Find Your Dream Job Today

Our mission is to help high-achieving LGBTQ+ undergraduates reach their full potential.

Application Security and Penetration Testing Manager

The Capital Group

The Capital Group

Multiple locations
Posted on Friday, February 9, 2024

“I can succeed as an Application Security and Penetration Testing Manager at Capital Group.”

As the Application Security and Penetration Testing manager in the Capital Group (CG) Application Security (AppSec) team you will lead a small team of Application Security and Penetration Testing Engineers. The CG AppSec team is part of Information Security in CG’s Information Technology Group. As the Application Security and Penetration Testing Manager you will be leading web application and network penetration tests, red/purple team assessments, and providing recommendations for security issues. You will be responsible for managing the team, building their skills, providing technical direction, mentoring the associates and handling any escalations or complications as they relate to penetration testing. You will be a player/coach in that you will roll-up your sleeves and show-and-tell as well. Your managed team is geographically dispersed. You will be coordinating and communicating with the key technology stakeholders for delivery of security assessments and in infrastructure and application penetration tests. This role is hybrid (in-office 3 days/week) and can be in Los Angeles CA, Irvine CA, San Antonio TX, or New York NY depending on candidate current location and/or preference.

In addition, you will be responsible for:

  • You will collaboratively work across the teams and plan early, effectively, with excellent communications.

  • You will provide recommendations and guidance as the technical SME on the topic of penetration testing with demonstrated success over time as a delivery agent and manager of penetration testers.

  • You will provide recommendations and guidance as the technical SME on preventative controls such as EDRs, log management, IDS/IPS systems and how to bypass those controls to effectively perform red/purple team.

  • You will manage a team of penetration testers and red teamers to conduct thorough security assessments on applications, networks (wired and wireless), infrastructure, and systems.

  • You will be rolling up your sleeves and showing how it's done as well as leading a team to perform the best security tests – thoroughly and with a high quality.

  • You will effectively collaborate across development and infrastructure teams and juggle multiple penetration tests and their planning with aplomb.

  • You will oversee the issue management and holding penetration testing vendors accountable on report quality, accuracy of findings, test quality, and penetration test vendor selection.

  • You will perform threat modeling so you can effectively plan the best method to test complicated systems including but not limited to Machine Learning based Software Systems.

“I am the person Capital Group is looking for.”

  • You have a bachelor's degree in computer science, a related field, or equivalent experience.

  • You have a minimum of 8 years of experience in application security, penetration testing and at least 1-2 years of managing a penetration testing team.

  • You have prior penetration testing, red / purple teaming consulting experience a plus.

  • You have a strong understanding of network security, TCP/IP, DNS, TLS, HTTP, IPSec, 802.11, etc.

  • You have experience with security protocols and/or technologies such as REST APIs, Burp Suite, ZAP, Linux, Windows, macOS, nmap, Metasploit, Powersploit, Lolbins, etc.

  • You can automate tasks in Python, bash, Java, C/C#/C++, Rust, etc.

  • You have a strong understanding of attacks in AWS, Azure, GCP, OAuth, websockets, etc.

  • You have excellent communication skills (written, oral), with the ability to simplify and document complex technical details to both technical and non-technical audiences.

  • You have strong leadership and management skills, with the ability to lead and motivate a team of security professionals by diving deep and collaborating with teammates.

  • You can work independently and take initiative to drive security initiatives forward.

  • You can juggle multiple tasks and coordinate/delegate to achieve speedy resolutions to application security related security incidents working with Security operations.

Southern California Base Salary Range: $187,370-$299,792

San Antonio Base Salary Range: $154,033-$246,453

New York Base Salary Range: $198,622-$317,795

In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital’s annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings.

You can learn more about our compensation and benefits here.

We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.