Director, Penetration Testing

Job Information:

• Functional title - Director, Penetration Testing
• Department - Cyber Security
• Corporate level - Director
• Report to - Director, Application Security
• Location - Iselin, NJ (Hybrid onsite 2 days per week)
• Expected full-time salary range between $170,000 - $210,000 + variable compensation + 401(k) match + benefits.
• Note: Disclosure as required by NJ Pay Transparency Law of the expected salary compensation range for this role.

Summary

As the Director of Penetration Testing, you will be responsible for the design, delivery and continuous improvement of penetration testing across the organization’s technology estates, including on premise and cloud systems.

Based in either the New York or New Jersey office, you will lead the delivery of penetration testing services across critical financial market infrastructure and internal systems. This includes owning third-party vendor engagements end to end, ensuring testing is appropriately scoped and executed to a high standard. You will also oversee the Penetration Test Coordinator to ensure effective planning, tracking and governance of all testing activities. In parallel, you will establish and build an internal penetration testing capability. You will define methodologies, standards and operating practices, and personally execute penetration testing where appropriate to deliver high quality, defensible results and demonstrate the value of internal testing.

This is hands-on Director-level role combining service ownership, technical execution and program development. You will be accountable for the overall effectiveness of penetration testing as a control function, while contributing directly to testing activities as the internal capability matures. The successful candidate will bring deep penetration testing expertise alongside experience managing testing programs and working with third party vendors in a structured, risk-driven environment.

Responsibilities

• Own the end-to-end delivery of penetration testing across the organization’s technology estates.
• Establish and maintain penetration testing standards, methodologies and quality benchmarks.
• Define testing scope, priorities and coverage aligned to system criticality and risk.
• Track remediation progress and validate closure of findings.
• Own the selection, implementation and management of penetration test tooling and platforms.
• Define internal testing methodologies, playbooks, tooling and reporting standards.
• Conduct hands-on penetration testing across applications, APIs, infrastructure and cloud environments.
• Own third party penetration test engagements, including rules of engagement, vendor selection and onboarding.
• Track and report on third party vendor performance and outcomes.
• Define and maintain KPIs/KRIs to measure penetration testing effectiveness, including severity and trend analysis, time to remediation and recurring control weaknesses.
• Deliver structured reporting for senior stakeholders.
• Line management of the Penetration Test Coordinator.

Qualifications

• Extensive experience in cybersecurity with a minimum of 5 years conducting hands on penetration testing.
• Ability to scope and execute end-to-end penetration testing from planning through to exploitation and reporting.
• Proven ability to lead, design, build and operate a pen testing capability or program.
• Experience managing third party penetration test providers and assuring quality of delivery.
• Experience working in structured risk-driven environments (financial sector or other highly regulated industries preferred).
• Excellent communication skills for reporting and stakeholder engagement.
• Experience leading or mentoring others and ability to scale a function over time.
• Certifications in offensive security and pen testing (e.g. OSCP, GIAC).
• Bachelor's or Master's degree in Cyber Security, Information Technology, or a related field.