<p>Insight Assurance is considered one of the fastest-growing companies focusing on cybersecurity compliance. The company is a Florida-registered and licensed CPA firm, PCI Qualified Security Assessor (QSA), and ISO 27001 Certification Body founded by former Big-4 professionals (Former EY), looking to simplify the world of IT compliance. With over 20 years of professional experience working with hundreds of organizations from startups to Fortune 500 companies on a variety of engagements, the team at Insight Assurance partners with organizations looking to meet their organizational and compliance goals.</p><p></p><p data-start="284" data-end="925"><strong data-start="284" data-end="299">JOB PURPOSE</strong><br data-start="299" data-end="302">We are seeking a highly experienced and strategic Director of Penetration Testing to lead our penetration testing department. This leadership role is responsible for overseeing all aspects of the team’s operations, strategy, and technical delivery. The ideal candidate will bring over 5 years of professional experience in penetration testing, including at least 3 years in a leadership or managerial role. The Director will be responsible for building and mentoring a high-performing team, developing testing methodologies, ensuring service excellence, and aligning the team's objectives with broader organizational goals.</p><p data-start="932" data-end="956"><strong data-start="932" data-end="956">KEY RESPONSIBILITIES</strong></p><p data-start="958" data-end="991"><strong data-start="958" data-end="989">Strategic & Team Leadership</strong></p><ul data-start="992" data-end="1435"><li data-start="992" data-end="1122"><p data-start="994" data-end="1122">Lead and manage the penetration testing department, including hiring, mentoring, performance management, and resource planning</p></li><li data-start="1123" data-end="1220"><p data-start="1125" data-end="1220">Define departmental goals and key performance indicators in alignment with company objectives</p></li><li data-start="1221" data-end="1337"><p data-start="1223" data-end="1337">Establish and continuously improve testing methodologies, quality assurance standards, and operational workflows</p></li><li data-start="1338" data-end="1435"><p data-start="1340" data-end="1435">Serve as the primary point of contact for executive leadership on penetration testing matters<br><br></p></li></ul><p data-start="1437" data-end="1475"><strong data-start="1437" data-end="1473">Technical Leadership & Execution</strong></p><ul data-start="1476" data-end="1918"><li data-start="1476" data-end="1602"><p data-start="1478" data-end="1602">Oversee and participate in complex penetration tests on enterprise networks, systems, applications, and cloud environments</p></li><li data-start="1603" data-end="1696"><p data-start="1605" data-end="1696">Lead red team engagements, social engineering campaigns, and simulated real-world attacks</p></li><li data-start="1697" data-end="1780"><p data-start="1699" data-end="1780">Ensure technical accuracy and completeness of all team deliverables and reports</p></li><li data-start="1781" data-end="1918"><p data-start="1783" data-end="1918">Stay up to date with evolving threat landscapes, attack vectors, and security technologies to continuously innovate service offerings<br><br></p></li></ul><p data-start="1920" data-end="1951"><strong data-start="1920" data-end="1949">Stakeholder Communication</strong></p><ul data-start="1952" data-end="2238"><li data-start="1952" data-end="2058"><p data-start="1954" data-end="2058">Deliver clear, impactful reports and presentations for both technical teams and executive stakeholders</p></li><li data-start="2059" data-end="2144"><p data-start="2061" data-end="2144">Translate findings into actionable recommendations and risk mitigation strategies</p></li><li data-start="2145" data-end="2238"><p data-start="2147" data-end="2238">Collaborate with IT, GRC, SOC, and security operations teams to guide remediation efforts<br><br></p></li></ul><p data-start="2240" data-end="2263"><strong data-start="2240" data-end="2261">Compliance & Risk</strong></p><ul data-start="2264" data-end="2464"><li