Penetration Testing Operations Lead

“I can succeed as a Penetration Testing Operations Lead at Capital Group”:

As the Penetration Testing Operations Lead you are an individual contributor in the Capital Group (CG) AppSec / Penetration Testing team. The CG AppSec team is part of Information Security in CG’s Information Technology Group. In the role you will be help us drive improvements in the systems and processes that support our penetration testing function to undertake exciting attacks and improvements. You will be responsible for coordinating and communicating with the key technology / business stakeholders for delivery of security assessments and advising on technology risks and mitigations. This role is hybrid (in-office 3 days/week) and can be in Irvine CA or New York NY depending on candidate current location and/or preference.

In addition, you will be responsible for:

• You will own programs of work which drive improvements across enterprise systems and processes, identifying challenges and pain points, and provide novel approaches of solving them.

• You will provide technical solutions to day-to-day challenges using existing internal/external technologies.

• You will support our data-driven approach by gathering, analyzing, and presenting data gathered from a range of internal systems to identify areas of improvement and recommend solutions.

• You will support penetration testers (both internal and third party) in operational support request and progression of the service.

• You will act as a technical leader in penetration testing function, engaging with stakeholders across the business to drive collaborative improvement efforts that enhance the security of our products and services.

• You will analyze penetration testing results and prepare detailed reports documenting identified vulnerabilities, their potential impact, and recommended remediation actions.

• You will work closely with cross-functional teams across technology, infrastructure, business including developers, system administrators, and business stakeholders, to prioritize and address security findings. You will be expected to communicate effectively and have an empathetic outlook towards development teams by authoring clear, actionable guidance on writing secure code.

• You will keep up to date with the latest security trends, vulnerabilities, and attack techniques to continuously improve internal testing methodologies and stay ahead of potential threats. Be an active advocate to software development teams in educating them on secure software development methodologies.

• You will collaborate with incident response, security / engineering / legal teams globally.

“I am the person Capital Group is looking for.”

• You have a bachelor's degree in computer science, a related field, or equivalent experience.

• You have a minimum of 8 years of experience in working directly with engineering teams.

• You have a minimum of 5 years of technical product or program management experience.

• You have experience developing and supporting Bug Bounty or other Vulnerability Disclosure Programs is a plus.

• You have a minimum of 5 years of program management experience including scope, schedule, budget, quality, along with risk and critical path management experience.

• You have excellent communication skills (written, oral), with the ability to simplify and document complex technical details to both technical and non-technical audiences.

• You can learn quickly and have a track record of developing a deep understanding of systems and risks to the business.

• Coach and work with engineers to build security and privacy by design.

• Perform application design, threat detection, incident response, patching, vulnerability remediation, secure development training, and user training.

• You can work independently, collaboratively and take the initiative to drive security initiatives forward.

• You can manage multiple tasks and coordinate/delegate to achieve speedy resolutions to application security-related security incidents working with stakeholders globally.

• Strong analytical and problem-solving abilities, with a keen attention to detail.

‎ 

‎ 

‎ 

‎ 

‎ 

‎ 

‎ 

‎ 

‎ 

‎ 

‎ 

‎ 

 ‎ 

 ‎

 ‎

In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital’s annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings.

You can learn more about our compensation and benefits here.

* Temporary positions in Canada and the United States are excluded from the above mentioned compensation and benefit plans.

We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.