Alois Solutions

Key Responsibilities

• Establish, lead, and develop a penetration testing team, including recruitment, onboarding, mentoring, performance management, and career development.
• Define the team structure, capability model, skills matrix, training plan, and operating procedures.
• Develop and mature penetration testing services across areas such as web applications, APIs, infrastructure, cloud, Active Directory, wireless, mobile, social engineering, red teaming, and attack simulation.
• Define, own, and maintain methodologies, standards, scopes of work, report templates, and QA processes.
• Own engagement models and commercial assets including pricing models and delivery processes..
• Own the end-to-end delivery of penetration testing engagements, ensuring work is delivered safely, legally, on time, and to a high technical standard.
• Act as the technical authority for penetration testing, providing escalation support and quality review for complex findings and reports.
• Build trusted relationships with clients, internal stakeholders, technology teams, risk teams, and senior leadership.
• Identify market demand, emerging threats, and customer needs to shape the future service roadmap.
• Support pre-sales, bid responses, proposals, scoping calls, statements of work, and commercial discussions.
• Ensure all testing activity is conducted within agreed rules of engagement, legal boundaries, regulatory requirements, and internal governance.
• Implement quality control processes, peer review, report assurance, technical standards, and continuous improvement mechanisms.
• Track team performance, utilisation, revenue, margin, delivery quality, customer satisfaction, and remediation outcomes where relevant.
• Maintain awareness of emerging vulnerabilities, exploit techniques, threat actor tactics, industry trends, and regulatory changes.
• Represent the penetration testing function in senior management forums, client meetings, audits, and risk committees.
• Develop strategic partnerships, tooling strategies, lab environments, knowledge bases, and reusable assets to improve delivery efficiency and quality.

Required Skills and Experience

• Significant industry experience in penetration testing, offensive security, red teaming, vulnerability assessment, or security consultancy.
• Proven experience in leading, managing, and mentoring penetration testers and offensive security professionals.
• Demonstrable ability to create, grow, or mature a security testing function, consultancy practice, or technical service line.
• Strong technical background across web application, API, infrastructure, cloud, Active Directory, and network penetration testing.
• Experience in developing service offerings, methodologies, testing standards, engagement models, and reporting frameworks.
• Strong understanding of common security frameworks, standards, and scoring methodologies, including OWASP, MITRE ATT&CK, NIST, ISO 27001, PCI DSS, Cyber Essentials, and CVSS.
• Experience in managing multiple concurrent engagements, priorities, stakeholders, and delivery risks.
• Ability to review and challenge technical findings, exploit evidence, risk ratings, and remediation recommendations.
• Strong commercial awareness, including experience with scoping, pricing, proposals, bids, utilisation, profitability, and customer relationship management.
• Excellent written and verbal communication skills, with the ability to engage technical teams, executives, clients, auditors, and regulators.
• Strong understanding of legal, ethical, and operational risk considerations associated with penetration testing.
• Experience building processes for quality assurance, peer review, safe testing, evidence handling, and reporting consistency.

Certifications

Candidates should hold relevant industry certifications such as:

• OSCP, OSEP, OSWE, OSED, or other Offensive Security certifications
• CREST Certified Tester, CREST Certified Infrastructure Tester, CREST Certified Web Application Tester, or equivalent
• GIAC certifications such as GPEN, GWAPT, GXPN, GMOB, GCPN, or GSE
• CISSP, CISM, CRISC, or similar senior security management certifications
• CompTIA PenTest+ or Security+

Holding multiple technical and leadership-focused certifications would be advantageous.

Desirable Skills

• Experience building a penetration testing team, consultancy practice, or managed security testing service from inception through to delivery and execution.
• Experience creating go-to-market propositions, service catalogues, sales collateral, and delivery playbooks.
• Previous responsibility for revenue, budget, headcount, utilisation, margin, or service profitability.
• Experience with red teaming, threat-led penetration testing, adversary simulation, purple teaming, or assumed-breach exercises.
• Experience delivering services aligned to CREST, PCI DSS, CBEST, TIBER, STAR-FS, or similar assurance schemes.
• Knowledge of cloud security testing across AWS, Azure, or Google Cloud Platform.
• Experience with DevSecOps, CI/CD security testing, container security, Kubernetes assessments, and secure software development practices.
• Experience selecting, implementing, and managing penetration testing tools, labs, reporting platforms, and collaboration systems.
• Experience managing external suppliers, contractors, or partner organisations.
• Ability to mentor senior consultants and develop future technical leaders.