Cybersecurity Assurance Lead

The Cybersecurity Assurance Lead is a hands-on leadership role within the Cybersecurity Assurance organization, operating as a working lead and player-coach. This position combines formal people leadership, program ownership, and hands-on technical security testing, and is responsible for driving execution, improving security assurance programs, and ensuring high-quality testing outcomes across the enterprise.
This role includes direct management responsibility for a small team of senior security engineers, while also contributing technically through application security testing, ethical hacking, and offensive security research.
The position is structured approximately as:

• 60% Leadership, coordination, and program execution
• 40% Hands-on technical contribution, security testing, and research

This role is ideal for an experienced offensive security or application security professional who demonstrates strong execution discipline, technical credibility, and the ambition to grow into broader cybersecurity leadership while remaining close to hands-on work.

Role Purpose & Impact
This role supports and helps evolve the organization's:

• Application Security Testing Program
• Ethical Hacking and Red Team Program
• Third-Party Penetration Testing Program

The Lead will work closely with Cyber Defense teams, application owners, internal security teams, global partners (including India-based security assurance teams), and external testing vendors to ensure consistent, high-quality security testing and measurable risk reduction.
This individual leads through technical expertise, influence, operational ownership, and strong collaboration across global teams.

Key Responsibilities
Leadership, Program Execution & Team Management (60%)

• Lead day-to-day execution of cybersecurity assurance testing programs, including:
  • Application Security Testing
  • Ethical Hacking and Red Team operations
  • Third-party penetration testing engagements
• Provide direct leadership and mentorship to a small team of senior security engineers
• Coordinate testing activities across globally distributed teams, including US and India-based security assurance staff
• Manage relationships and execution with external penetration testing vendors
• Drive continuous improvement and evolution of application security and red team programs, improving consistency, scalability, and measurable outcomes
• Develop and maintain processes, procedures, playbooks, and documentation to ensure repeatability, quality, and operational maturity
• Contribute to strategic and tactical planning, including:
  • Security roadmaps
  • Program backlogs
  • Quarterly and annual planning
  • Operational and executive reporting
• Ensure accountability for program execution, project delivery, and testing outcomes

Hands-On Security Testing & Technical Leadership (40%)

• Perform and contribute to hands-on security testing, including:
  • Application security testing and vulnerability validation
  • Ethical hacking and adversarial simulation activities
  • Red team and offensive security exercises where appropriate
• Provide technical leadership, oversight, and quality assurance for testing activities
• Validate high-risk or high-impact vulnerabilities and ensure accurate risk assessment
• Translate technical findings into clear, risk-based, actionable insights for business and technology stakeholders
• Provide technical guidance and review for security testing methodologies, tools, and processes

Security Tooling, Collaboration & Program Advancement

• Support evaluation, proof-of-concept, and implementation of security tools and technologies
• Ensure effective operationalization and adoption of security testing tools
• Collaborate closely with:
  • Cyber Defense teams
  • Application development teams
  • Security architecture and engineering teams
  • Business stakeholders
• Ensure testing results drive meaningful defensive improvements and remediation actions
• Help strengthen the organization's overall security posture through proactive testing and continuous improvement

Required Qualifications

• 5+ years of experience in application security testing, ethical hacking, penetration testing, or offensive security
• Prior experience in a technical leadership, lead, or team leadership capacity, including formal or informal people management responsibility
• Hands-on experience performing application security testing and vulnerability validation
• Strong understanding of:
  • Application security testing methodologies
  • Penetration testing vs. Red Team operations and objectives
  • Secure Software Development Lifecycle (SDLC)
  • Risk-based testing and vulnerability prioritization
• Demonstrated experience improving or evolving existing security programs
• Strong process orientation with the ability to develop effective, practical procedures and documentation
• Excellent verbal and written communication skills, including the ability to translate technical risks into business-relevant terms
• Proven ability to lead through influence, collaboration, and technical credibility
• Demonstrated ambition and capability to grow into broader cybersecurity leadership roles
• Bachelor's degree in Cybersecurity, Computer Science, Information Security, or related field, or equivalent professional experience

Preferred Qualifications

• Experience working in financial services or other large, regulated enterprise environments
• Experience working with globally distributed security teams
• Experience supporting or leading Red Team or ethical hacking programs
• Familiarity with modern application architectures, including cloud-native environments and CI/CD pipelines
• Experience evaluating and implementing application security and offensive security tools
• Relevant industry certifications such as:
  • OSCP
  • GWAPT
  • GPEN
  • CEH
  • CISSP (preferred but not required)

Ideal Candidate Profile
The ideal candidate is a highly motivated, technically strong cybersecurity professional who thrives in a player-coach leadership role, combining hands-on offensive security expertise with strong leadership, program ownership, and operational execution skills.
This individual is capable of leading teams, improving security programs, and driving measurable security outcomes while remaining deeply engaged in technical security testing and research.

#SoniTech