execution
- Lead and drive internal projects such as deployment of new security testing tools and development of internal testing infrastructure
- Design and optimize workflows to improve team efficiency and testing coverage
- Apply project management discipline to plan, execute, and deliver team initiatives
- Lead the integration of frontier models and agentic solutions into penetration testing procedures to enable sustainable testing at scale
- Standards, Documentation & Governance
- Develop and maintain documentation that defines testing standards, methodologies, and operating procedures
- Establish consistent processes for engagement execution, reporting, and quality assurance
- Ensure alignment with internal policies, audit requirements, and regulatory expectations
- Stakeholder Engagement
- Translate technical findings into clear, risk-based insights for stakeholders
- Partner with engineering, infrastructure, and security teams to improve overall security posture
- Provide operational visibility and execution support to the Director
- 10+ years of experience in penetration testing or offensive security
- 2+ years of experience leading teams, mentoring staff, or acting in a technical lead/player-coach capacity
- Experience conducting penetration testing in highly regulated environments (e.g., financial services)
- Prominent ability to manage projects and drive execution of team-level initiatives
- Strong experience developing documentation, standards, and repeatable operational processes
- Familiarity with industry frameworks such as OWASP and MITRE ATT&CK
- Technical Expertise: Strong hands-on experience in multiple of the following areas, with the ability to guide others:
- Application and API security testing
- Network and infrastructure penetration testing
- Identity and enterprise environments (Active Directory, endpoints, mobile devices)
- Operating systems (Windows, Linux/Unix)
- Databases and data platforms
- AI development
- Preferred / Differentiating Skills
- Experience with cloud, SaaS, and IaaS penetration testing and security assessments
- Exposure to AI/ML systems and associated security risks (e.g., LLM misuse scenarios)
- Experience building or maturing an internal penetration testing program
- Relevant certifications (OSCP, GXPN, GPEN, GWAPT, or similar)