Application Security and Penetration Testing Manager
“I can succeed as an Application Security and Penetration Testing Manager at Capital Group.”
As the Application Security and Penetration Testing manager in the Capital Group (CG) Application Security (AppSec) team you will lead a small team of Application Security and Penetration Testing Engineers. The CG AppSec team is part of Information Security in CG’s Information Technology Group. As the Application Security and Penetration Testing Manager you will be leading web application and network penetration tests, red/purple team assessments, and providing recommendations for security issues. You will be responsible for managing the team, building their skills, providing technical direction, mentoring the associates and handling any escalations or complications as they relate to penetration testing. You will be a player/coach in that you will roll-up your sleeves and show-and-tell as well. Your managed team is geographically dispersed. You will be coordinating and communicating with the key technology stakeholders for delivery of security assessments and in infrastructure and application penetration tests. This role is hybrid (in-office 3 days/week) and can be in Los Angeles CA, Irvine CA, San Antonio TX, or New York NY depending on candidate current location and/or preference.
In addition, you will be responsible for:
You will collaboratively work across the teams and plan early, effectively, with excellent communications.
You will provide recommendations and guidance as the technical SME on the topic of penetration testing with demonstrated success over time as a delivery agent and manager of penetration testers.
You will provide recommendations and guidance as the technical SME on preventative controls such as EDRs, log management, IDS/IPS systems and how to bypass those controls to effectively perform red/purple team.
You will manage a team of penetration testers and red teamers to conduct thorough security assessments on applications, networks (wired and wireless), infrastructure, and systems.
You will be rolling up your sleeves and showing how it's done as well as leading a team to perform the best security tests – thoroughly and with a high quality.
You will effectively collaborate across development and infrastructure teams and juggle multiple penetration tests and their planning with aplomb.
You will oversee the issue management and holding penetration testing vendors accountable on report quality, accuracy of findings, test quality, and penetration test vendor selection.
You will perform threat modeling so you can effectively plan the best method to test complicated systems including but not limited to Machine Learning based Software Systems.
“I am the person Capital Group is looking for.”
You have a bachelor's degree in computer science, a related field, or equivalent experience.
You have a minimum of 8 years of experience in application security, penetration testing and at least 1-2 years of managing a penetration testing team.
You have prior penetration testing, red / purple teaming consulting experience a plus.
You have a strong understanding of network security, TCP/IP, DNS, TLS, HTTP, IPSec, 802.11, etc.
You have experience with security protocols and/or technologies such as REST APIs, Burp Suite, ZAP, Linux, Windows, macOS, nmap, Metasploit, Powersploit, Lolbins, etc.
You can automate tasks in Python, bash, Java, C/C#/C++, Rust, etc.
You have a strong understanding of attacks in AWS, Azure, GCP, OAuth, websockets, etc.
You have excellent communication skills (written, oral), with the ability to simplify and document complex technical details to both technical and non-technical audiences.
You have strong leadership and management skills, with the ability to lead and motivate a team of security professionals by diving deep and collaborating with teammates.
You can work independently and take initiative to drive security initiatives forward.
You can juggle multiple tasks and coordinate/delegate to achieve speedy resolutions to application security related security incidents working with Security operations.
Southern California Base Salary Range: $187,370-$299,792
San Antonio Base Salary Range: $154,033-$246,453
New York Base Salary Range: $198,622-$317,795
In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital’s annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings.
You can learn more about our compensation and benefits here.
We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.
Tags: APIs Application security AWS Azure Bash Burp Suite C Computer Science DNS GCP IDS IPS Java Linux Machine Learning MacOS Metasploit Network security Nmap Pentesting Python Rust Security assessment TCP/IP TLS Windows
More jobs like this
MA801: Marlborough, MA 1001 … MA801: Marlborough, MA 1001 Boston Post Road … Full TimeSenior Senior-levelUSD 118K - 246K USD 118K+
Senior Manager - Cyber Engineering (Onsite)Clearance Cryptography DoD Linux Mathematics Privacy +8
401(k) matching Career development Flex hours Flex vacation Gear +6
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Architect jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Security Specialist jobs
- Open Ingénieur DevSecops H/F jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Infosec Risk Manager jobs
- Open Agile-related jobs
- Open C-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open DevOps-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open IDS-related jobs