Penetration Test Lead

Deloitte is offering a role to build a brand-new offensive security service focused on enterprise-scale cloud environments.

• 5+ years of experience in Penetration Testing, Offensive Security, Red Teaming, or a similar role.
• Strong coding skills in Python, Go, or another programming language.
• Solid knowledge of OWASP Top 10, web application security, and common attack vectors.
• Hands-on experience with AWS, Azure, or Google Cloud.
• Experience using tools such as Burp Suite, Cobalt Strike, Sliver, Mythic, BloodHound.
• Familiarity with MITRE ATT&CK and modern adversary techniques.
• Strong communication skills to explain technical findings to engineers and business stakeholders.
• A curious mindset and the ability to think like an attacker.

Nice to have:

• Vulnerability research or exploit development.
• Purple Team engagements.
• AI-assisted development tools (GitHub Copilot, Claude Code, etc.).
• AI/LLM security testing.

• Lead end-to-end penetration testing engagements across web applications, APIs, cloud environments (AWS, Azure & GCP), and internal infrastructure.
• Simulate real-world attacks to identify security risks before they become threats.
• Mentor junior penetration testers and help grow a high-performing offensive security team.
• Partner with Threat Intelligence, Detection Engineering, and Incident Response teams to improve security controls.
• Develop custom tools, scripts, and automation to make penetration testing smarter and more scalable.
• Design and improve penetration testing processes, workflows, and internal platforms.
• Deliver clear, actionable reports that help technical and business stakeholders understand and mitigate risk.
• Stay ahead of the latest vulnerabilities, attack techniques, and emerging security trends.