Penetration Testing / Red Team - Team Lead

CCDS is seeking an experienced Penetration Testing & Red Team Lead to lead and manage offensive security operations across enterprise and client environments. The role focuses on delivering high-impact penetration testing and red team engagements, ensuring technical excellence, regulatory compliance, and effective risk communication to stakeholders.

Key Responsibilities

• Leadership & Team Management
• • Lead, mentor, and develop a team of penetration testers and red team engineers.
  • Define roles, responsibilities, and engagement assignments.
  • Review technical execution, validate findings, and ensure high-quality deliverables.
  • Act as the escalation point for complex technical and operational challenges.
• Pre-Sales & Client Engagement
• • Support pre-sales activities including scoping, estimations, and technical proposals.
  • Participate in client meetings to define scope, Rules of Engagement (RoE), and testing objectives.
  • Translate business, compliance, and regulatory requirements into effective offensive security strategies.
• Offensive Security Operations
• • Lead and oversee penetration testing engagements (network, web, mobile, API, and cloud).
  • Design and execute red team campaigns including attack simulations, lateral movement, and privilege escalation.
  • Ensure safe and controlled exploitation aligned with agreed RoE and ethical standards.
• Governance & Quality Assurance
• • Establish and maintain standardized testing methodologies, playbooks, and frameworks.
  • Ensure compliance with legal, contractual, and regulatory requirements (e.g., NCA, CST, ISO 27001).
  • Implement quality assurance checkpoints prior to report delivery.
• Reporting & Risk Communication
• • Review and approve executive-level and technical reports.
  • Present findings, risk narratives, and attack paths to technical teams and senior management.
  • Provide clear remediation guidance and support retesting activities.

Requirements

• Required Skills & Experience
• • 8+ years of hands-on experience in penetration testing and/or red teaming.
  • 2–3 years in a technical leadership or team lead role.
  • Strong expertise in:
  • • Network and Active Directory exploitation
    • Web, API, and cloud security testing
    • Red team operations, C2 frameworks, and post-exploitation techniques
• • Excellent reporting, communication, and stakeholder management skills.

• Tools & Technologies (Preferred)
• • Metasploit, Cobalt Strike (or equivalent C2 frameworks)
  • Burp Suite, OWASP ZAP
  • Nmap, Nessus, BloodHound, Mimikatz
  • Awareness of SIEM and EDR technologies (e.g., Splunk, Microsoft Defender)

• Certifications (Preferred)
• • OSCP, OSEP, CRTO, GWAPT, CISSP (or equivalent)

Benefits

• Medical Insurance
• Paid Time Off
• Training & Development
• Performance Bonus