At a Glance
- Tasks: Lead and develop a cutting-edge security testing practice while staying hands-on with technical delivery.
- Company: Dynamic security firm in London focused on innovation and team growth.
- Benefits: Competitive salary, hybrid work model, and opportunities for professional development.
- Other info: Join a collaborative environment with the flexibility to balance leadership and technical work.
- Why this job: Shape the future of security testing while mentoring a high-performing team.
- Qualifications: Hands-on penetration testing experience and strong leadership skills required.
Are you an experienced penetration tester who's ready to take ownership of a growing practice, but doesn't want to leave the technical work behind? We're looking for a Security Testing Practice Lead to drive the growth, quality and commercial success of our offensive security capability. This is a genuine leadership role, but not one where you'll spend your days buried in spreadsheets and meetings. You'll still get involved in technical delivery when required, helping the team tackle more complex engagements and maintaining your own hands‑on expertise.
You’ll work closely with the Managing Director and Commercial Team to shape the future of the practice, support clients, develop new service offerings and ensure our consultants are set up for success.
The Opportunity
This role combines technical leadership, commercial engagement and practice ownership with the flexibility to remain actively involved in testing. You’ll be responsible for:
- Leading and developing the Security Testing practice.
- Managing capacity, utilisation and scheduling across the team.
- Supporting pre‑sales activities, scoping calls and proposal development.
- Building strong relationships with key clients.
- Ensuring the quality and consistency of all testing engagements.
- Developing methodologies, tooling and service offerings.
- Mentoring and growing a high‑performing team.
- Contributing thought leadership and helping shape the future direction of the practice.
- Rolling up your sleeves and delivering security assessments when required.
Because you’ll own resource planning and scheduling, you’ll have the flexibility to balance technical delivery with leadership responsibilities rather than being permanently tied to either.
What We’re Looking For
We’re looking for someone who enjoys building teams and developing services just as much as performing great technical work. You’ll likely have:
- Significant hands‑on penetration testing experience across web applications, APIs, infrastructure and cloud environments.
- Experience leading or mentoring security testing teams.
- Strong commercial awareness and the ability to translate client requirements into well‑defined scopes of work.
- Experience supporting proposals, project planning and customer engagements.
- Deep knowledge of modern penetration testing methodologies and tooling.
- Excellent written and verbal communication skills.
- A passion for raising standards, improving delivery and developing people.
- 2 or more professional certifications such as CREST CRT/CCT, OSCP, OSWE, CISSP or CHECK are needed.
Why Join
This isn’t a management title bolted onto a technical role, nor is it a role for someone who stopped testing years ago. We’re looking for someone who wants to build and lead a modern security testing practice while remaining close enough to the work to influence quality, mentor others and step into delivery when needed. You’ll have the autonomy to shape the practice, introduce new capabilities, influence strategy and play a key role in the continued growth of the business.
Offensive Security Practice Lead employer: Oscar
Join a forward-thinking company that values both technical expertise and leadership in the heart of London. As an Offensive Security Practice Lead, you'll enjoy a dynamic work culture that fosters innovation and collaboration, with ample opportunities for professional growth and mentorship. With a focus on maintaining hands-on involvement in security testing while shaping the future of the practice, this role offers a unique blend of autonomy and support, making it an ideal environment for those passionate about advancing their careers in cybersecurity.
StudySmarter Expert Advice🤫
We think this is how you could land Offensive Security Practice Lead
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Oscar, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through Oscar
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Oscar. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Offensive Security Practice Lead
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Oscar insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Oscar that you’re committed to staying ahead in the game.
How to prepare for a job interview at Oscar
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at Oscar to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Oscar.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.