data-start="2264" data-end="2385"><p data-start="2266" data-end="2385">Ensure the team's activities align with industry standards and regulatory frameworks such as PCI-DSS, HIPAA, and NIST</p></li><li data-start="2386" data-end="2464"><p data-start="2388" data-end="2464">Develop, maintain, and enforce penetration testing policies and procedures</p></li></ul><p data-start="2471" data-end="2487"><strong data-start="2471" data-end="2487"><br>REQUIREMENTS</strong></p><p data-start="2489" data-end="2517"><strong data-start="2489" data-end="2515">Education & Experience</strong></p><ul data-start="2518" data-end="3024"><li data-start="2518" data-end="2618"><p data-start="2520" data-end="2618">Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field</p></li><li data-start="2619" data-end="2752"><p data-start="2621" data-end="2752">At least 5 years of hands-on penetration testing experience, including web, network, social engineering, and red team assessments</p></li><li data-start="2753" data-end="2849"><p data-start="2755" data-end="2849">Minimum 3 years of experience managing or leading technical teams in a cybersecurity context</p></li><li data-start="2850" data-end="2943"><p data-start="2852" data-end="2943">Proven track record of successfully delivering enterprise-level security testing projects</p></li><li data-start="2944" data-end="3024"><p data-start="2946" data-end="3024">Experience with exploit development and advanced attack simulation is a plus<br><br></p></li></ul><p data-start="3026" data-end="3079"><strong data-start="3026" data-end="3077">Certifications (Required or Strongly Preferred)</strong></p><ul data-start="3080" data-end="3168"><li data-start="3080" data-end="3099"><p data-start="3082" data-end="3099">OSCP (required)</p></li><li data-start="3100" data-end="3168"><p data-start="3102" data-end="3168">OSCE, OSWE, OSEP, or similar advanced certifications (preferred)</p></li></ul><p data-start="3175" data-end="3195"><strong data-start="3175" data-end="3195"><br>TECHNICAL SKILLS</strong></p><ul data-start="3197" data-end="3714"><li data-start="3197" data-end="3309"><p data-start="3199" data-end="3309">Expert-level knowledge of penetration testing tools (e.g., Metasploit, Burp Suite, OWASP ZAP, Cobalt Strike)</p></li><li data-start="3310" data-end="3433"><p data-start="3312" data-end="3433">Deep understanding of network protocols, operating systems (Windows, Linux), and cloud infrastructure (AWS, Azure, GCP)</p></li><li data-start="3434" data-end="3514"><p data-start="3436" data-end="3514">Strong command of scripting and programming (Python, Bash, PowerShell, etc.)</p></li><li data-start="3515" data-end="3577"><p data-start="3517" data-end="3577">Experience with risk analysis and vulnerability management</p></li><li data-start="3578" data-end="3714"><p data-start="3580" data-end="3714">Exceptional written and verbal communication skills, including the ability to write detailed technical reports for diverse audiences</p></li></ul><p data-start="3721" data-end="3743"><strong data-start="3721" data-end="3743"><br>OTHER REQUIREMENTS</strong></p><ul data-start="3745" data-end="4057"><li data-start="3745" data-end="3836"><p data-start="3747" data-end="3836">U.S. Citizenship or eligibility to obtain necessary security clearances (if applicable)</p></li><li data-start="3837" data-end="3878"><p data-start="3839" data-end="3878">Ability to travel up to 25% if needed</p></li><li data-start="3879" data-end="3978"><p data-start="3881" data-end="3978">Demonstrated leadership, strategic thinking, and ability to operate in a fast-paced environment</p></li><li data-start="3979" data-end="4057"><p data-start="3981" data-end="4057">High level of integrity and discretion when handling sensitive information</p></li></ul><p></p><p><strong>Benefits</strong><br>- Competitive Salary<br>- Flexible Paid Time Off and paid holidays<br>- Performance Bonuses<br>- Flexible remote work environment<br>- Opportunities for professional development and growth<br>- Supportive team culture </p><p> </p><p> </p><p><span style="text-decoration: underline;"><strong>Privacy Notice CCPA</strong></span>: </p><ul><li