Title: Technical Program Manager Penetration Testing & Identity Security
Location: Houston, TX (Onsite)
C2C/W2
*Position Summary:*
The Technical Program Manager Penetration Testing & Identity Security is responsible for leading and executing enterprise-wide penetration test remediation initiatives, with a strong focus on Identity Management, Active Directory. This role combines deep technical understanding of penetration testing and security vulnerabilities with strong program management skills to drive remediation across multiple technical teams in a regulated environment. The role ensures findings are remediated, validated, and closed in alignment with audit, compliance, and business risk requirements.
*Key Responsibilities:*
Lead end-to-end delivery of penetration test remediation programs, from findings review through remediation, retesting, and audit closure.
Coordinate cross-functional teams including IAM, Compute, Desktop, Network Security, Network Services, Cloud, Build Teams, Audit, and third-party vendors.
Review and interpret penetration test findings and translate them into clear, actionable remediation plans.
Drive remediation efforts related to identity and authentication vulnerabilities across Active Directory (on-prem) and Microsoft Entra ID.
Partner with technical owners to address vulnerabilities such as NTLM coercion, DNS/DHCP spoofing, weak password controls, and outdated or vulnerable software components.
Manage dependencies, risks, timelines, and deliverables across multiple concurrent remediation workstreams.
Assist with coordination of policy changes, configuration updates, change management approvals, and production rollouts.
Manage Agile backlogs, sprints, and release readiness for teams transitioning to Agile delivery models.
Ensure remediation efforts align with security standards, regulatory requirements, and internal governance controls.
Drive governance through regular standups, working sessions, steering committee meetings, and stakeholder communications.
Track remediation progress, validate closure evidence, and coordinate retesting with penetration test vendors.
Provide clear weekly status updates to management, including progress, risks, blockers, and mitigation plans.
Maintain detailed work plans and WBS to ensure the program remains on schedule and within budget.
*Required Skills & Experience:*
Strong understanding of penetration testing methodologies, common vulnerabilities, and remediation approaches.
Hands-on knowledge of Active Directory (on-prem), Microsoft Entra ID, and enterprise identity security concepts.
Experience managing remediation of authentication, authorization, and identity-related security findings.
Ability to understand attack paths and prioritize remediation based on severity, exploitability, and business impact.
Proven experience managing large-scale security or infrastructure remediation programs.
Strong cross-team coordination skills across infrastructure, security, and cloud engineering teams.
Experience working in regulated environments with formal audit and compliance requirements.
Solid understanding of endpoint and infrastructure vulnerabilities, patching, and hardening practices.
Experience managing vendor relationships, including penetration testing firms and security service providers.
Demonstrated ability to manage multiple high-priority initiatives under tight timelines.
*Preferred Qualifications:*
Knowledge of Identity Management, Identity Protection or similar identity threat detection platforms.
Experience with Microsoft security baselines and identity hardening standards.
Familiarity with Zero Trust architecture principles.
Prior experience supporting utility, energy, or other highly regulated industries.
Bachelor s degree in Information Technology, Cyber Security, or related field (or equivalent experience).
PMP, PgMP, SAFe, or Agile certification preferred.
Never miss an opportunity! Create an alert based on the job you applied for.
