Penetration Tester Team Lead

Description

The U.S. Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including LAN/WAN, commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations.

The CBP SOC is responsible for the overall security of CBP Enterprise‑wide information systems, and collects, investigates, and reports any suspected and confirmed security violations.

We are seeking a highly skilled and experienced Penetration Testing Team Lead to join our team supporting CBP. As the leader, you will manage day‑to‑day operations of the team, coordinate efforts, lead by example, and conduct comprehensive security assessments of CBP FISMA systems to identify vulnerabilities and provide actionable recommendations to enhance the security posture of CBP's critical systems and networks.

This role requires a deep understanding of offensive cybersecurity techniques, strong analytical capabilities, detailed report writing skills and the ability to lead a team of skilled penetration testers.

• Responsible for managing the team of Penetration Testers, penetration tests, scheduling and coordination of pentests.
• Lead and execute advanced penetration testing, purple team engagements, and red team engagements across complex enterprise environments, including internal/external network infrastructure, Active Directory domains, APIs, hybrid cloud architectures, and on‑prem systems.
• Develop, coordinate and enforce Rules of Engagement (ROE) for penetration tests, lead stakeholder planning sessions to define scope and constraints of upcoming pentests, and deliver clear, actionable out briefings on findings, impact, and remediation to technical and executive audiences.
• Develop, modify, and deploy custom exploits, payloads, and tooling, including scripting in Python, Ruby, Power Shell, Bash, and other languages to bypass security controls, automate attack paths, and enhance tradecraft.
• Conduct penetration testing activities aligned with CBP and industry best practices.
• Provide real‑time technical mentorship during engagements, including pair‑ed testing, whiteboarding attack paths, and guiding junior testers through exploitation chains and industry best practices.
• Maintain accountability for engagement quality and technical depth, reviewing findings, validating exploit paths, and ensuring reports accurately reflect risk, attack feasibility, potential impact, and recommended remediations.
• Conduct technical oversight and quality assurance across all engagements, reviewing testing approaches, validating exploit chains, and ensuring consistency in methodology, depth, and reporting standards across the team and engagements.
• Lead purple team collaboration efforts from the pentest perspective, working directly with the CBP SOC, detection engineering team, and Cyber Threat Hunt team to execute actions designed to validate detections, tune SIEM use cases, and improve defensive posture.
• Mentor and develop team members through structured and ad hoc technical coaching, raising the overall capability of the team while maintaining individual technical skillsets and experience.
• Utilize the MITRE ATT&CK framework to understand and emulate TTPs of adversaries, threat actors, APTs, and threats targeting CBP and map operations to ATT&CK techniques and sub‑techniques.
• Create detailed reports listing vulnerabilities identified during pentests, with actionable mitigation recommendations following completion of pentest engagements.
• Stay actively engaged in emerging vulnerability research, exploit techniques, and adversary methodologies, rapidly integrating new capabilities into both personal and team operations.
• Foster a high‑performance, technically rigorous team culture, driving continuous learning through labs, internal exercises, and knowledge‑sharing sessions while nurturing cutting‑edge offensive skillsets.