Pentest Program Manager

Company Summary

We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform™. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch™ technology in our platform finds the perfect talent for your unique fight. We aim to create a new era of modern crowdsourced security that outpaces threat actors. Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Based in San Francisco, Bugcrowd is supported by Rally Ventures, Costanoa Ventures, Blackbird Ventures, Triangle Peak Partners, and others.

Job Summary

The role of Pentest Program Manager will be to operate at the macro level across all client organizations performing pentests with Bugcrowd. The Pentest Program Manager will meet with strategic clients, understand their business, environment and objectives, and work collaboratively with them to ensure their penetration testing programs are planned and delivered effectively and timely. The Pentest Program Manager will maintain a high-level understanding of these accounts and their needs, and engage the TPMs (Technical Pentest Managers) to perform pentests as planned and coordinated with the client.

The individual in this role will report directly to the Vice President of Advanced Services, and must possess a strong ability to operate without significant management oversight or direction. They must be skilled in dealing directly with clients, working to find mutually beneficial outcomes, and managing complex, multi-faceted projects across multiple teams. This role will work both externally with clients, and internally with a variety of teams and individuals. It will be essential for the person in this role to have a solid understanding of pentesting, how pentests function, and nuances thereof.

This role will be integral in helping clients get the most of their relationships with Bugcrowd, as well as helping Bugcrowd deliver world class service and outcomes. 

**Currently we are looking for EMEA-based applicants only

Essential Duties and Responsibilities

• As this is a new role within Bugcrowd the person should be prepared for change and evolution within the specific role dutie, however they are expected to include:

  • Regularly meet with strategic pentest clients, and intimately understand their needs as they relate to pentests.
  • Based on understanding those needs, create and hold a project plan for how Bugcrowd will fulfill their requirements (what tests are performed when, etc).
  • Coordinate those tests internally to ensure they are performed at an exemplary level - on time, on budget, etc.
  • Serve as an escalation point for any client needs or adjustments.
  • Track client pentest consumption, and ensure that the client is aware of what is being consumed where.
  • Forecast internally and externally the state of client consumption around pentests.
  • Collect basic information relating to upcoming tests, as needed (credentials, access, scoping docs, etc).
  • Collect, share, and report on client feedback around the pentest process.
  • Collaborate with sales to identify opportunities for upsell and cross sell to mutually benefit Bugcrowd and the customer.
  • Expand and drive any necessary adjustments to the role of Pentest Program Manager.
  • Work effectively and independently to consult clients - articulating a clear path to success for clients, as well as providing technical guidance across a wide variety of situations including:
  • Leading the client in setting up their pentest usage plan, while also providing recommendations of best practices for setting up and boosting security structures.
  • Acting as a standalone technical resource for providing engagement setup recommendations, as well as being able to speak broadly to the content and quality of submitted vulnerabilities.
  • Understand client requirements and expectations, and then be able to implement an actionable strategy for delivering a successful program that meets or exceeds the client’s standards/expectations.  
  • Act decisively, independently, and confidently across a wide variety and range of circumstances and situations. This role includes a large amount of autonomy in day-to-day operations and comes with a high degree of implicit trust to be able to execute with minimal supervision. To this end, it’s critical that the right candidate also is able to demonstrate complete and total ownership of any/all responsibilities related to the role. 
  • Provide detailed documentation for all client interactions while also exhibiting exemplary written and verbal communication skills in both internally and externally facing capacities.

Knowledge, Skills, and Abilities

• A good understanding of how pentests are delivered, as well as security vulnerabilities, impacts, and testing procedures.
• A solid understanding of corporate IT environments including Networking, Cloud infrastructure and high level mobile and web app SDLC - particular as applies to security concerns.
• A wider understanding of the cyber security industry and adjacent services, Red-Teaming, Attack Surface Management, SOC, GRC etc.
• A working knowledge of compliance frameworks (e.g. SOC2, PCI) would be advantageous.
• Able to work in a cross-departmental capacity that can serve as a clear source of guidance for a wide range of security and pentest-related questions.
• Experience creating documentation and policies to support the role.
• Able to independently find solutions to both technical and non-technical problems with no apparent answer (aggressive googling, etc).
• Expertise with common workplace software for project/program management, as well as general productivity (spreadsheets, documents, email, etc).

Culture

• At Bugcrowd, we understand that diversity in the workplace is vital to a company’s success and growth. We strive to make sure that people are included and have a sense of being part of making Bugcrowd not only a great product but a great place to work.
• We regularly hear from both customers and researchers that Bugcrowd feels like a family, and we strive to maintain that internally as well.
• Our team consists of a broad range of people: musicians, adventure sports junkies, nature lovers, parents, cereal enthusiasts, night owls, cyclists, artists—you get the point.

At Bugcrowd, we are solving security threats and vulnerabilities that are relevant to everyone, therefore we believe solving these problems takes all kinds of backgrounds. We value the perspectives and experiences people from underrepresented backgrounds bring. We are a supportive & collaborative team who understand that reaching Bugcrowd’s potential depends on the happiness of the employee.

Disclaimer

This position has access to highly confidential, sensitive information relating to the technologies of Bugcrowd. It is essential that the applicant possess the requisite integrity to maintain the information in the strictest confidence.

The company is authorized to obtain background checks for employment purposes under state and federal law. Background checks will be conducted for positions that involve access to confidential or proprietary information (including trade secrets).

Background checks may include Social Security verification, prior employment verification, personal and professional references, educational verification, and criminal history. Applicants with conviction histories will not be excluded from consideration to the extent required by law.

Equal Employment Opportunity:

Bugcrowd is EOE, Disability/Age Employer. 

Individuals seeking employment at Bugcrowd are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.