Penetration Testing Operations Lead

$166,551 - $266,482/Yr

Capital International Group - San Antonio, TX

posted 3 months ago

Full-time - Senior
San Antonio, TX
Insurance Carriers and Related Activities

About the position

As the Penetration Testing Operations Lead at Capital Group (CG), you will serve as a vital individual contributor within the AppSec / Penetration Testing team, which is part of the broader Information Security division in CG's Information Technology Group. This role is designed for someone who is passionate about driving improvements in the systems and processes that underpin our penetration testing function. You will engage in exciting attacks and enhancements, ensuring that our security assessments are thorough and effective. Your primary responsibility will be to coordinate and communicate with key technology and business stakeholders to deliver comprehensive security assessments while advising on technology risks and their mitigations. In this hybrid role, which requires in-office attendance three days a week, you can be based in Irvine, CA, San Antonio, TX, or New York, NY, depending on your current location and preference. You will own programs of work that drive improvements across enterprise systems and processes, identifying challenges and pain points, and providing innovative solutions to address them. Your technical expertise will be crucial in offering solutions to day-to-day challenges using both internal and external technologies. You will support a data-driven approach by gathering, analyzing, and presenting data from various internal systems to pinpoint areas for improvement and recommend actionable solutions. Additionally, you will provide operational support to both internal and third-party penetration testers, ensuring the smooth progression of services. As a technical leader in the penetration testing function, you will engage with stakeholders across the business to foster collaborative improvement efforts that enhance the security of our products and services. Your role will also involve analyzing penetration testing results and preparing detailed reports that document identified vulnerabilities, their potential impacts, and recommended remediation actions. You will work closely with cross-functional teams, including developers, system administrators, and business stakeholders, to prioritize and address security findings. Effective communication will be key, as you will need to author clear, actionable guidance on secure coding practices while maintaining an empathetic outlook towards development teams. Staying current with the latest security trends, vulnerabilities, and attack techniques will be essential for continuously improving internal testing methodologies and staying ahead of potential threats. You will actively advocate for secure software development methodologies among software development teams, ensuring that security and privacy are integrated into the design process.

Responsibilities

  • Own programs of work which drive improvements across enterprise systems and processes, identifying challenges and pain points, and provide novel approaches of solving them.
  • Provide technical solutions to day-to-day challenges using existing internal/external technologies.
  • Support our data-driven approach by gathering, analyzing, and presenting data gathered from a range of internal systems to identify areas of improvement and recommend solutions.
  • Support penetration testers (both internal and third party) in operational support requests and progression of the service.
  • Act as a technical leader in the penetration testing function, engaging with stakeholders across the business to drive collaborative improvement efforts that enhance the security of our products and services.
  • Analyze penetration testing results and prepare detailed reports documenting identified vulnerabilities, their potential impact, and recommended remediation actions.
  • Work closely with cross-functional teams across technology, infrastructure, and business including developers, system administrators, and business stakeholders, to prioritize and address security findings.
  • Communicate effectively and have an empathetic outlook towards development teams by authoring clear, actionable guidance on writing secure code.
  • Keep up to date with the latest security trends, vulnerabilities, and attack techniques to continuously improve internal testing methodologies and stay ahead of potential threats.
  • Be an active advocate to software development teams in educating them on secure software development methodologies.

Requirements

  • Bachelor's degree in computer science, a related field, or equivalent experience.
  • Minimum of 8 years of experience working directly with engineering teams.
  • Minimum of 5 years of technical product or program management experience.
  • Minimum of 5 years of program management disciplines including scope, schedule, budget, quality, along with risk and critical path management experience.
  • Excellent communication skills (written, oral), with the ability to simplify and document complex technical details to both technical and non-technical audiences.
  • Ability to learn quickly and develop a deep understanding of systems and risks to the business.
  • Experience coaching and working with engineers to build security and privacy by design.
  • Experience performing application design, threat detection, incident response, patching, vulnerability remediation, secure development training, and user training.
  • Ability to work independently, collaboratively, and take the initiative to drive security initiatives forward.
  • Ability to manage multiple tasks and coordinate/delegate to achieve speedy resolutions to application security-related incidents working with stakeholders globally.
  • Strong analytical and problem-solving abilities, with keen attention to detail.

Benefits

  • Highly competitive base salary
  • Individual annual performance bonus
  • Annual profitability bonus
  • Retirement plan with 15% contribution of eligible earnings by Capital Group

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service