Lead Associate Principal - Security Penetration Tester
Location: Dallas, TX / Chicago, IL
Compensation: $140,000 - $220,000 base salary range
Glocomms are partnered with a prominent financial services firm dedicated to providing comprehensive cybersecurity solutions. The core mission is to enhance and protect the security posture of our clients through proactive threat analysis, intelligence gathering, and targeted security penetration testing. We are seeking a highly skilled Lead Associate Principal Security Penetration Tester to join the dynamic Security Penetration Testing Team. This individual will play a pivotal role in ensuring the confidentiality, integrity, and availability of critical assets while contributing to the development of security best practices and the ongoing improvement of our security program.
Role Overview:
As the Lead Associate Principal Security Penetration Tester, you will lead a team of penetration testers and collaborate closely with IT and security teams to conduct comprehensive penetration testing across a wide range of systems. You will be responsible for coordinating the testing activities, conducting detailed assessments, identifying vulnerabilities, and developing remediation strategies aligned with security objectives. You will leverage your expertise in threat intelligence, vulnerability exploitation, and emerging technology trends to strengthen the organization's security posture.
Key Responsibilities:
- Lead and coordinate security penetration testing across the organizational scope, including network/operating system/application penetration testing, ad-hoc white-box penetration testing, infrastructure testing, and pre-production penetration testing.
- Establish and follow defined rules of engagement to ensure secure and effective penetration testing within established parameters.
- Conduct detailed intelligence gathering, threat analysis, and threat modeling to assess potential risks and vulnerabilities.
- Utilize Open-Source Intelligence Collection (OSINT) and custom tools to identify, analyze, and report vulnerabilities and exploits.
- Collaborate with IT owners and security teams to coordinate testing efforts and ensure alignment with security objectives and business operations.
- Re-test and validate vulnerabilities to ensure that they are effectively remediated and verify the effectiveness of mitigation strategies.
- Conduct security risk assessments, independent reviews, and vulnerability analyses, delivering actionable insights and remediation path recommendations to mitigate potential threats.
- Develop detailed reports that clearly document vulnerabilities, exploits, security risks, and proposed remediation strategies, ensuring that recommendations align with industry best practices and compliance requirements.
- Mentor and cross-train penetration testers and other security and IT teams, fostering growth and knowledge sharing across the organization.
- Provide expert guidance on security risk management, including advising IT teams on threats, vulnerabilities, and mitigation strategies.
- Stay up to date on emerging technology trends, innovations, and the evolving threat landscape to improve penetration testing methodologies, tools, and security practices.
- Align security testing with organizational policies and procedures while contributing to the continuous improvement of the security roadmap.
- Lead efforts to improve security-related activities, including policy development, procedure enhancement, and audit support.
- Participate in incident response, offering expertise on remediation strategies for security incidents and vulnerabilities.
- Provide feedback and conduct debriefs with users to ensure lessons learned are incorporated into the security testing process and methodologies.
- Develop and implement a remediation strategy that addresses identified vulnerabilities and strengthens overall security posture.
- Ensure that all penetration testing efforts are delivered on-time, on-budget, and within scope while maintaining the highest standards of security testing excellence.
Required Qualifications:
- Extensive experience in penetration testing, including network, operating system, and application penetration testing, as well as experience with infrastructure and pre-production testing.
- Expertise in intelligence gathering, vulnerability exploitation, and threat analysis to identify emerging threats and attack vectors.
- Strong proficiency in the use of penetration testing tools, custom scripting, vulnerability scanning tools, and OSINT collection methods.
- Proven ability to identify, assess, and report vulnerabilities, as well as to develop remediation strategies based on risk assessments and security controls alignment.
- In-depth knowledge of security risk assessment methodologies, threat modeling, and security-related audit support.
- Excellent communication skills, with the ability to clearly explain technical findings to both technical and non-technical stakeholders.
- Strong leadership and mentoring skills, with a proven track record of guiding teams and fostering collaboration across security and IT functions.
- Solid understanding of security best practices, industry standards, and compliance requirements (e.g., NIST, ISO 27001, SOC 2).
- Ability to deliver detailed, actionable reports, including vulnerability findings, remediation recommendations, and the results of re-testing activities.
- Familiarity with emerging technology trends and a deep understanding of the evolving threat landscape and adversarial threat/risk knowledge.
Preferred Qualifications:
- Relevant certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or similar.
- Experience with incident response processes and security objectives for remediation efforts.
- Background in financial services, cybersecurity, or highly regulated environments.
- Demonstrated ability to contribute to the improvement of testing programs, methodologies, and tools.
- Proven experience in cross-training team members and security services staff on penetration testing and security best practices.