CCDS is seeking an experienced Penetration Testing & Red Team Lead to lead and manage offensive security operations across enterprise and client environments.
The role focuses on delivering high-impact penetration testing and red team engagements, ensuring technical excellence, regulatory compliance, and effective risk communication to stakeholders.
Key Responsibilities Leadership & Team Management Lead, mentor, and develop a team of penetration testers and red team engineers.
Define roles, responsibilities, and engagement assignments.
Review technical execution, validate findings, and ensure high-quality deliverables.
Act as the escalation point for complex technical and operational challenges.
Pre-Sales & Client Engagement Support pre-sales activities including scoping, estimations, and technical proposals.
Participate in client meetings to define scope, Rules of Engagement (RoE), and testing objectives.
Translate business, compliance, and regulatory requirements into effective offensive security strategies.
Offensive Security Operations Lead and oversee penetration testing engagements (network, web, mobile, API, and cloud).
Design and execute red team campaigns including attack simulations, lateral movement, and privilege escalation.
Ensure safe and controlled exploitation aligned with agreed RoE and ethical standards.
Governance & Quality Assurance Establish and maintain standardized testing methodologies, playbooks, and frameworks.
Ensure compliance with legal, contractual, and regulatory requirements (e.
g., NCA, CST, ISO 27001).
Implement quality assurance checkpoints prior to report delivery.
Reporting & Risk Communication Review and approve executive-level and technical reports.
Present findings, risk narratives, and attack paths to technical teams and senior management.
Provide clear remediation guidance and support retesting activities.
Medical Insurance Paid Time Off Training & Development Performance Bonus Required Skills & Experience 8+ years of hands-on experience in penetration testing and/or red teaming.
2–3 years in a technical leadership or team lead role.
Strong expertise in: Network and Active Directory exploitation Web, API, and cloud security testing Red team operations, C2 frameworks, and post-exploitation techniques Excellent reporting, communication, and stakeholder management skills.
Tools & Technologies (Preferred) Metasploit, Cobalt Strike (or equivalent C2 frameworks) Burp Suite, OWASP ZAP Nmap, Nessus, BloodHound, Mimikatz Awareness of SIEM and EDR technologies (e.
g., Splunk, Microsoft Defender) Certifications (Preferred) OSCP, OSEP, CRTO, GWAPT, CISSP (or equivalent)