Permanent Placement & Consulting Services in Information Technology

817-329-6830 Tel • 817-329-6833 Fax • PO Box 93538 • Southlake, TX • 76092

rr@prdfw.com • www.prdfw.com

Security Management

Penetration Testing Manager, TX Job Ref: 20181013

Currently, client is seeking a motivated, career and customer-oriented leader to join our team in Kuala Lumpur to establish an application penetration team. This role will be a Manager to lead and manage the

application penetration team, build out a scalable model and framework and operate the process and delivery model for the Application penetration testing service. This is a growing team, with senior leaderships support and visibility. This role is involved in projects or issues of high complexity that requires an individual who can quickly think on their feet, challenge the status quo, and rapidly move

from ideation to delivery. This position will report to Director, Head of Application Security

Responsibilities: • Lead a team responsible for conducting internal and external penetration testing and automated

web application security testing. • Evolve the delivery model for the Application penetration testing service, including roles and

responsibilities, remediation plans, rollout of best practices, etc.

• Hire, manage, and develop staff of application penetration testers by providing direction,

establishing clear and measurable objectives, managing performance, training and coaching. • Develop and maintain KPIs to help project resource requirements and forecast sub-contractor

usage. • Ensure effective knowledge management of findings and review results of penetration testing in

order to determine severity of findings and identify potential remediation or mitigation strategies

• Monitors and reports progress, problems and solutions in a timely manner. Follows through to

ensure dollars and time estimates are realized within planned limits. • Effectively communicates to management and business sponsors the status of projects and

issues as they relate to the testing process. • Provides clear, consistent, regular communication with all project stakeholders at all levels,

including presentations to senior management, creating agendas and meeting minutes. • In-depth research of the latest adversarial tactics, techniques and procedures (TTPs) and

technologies to remain at the bleeding edge.

• Create and support KPIs and KRIs that measure risk reduction and progress over time.

• Builds a high-performance team

• Develops and mentors staff to achieve career goals and maintain leadership succession planning.

Requirements: • Bachelor’s degree in related field (Business, Information Services, IT, Information Security, etc.);

Master’s preferred. • 10 years of hands on Application Penetration testing experience with at least 4 years in managing

and leading a team of penetration testers.

Permanent Placement & Consulting Services in Information Technology

817-329-6830 Tel • 817-329-6833 Fax • PO Box 93538 • Southlake, TX • 76092

rr@prdfw.com • www.prdfw.com

• A Self Starter with strong organizational skills, including the ability to deliver with minimal

supervision and experienced in working in an onsite-offshore model. • Expert knowledge and hands on experience of penetration tools such as Kali l inux, Burpsuite,

Nessus, Metasploit etc. • Expert knowledge of existing, emerging threats, web security principles and attack vectors

• Ability to Author detailed and articulate penetration test reports, including prescriptive

recommendations for remediation options • Extensive knowledge of information and technology security management technologies,

methods, standards, and processes as well as knowledge of compliance, legal, internal / external

audit & regulatory requirements. • Strong Expertise with Open Source Security Testing Methodology Manual (OSSTMM), Open Web

Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications

• Strong expertise in the collaboration, facilitation and coordination with the business units for the

mitigation of risks.

• Strong understanding of Application Design, DevOps, TCP/IP fundamentals, network protocols,

system administration and network architectures. • Experience and exposure to large organizational implementations of vulnerability management

programs, with specific emphasis on application security, metrics development and reporting. • Experience with programming at least one of the following: Perl, Python, ruby, bash, C or C++,

C#, or Java, including scripting and editing existing code • Knowledge of Web Frameworks such as Spring, Struts Hibernate, ASP, JSP etc and APIs

(JSON/REST/SOAP)

• Understanding of APIs (JSON/REST/SOAP) An aptitude for technical writing, including assessment

reports, presentations and operating procedures. • Strong problem solving and project execution skil ls. Ability to handle changing priorities and drive

difficult decisions. • Ability to solve very complex security issues that span multiple components in an Application

infrastructure. • Ability to lead and motivate the team to achieve tactical and strategic goals.

• Knowledge of common information security management frameworks, including but not l imited

to: ISO 27001/27002, ITIL, COBIT and NIST is desired.

• Professional security management certification, such as a CISSP, CISM, CEH, OSCP/E, GWAPT,

GPEN, or GXPN certification(s) or other similar credentials, is desired

Submit your resume for this job by contacting us today!