Manager – Penetration Testing

CBTS serves enterprise and midmarket clients in all industries across the United States and Canada. CBTS combines deep technical expertise with a full suite of flexible technology solutions--including Application Modernization, Managed Hybrid Cloud, Cybersecurity, Unified Communications, and Infrastructure solutions. From developing and deploying modern applications and the secure, scalable platforms on which they run, to managing, monitoring, and optimizing their operations, CBTS delivers comprehensive technology solutions for its clients' transformative business initiatives. For more information, please visit www.cbts.com.

The Manager – Penetration Testing leads CBTS’s Offensive Security practice, overseeing the delivery of high‑quality penetration tests, red‑team engagements, and threat‑emulation services. This role ensures technical excellence, consistent methodology, team development, and exceptional client value while driving practice growth.

Key Responsibilities

Leadership & Team Management

• Lead, coach, and develop a team of penetration testers, red‑team operators, and offensive security consultants.
• Oversee capacity planning, engagement assignments, and resource utilization to ensure timely delivery.
• Create a culture of continuous learning, ethical conduct, technical innovation, and operational excellence.
• Mentor team members through advanced exploitation techniques, reporting best practices, and client communication.

Service Delivery Excellence

• Oversee execution of internal/external network penetration tests, application and API testing, cloud testing, wireless assessments, and social engineering.
• Ensure all engagements follow CBTS playbooks, methodologies, and compliance standards.
• Review technical findings, reports, and remediation guidance for accuracy, clarity, and completeness.
• Ensure engagements align with scope, timelines, and client expectations.

Practice & Methodology Development

• Maintain and enhance the CBTS offensive security methodology, tooling, and reporting standards.
• Develop new service offerings, including adversary emulation, purple‑team services, cloud offensive testing, and industrial/OT security (as applicable).
• Oversee internal R&D to build custom tools, automation, and repeatable frameworks.

Client Engagement & Stakeholder Management

• Act as executive‑level escalation point for clients during and after penetration testing engagements.
• Present findings to technical, security, and C‑suite stakeholders in business‑aligned language.
• Support the creation of Statements of Work (SOWs), scoping calls, and proposal development in partnership with Solutions Architects and Sales.
• Build long‑term client relationships and support new and repeat business opportunities.

Quality Assurance & Risk Management

• Ensure adherence to legal, ethical, and contractual requirements in all offensive engagements.
• Manage operational risks, documenting and escalating critical issues appropriately.
• Maintain high standards for confidentiality, testing authorization, and data handling.

Cross‑Functional Collaboration

• Partner with the Defensive Security, Cloud, and Managed Services teams to deliver integrated security offerings.
• Coordinate purple‑team engagements with detection engineering and SOC analysts.
• Work with Sales, Delivery, PMO, and Marketing teams to enable practice visibility and growth.

Key Performance Indicators (KPIs)

• On‑time delivery and engagement quality
• Client satisfaction (CSAT/NPS)
• Team development, upskilling, and retention
• Revenue growth and utilization targets
• Standardization and maturity of offensive security playbooks
• Practice innovation and tool development
• Reduced rework and improved reporting quality

Required Skills & Competencies

Technical Expertise

• Advanced knowledge of:
• • Network, application, API, and mobile penetration testing
  • Red‑team operations, adversary simulation, and MITRE ATT&CK frameworks
  • Cloud offensive security (AWS, Azure, GCP)
  • Active Directory exploitation and post‑exploitation
  • Scripting/exploitation using Python, PowerShell, Bash, Go, or C#
• Familiar with blue‑team technologies, detection engineering, and EDR evasion.

Leadership & Functional Skills

• Team development, performance coaching, and hiring talent
• Ability to simplify technical risk for business leaders
• Strong documentation, communication, and presentation skills
• Project oversight, scoping, and workload management
• Strategic thinking around cybersecurity program maturity

Behavioral Competencies

• High integrity and ethical responsibility in offensive testing
• Ownership mindset and proactive leadership
• Collaboration across technical and business teams
• Adaptability in fast‑paced, evolving threat environments

Qualifications & Experience

• 7–10+ years in penetration testing, red‑team, or offensive security roles
• 2–4+ years in a leadership, team lead, or management capacity
• Bachelor’s degree in Cybersecurity, Computer Science, or equivalent experience
• Preferred Certifications:
• • OSCP, OSCE, OSEP, OSWE
  • GPEN, GXPN, GWAPT
  • PNPT
  • Cloud security certifications (Azure/AWS/GCP security‑focused)

#LI-REMOTE #LI-PK1 #LI-USA

Due to U.S. Government requirements applicable to foreign-owned telecommunications providers, non-US citizens may be required to submit to an extensive government agency background check which will necessitate disclosure of sensitive Personally Identifiable Information.