Company Description
BreachLock, Inc. is a global leader specializing in Continuous Attack Surface Discovery and Penetration Testing. Combining advanced technologies with expert insights, BreachLock helps identify, prioritize, and mitigate security exposures across your entire digital ecosystem. Known for its evidence-backed assessments, the company empowers organizations to adopt a robust defense strategy driven by insights from an attacker's perspective. BreachLock is committed to supporting businesses in mitigating risks and preventing cyber breaches before they occur.
RESPONSIBILITIES:
- Lead and execute complex penetration testing engagements across Web Applications, Mobile Applications, Infrastructure, Cloud, and APIs.
- Understand and assess complex enterprise systems and cybersecurity environments, applying advanced offensive security methodologies.
- Apply an adversary mindset to simulate real-world attack scenarios, including advanced threat actors, to meet project-specific objectives.
- Manage, mentor, and review work of a team of penetration testers, ensuring technical excellence, consistency, and quality of deliverables.
- Own end-to-end project execution — scoping, planning, task allocation, timelines, and final reporting.
- Review, validate, and consolidate findings to ensure accuracy, risk prioritization, and business relevance.
- Effectively communicate vulnerabilities and risk posture to both technical teams and executive stakeholders.
- Provide actionable remediation guidance, including compensating controls for scenarios where vulnerabilities cannot be immediately fixed.
- Drive the development of internal tools, scripts, and automation to improve testing efficiency and coverage.
- Lead research initiatives to identify emerging vulnerabilities, new attack vectors, and evolving security testing techniques.
- Contribute to building and enhancing the organization's offensive security capabilities, frameworks, and best practices.
- Maintain high standards of ethical conduct, confidentiality, and professionalism in all client and internal engagements.
Desired Candidate Profile
- Bachelor's degree in Information Technology, Cybersecurity, Information Systems Security, or equivalent practical experience.
- 6+ years of hands-on experience in Penetration Testing / Red Teaming, with at least 2 years of people management responsibilities.
- Proven experience leading and managing penetration testing teams and project managers, including mentoring junior members and conducting technical reviews.
- Strong expertise in Web, Infrastructure, Mobile Application, Cloud, and Vulnerability Assessments.
- Advanced hands-on experience with Kali Linux and tools such as Burp Suite, Metasploit, Nmap, Nessus, and other offensive security tools.
- Ability to prioritize workloads, manage multiple engagements, and meet deadlines while maintaining high-quality deliverables.
- Excellent written and verbal communication skills, with the ability to present complex security findings to both technical and non-technical stakeholders.
- Demonstrated ability to build strong cross-functional and client relationships.
- Strong commitment to ethical hacking principles and professional integrity.
- Willingness and ability to research emerging threats, develop automation, and continuously improve security testing methodologies.
- Preferred Certifications: OSCP, OSCE, eJPT, CEH, CRTO, or equivalent.
- Programming/scripting experience in Python, .NET, Bash, PowerShell, or other relevant languages.