style="font-style: italic;"><em>Insight Assurance shares your personal data/information with Greenhouse recruiting because this is the tool we use for the recruitment process. </em></li><li style="font-style: italic;"><em>Insight Assurance does not sell personal data/information under any circumstances. </em></li><li style="font-style: italic;"><em>You may exercise your rights under personal data protection legislation by reaching out to us via: <a href="mailto:HR@insightassurance.com">HR@insightassurance.com</a> or submit a request via mail at 400 N Tampa St. 15th Floor Suite 122, Tampa, FL 33602</em></li></ul><p><span style="text-decoration: underline;"><strong>Privacy Notice GDPR:</strong></span></p><p class="x_MsoNormal"><em><span lang="EN-GB" data-olk-copy-source="MessageBody">This notice informs you about the categories of Personal Data/ Information and the Purpose and Scope of Processing Activities to be undertaken by Insight Assurance (we, us, our), under its job application and recruitment process.</span></em></p><p class="x_MsoNormal"><em><span lang="EN-GB">We resort to Greenhouse.com as the platform that supports our recruitment process, and therefore your Personal Data/ Information will be Processed on this tool (hosted, shared with, cross-referenced, accessed by our team); we have in place contractual terms and the commitment of Greenhouse.com that ensures the Security and Confidentiality plus Purpose limitation with regards to the Processing of your Personal Data.</span></em></p><p class="x_MsoNormal"><em><span lang="EN-GB">When you reply to one of your job postings, you voluntarily and freely submit your Personal Data to us; this, allied with the fact that the Processing by us (and over Greenhouse.com) of that Personal Data has the sole Purpose of validating your application and proceeding with the inherent scrutiny and decision, allows us to argue having Legitimate Interest as the applicable Legal Basis to undertake the Processing of your Personal Data under this scope.</span></em></p><p class="x_MsoNormal"><em><span lang="EN-GB">We are a U.S. based company, hence some or all Personal Data pertaining to you will be hosted in the U.S.</span></em></p><p class="x_MsoNormal"><em><span lang="EN-GB">The categories of Personal Data under Processing consist of:</span></em></p><ul type="disc"><li class="x_MsoListParagraph"><em><span lang="EN-GB">Identification</span></em></li><li class="x_MsoListParagraph"><em><span lang="EN-GB">Contact</span></em></li><li class="x_MsoListParagraph"><em><span lang="EN-GB">Education and Professional</span></em></li><li class="x_MsoListParagraph"><em><span lang="EN-GB">Interview performance</span></em></li><li class="x_MsoListParagraph"><em><span lang="EN-GB">Evaluation</span></em></li></ul><p class="x_MsoNormal"><em><span lang="EN-GB">You may exercise several Rights as determined under applicable Personal Data Protection legislation, in short:</span></em></p><ul type="disc"><li class="x_MsoListParagraph"><strong><em><span lang="EN-GB">Right of Access</span></em></strong><em><span lang="EN-GB"> – meaning getting information about the Personal Data under Processing by us, except for the information you already know;</span></em></li><li class="x_MsoListParagraph"><strong><em><span lang="EN-GB">Right of Erasure</span></em></strong><em><span lang="EN-GB"> – you may ask for us to erase all Personal Data pertaining to you under Processing; this may imply you being excluded from the recruitment process, for without information we cannot proceed with it;</span></em></li><li class="x_MsoListParagraph"><strong><em><span lang="EN-GB">Right of Opposition or Restriction of Processing</span></em></strong><em><span lang="EN-GB"> – you may ask us to stop some Processing or restrict the Processing of some Personal Data, this may imply you being excluded from the recruitment process, at our sole discretion also for without information we cannot proceed with it;</span></em></li><li class="x_MsoListParagraph"><strong><em><span lang="EN-GB">Rectification </span></em></strong><em><span lang="EN-GB">– you can rectify your Personal Data at anytime</span></em> </li></ul><p> </p>