Penetration Testing Lead

We are partnering with a rapidly growing cyber security organisation that has recently undergone a significant acquisition and is entering an exciting phase of expansion and investment. As part of this growth, they are seeking an experienced Penetration Testing Lead to take ownership of their offensive security function. This is a hands-on leadership role that combines technical delivery, team management, and strategic direction across a broad range of cyber security services. You will lead a team of security consultants delivering penetration testing, red team, blue team, and purple team engagements, while remaining actively involved in technical assessments and client-facing activities. The successful candidate will play a key role in shaping the future direction of the security practice, driving quality standards, mentoring consultants, and expanding service capabilities.

Key Responsibilities

• Lead, mentor, and develop a team of penetration testers and security consultants.
• Manage the day-to-day operations of the offensive security practice, ensuring high-quality service delivery.
• Conduct and oversee penetration testing engagements across web applications, APIs, cloud environments, infrastructure, wireless networks, and mobile platforms.
• Support and deliver Red Team, Blue Team, and Purple Team exercises.
• Establish and maintain testing methodologies, reporting standards, quality assurance processes, and technical best practices.
• Provide technical leadership and hands-on support during complex security assessments and client engagements.
• Work closely with commercial and leadership teams to support project scoping, resource planning, proposals, and client presentations.
• Review technical reports and ensure findings are communicated effectively to both technical and executive-level stakeholders.
• Drive continuous improvement of offensive security services, tooling, frameworks, and methodologies.
• Stay current with emerging threats, attacker techniques, and industry trends to ensure testing approaches remain effective and relevant.

Essential Skills & Experience

• Significant hands-on penetration testing experience across multiple security domains.
• Strong technical expertise in web application, API, infrastructure, cloud, wireless, and mobile security testing.
• Experience leading security teams and managing the delivery of offensive security engagements.
• Deep understanding of penetration testing methodologies including OWASP Testing Guide, PTES, and OSSTMM.
• Experience working within Red Team, Blue Team, and Purple Team environments.
• Strong knowledge of common attack techniques, threat emulation, vulnerability assessment, and exploitation methodologies.
• Hands-on experience with industry-standard security testing tools such as Burp Suite, Nmap, Metasploit, Nessus, Qualys, and Kali Linux.
• Strong understanding of networking concepts, security protocols, and modern attack surfaces.
• Experience reviewing technical deliverables and maintaining quality assurance standards.
• Excellent communication skills with the ability to present technical findings to a variety of audiences.
• Proven experience managing, mentoring, and developing high-performing technical teams.
• Ability to balance strategic leadership responsibilities with hands-on technical delivery.
• Experience driving team utilisation, performance, and professional development.
• Strong stakeholder management and client engagement skills.
• Commercial awareness with experience supporting project scoping and pre-sales activities.

Certifications & Qualifications

• One or more of the following certifications would be highly desirable: CREST CRT / CCT, OSCP, OSCE / OSWE, CISSP, CHECK Team Member / Team Leader.
• A degree in Computer Science, Cyber Security, or a related discipline is advantageous but not essential.

Desirable Skills

• Experience conducting advanced Red Team operations and adversary simulation exercises.
• Purple Team and Breach & Attack Simulation experience.
• Knowledge of cloud security testing across AWS, Azure, and Google Cloud Platform.
• Experience with social engineering engagements.
• Understanding of AI and emerging security threats.
• Experience with container security, Kubernetes, Docker, and CI/CD security testing.
• Knowledge of C2 frameworks and advanced offensive security tooling.
• Experience contributing to technical communities through blogs, conference talks, or industry events.