Director - Cyber Testing
Director - Cyber Testing
The Cyber Testing Director is responsible for leading and overseeing all cybersecurity testing functions, including penetration testing, red teaming, vulnerability assessments, application security testing, and security validation programs. This role ensures that cyber risks are proactively identified, tested, and remediated across the organizations technology, applications, infrastructure, and third-party ecosystem. The Cyber Testing Director will lead a team of security testers and collaborate with stakeholders across IT, engineering, compliance, and risk management to safeguard the organization from evolving threats.
Key Responsibilities:
Leadership & Strategy:
- Develop and execute the enterprise cyber testing strategy aligned with organizational security goals and regulatory requirements.
- Lead, mentor, and manage a team of penetration testers, red team operators, and security analysts.
- Oversee the design and implementation of cyber testing frameworks, methodologies, and tools.
Testing & Operations:
- Direct and coordinate penetration testing, red teaming, vulnerability assessments, and application security reviews.
- Ensure consistent and repeatable testing processes across networks, cloud environments, applications, and OT/IoT systems.
- Oversee adversary emulation exercises, purple team engagements, and attack surface management activities.
- Evaluate security testing results, prioritize remediation efforts, and track closure of findings with IT and business owners.
Governance & Compliance:
- Ensure testing practices meet industry standards (e.g., NIST, MITRE ATT&CK, OWASP, PCI DSS, ISO 27001).
- Manage vendor relationships for outsourced security testing engagements.
- Report testing outcomes, risk exposures, and program effectiveness to executive leadership and the board.
- Maintain awareness of new threats, vulnerabilities, and compliance requirements affecting cyber testing.
Innovation & Continuous Improvement:
- Identify and implement advanced testing tools, automation, and threat simulation platforms.
- Foster a culture of proactive security by embedding testing into the software development lifecycle (DevSecOps).
- Continuously improve methodologies based on threat intelligence and lessons learned from incidents.
Qualifications:
Education & Experience:
- Bachelors degree in Cybersecurity, Computer Science, Information Technology, or related field (Masters preferred).
- 10+ years of cybersecurity experience, with at least 5 years in leadership roles overseeing penetration testing or security operations.
- Proven track record of managing enterprise-scale security testing programs.
Certifications (Preferred):
- OSCP, OSCE, GXPN, GPEN, CRT, or equivalent offensive security certifications.
- CISSP, CISM, or CISA for broader security and leadership credibility.
Skills & Competencies:
- Deep expertise in penetration testing, exploit development, vulnerability management, and red/purple teaming.
- Strong knowledge of cloud platforms (AWS, Azure, GCP), enterprise applications, and modern attack vectors.
- Excellent leadership, communication, and stakeholder management skills.
- Ability to translate technical findings into business risks and actionable recommendations.
Reporting Structure:
- Reports to: Chief Information Security Officer (CISO) or VP of Cybersecurity
- Direct Reports: Penetration Testers, Red Team Leads, Application Security Testers, Vulnerability Management Analysts
Didn’t find the job appropriate? Report this Job
