Basic Qualifications

• Bachelor’s degree and at least 8 years of experience in IT Security OR a High School Diploma/GED and at least 11 years of experience in IT Security
• At least 6 years of experience with relevant information security teams, such as penetration testing, red teaming, incident response, threat hunting, application security, and/or Information security consulting
• Experience establishing & maintaining relationships with individuals at all levels of the organization, in the business community & with vendors.
• Experience diagnosing, isolating, and resolving complex issues and recommending and implementing strategies to resolve problems
• Experience leading cross-functional teams.
• Experience interacting at the executive level.
• At least 5 years of experience contributing to financial decisions in the workplace.
• At least 5 years of direct leadership, indirect leadership and/or cross functional team leadership.
• Willing to travel up to/at least (10%) of the time for business purposes (within state and out of state).

Preferred Qualifications
Preferred Qualifications:

• Deep Attacker Simulation/Emulation Testing Experience – Strong background in offensive security techniques, including web application, cloud, and network penetration testing.
• Red and Purple Team Operations – Experience designing and executing realistic adversary simulations, including threat emulation of APT groups and sophisticated attack chains, incorporating Blue Team members into exercises and leveraging a Blue team backlog of needed validations to ensure alerting coverage and response procedures.
• Advanced Exploitation and Tooling – Knowledge of exploit development, custom malware, and offensive tooling (e.g., Cobalt Strike, Sliver, Metasploit, BloodHound).
• Cloud Security Knowledge – Expertise in testing AWS, Azure, and/or GCP security postures, including IAM abuse and misconfiguration exploitation.
• Secure Development Lifecycle (SDLC) Awareness – Familiarity with secure coding practices and ability to advise engineering teams on hardening applications against attack vectors.
• Health Data and PCI Compliance – Experience with HIPAA Security Rule and PCI-DSS compliance implications for offensive security testing.
• Team Leadership & Mentorship – Experience managing and mentoring offensive security engineers, prioritizing workloads, and aligning efforts with business risks.
• Threat Intelligence-Driven Approach – Ability to integrate threat intelligence to inform attack scenarios, focusing on real-world threats to the business.
• Incident Collaboration – Ability to coordinate findings with blue teams, security operations, and risk management groups to drive actionable remediation.
• Crisis Management & Communication – Skilled in communicating technical risks to executive leadership in a clear and actionable manner.
• Regulatory & Legal Awareness – Understanding of ethical hacking boundaries, legal frameworks, and authorization protocols for red teaming in a regulated environment.
• Risk-Based Testing Prioritization – Ability to align offensive security assessments with critical business risks, ensuring the most valuable assets are tested.
• Stakeholder Influence – Experience working cross-functionally with legal, compliance, engineering, and executive teams to support secure business operations.