Penetration Testing Manager

Role Overview\nWe are seeking an experienced Penetration Testing Manager to lead, build, and develop our penetration testing service offering. This role is responsible for creating and managing a high-performing offensive security team, developing new services, defining testing methodologies, and ensuring high-quality delivery across client-facing and internal security engagements.\nThe successful candidate will combine strong technical penetration testing expertise with leadership, commercial awareness, service development experience, and the ability to scale a team and penetration testing service line.\n\nKey Responsibilities\nEstablish, lead, and develop a penetration testing team, including recruitment, onboarding, mentoring, performance management, and career development.\nDefine the team structure, capability model, skills matrix, training plan, and operating procedures.\nDevelop and mature penetration testing services across areas such as web applications, APIs, infrastructure, cloud, Active Directory, wireless, mobile, social engineering, red teaming, and attack simulation.\nDefine, own, and maintain methodologies, standards, scopes of work, report templates, and QA processes.\nOwn engagement models and commercial assets including pricing models and delivery processes..\nOwn the end-to-end delivery of penetration testing engagements, ensuring work is delivered safely, legally, on time, and to a high technical standard.\nAct as the technical authority for penetration testing, providing escalation support and quality review for complex findings and reports.\nBuild trusted relationships with clients, internal stakeholders, technology teams, risk teams, and senior leadership.\nIdentify market demand, emerging threats, and customer needs to shape the future service roadmap.\nSupport pre-sales, bid responses, proposals, scoping calls, statements of work, and commercial discussions.\nEnsure all testing activity is conducted within agreed rules of engagement, legal boundaries, regulatory requirements, and internal governance.\nImplement quality control processes, peer review, report assurance, technical standards, and continuous improvement mechanisms.\nTrack team performance, utilization, revenue, margin, delivery quality, customer satisfaction, and remediation outcomes where relevant.\nMaintain awareness of emerging vulnerabilities, exploit techniques, threat actor tactics, industry trends, and regulatory changes.\nRepresent the penetration testing function in senior management forums, client meetings, audits, and risk committees.\nDevelop strategic partnerships, tooling strategies, lab environments, knowledge bases, and reusable assets to improve delivery efficiency and quality.\nRequired Skills and Experience\nSignificant industry experience in penetration testing, offensive security, red teaming, vulnerability assessment, or security consultancy.\nProven experience in leading, managing, and mentoring penetration testers and offensive security professionals.\nDemonstrable ability to create, grow, or mature a security testing function, consultancy practice, or technical service line.\nStrong technical background across web application, API, infrastructure, cloud, Active Directory, and network penetration testing.\nExperience in developing service offerings, methodologies, testing standards, engagement models, and reporting frameworks.\nStrong understanding of common security frameworks, standards, and scoring methodologies, including OWASP, MITRE ATT&CK, NIST, ISO 27001, PCI DSS, Cyber Essentials, and CVSS.\nExperience in managing multiple concurrent engagements, priorities, stakeholders, and delivery risks.\nAbility to review and challenge technical findings, exploit evidence, risk ratings, and remediation recommendations.\nStrong commercial awareness, including experience with scoping, pricing, proposals, bids, utilization, profitability, and customer relationship management.\nExcellent written and verbal communication skills, with the ability to engage technical teams, executives, clients, auditors, and regulators.\nStrong understanding of legal, ethical, and operational risk considerations associated with penetration testing.\nExperience building processes for quality assurance, peer review, safe testing, evidence handling, and reporting consistency.\nCertifications\nCandidates should hold relevant industry certifications such as:\nOSCP, OSEP, OSWE, OSED, or other Offensive Security certifications\nCREST Certified Tester, CREST Certified Infrastructure Tester, CREST Certified Web Application Tester, or equivalent\nGIAC certifications such as GPEN, GWAPT, GXPN, GMOB, GCPN, or GSE\nCISSP, CISM, CRISC, or similar senior security management certifications\nCompTIA PenTest+ or Security+\nHolding multiple technical and leadership-focused certifications would be advantageous.\n\nDesirable Skills\nExperience building a penetration testing team, consultancy practice, or managed security testing service from inception through to delivery and execution.\nExperience creating go-to-market propositions, service catalogues, sales collateral, and delivery playbooks.\nPrevious responsibility for revenue, budget, headcount, utilization, margin, or service profitability.\nExperience with red teaming, threat-led penetration testing, adversary simulation, purple teaming, or assumed-breach exercises.\nExperience delivering services aligned to CREST, PCI DSS, CBEST, TIBER, STAR-FS, or similar assurance schemes.\nKnowledge of cloud security testing across AWS, Azure, or Google Cloud Platform.\nExperience with DevSecOps, CI/CD security testing, container security, Kubernetes assessments, and secure software development practices.\nExperience selecting, implementing, and managing penetration testing tools, labs, reporting platforms, and collaboration systems.\nExperience managing external suppliers, contractors, or partner organizations.\nAbility to mentor senior consultants and develop future technical leaders.\n\nPersonal Attributes\nStrong leadership presence with the ability to inspire, guide, and grow a specialist technical team.\nEntrepreneurial mindset with the ability to identify opportunities and develop new services.\nCommercially aware, client-focused, and outcome-driven.\nCredible technical authority with strong judgement and professional integrity.\nComfortable operating at both strategic and hands-on technical levels.\nAble to balance delivery quality, commercial objectives, team development, and risk management.\nClear communicator who can translate complex offensive security concepts into business-relevant language.\nHighly organized, pragmatic, and able to establish structure in a growing capability.\nCommitted to continuous improvement, professional development, and building a strong team culture.