Cybersecurity Test Lead

Duration: 12 months + extensions + Permanent

Rate: 55-75/hr

• 5+ years of experience in test architecture specifically within cybersecurity and security products
• Experience designing and implementing security testing strategies and frameworks
• Experience creating and managing security test cases, test plans, and validation activities
• Ability to define and document security test architecture
• Experience translating security requirements into testable controls and validation criteria
• Strong understanding of enterprise application, infrastructure, cloud, and integration architectures
• Experience performing threat modeling (STRIDE, MITRE ATT&CK, or similar methodologies)

• Experience performing threat modeling (STRIDE, MITRE ATT&CK, or similar methodologies)

We are seeking an experienced Cybersecurity Test Lead/Architect to lead the end to end design and implementation of enterprise-wide security testing strategies. This role will bridge Solution Architecture, Cybersecurity, Quality Assurance, and Compliance teams to ensure security requirements are effectively translated into test architectures, test cases, and validation frameworks.

The successful candidate will be responsible for defining security testing methodologies, supporting SOC compliance initiatives, developing security test coverage models, and ensuring that security controls are validated across applications, infrastructure, cloud environments, and system integrations.

Some areas of cybersecurity testing strategies should include:

IAM & MFA - IAM, Identity and Access Management, MFA, Multi-Factor Authentication, RBAC, ABAC, SSO, Single Sign-On, OAuth, OpenID Connect, Active Directory, Azure AD, Okta, Ping Identity, Privileged Access Management (PAM), Authentication, Authorization

Encryption & Data Protection
- Encryption, Data Protection, Cryptography, TLS, SSL, PKI, Key Management, Certificate Management, Secrets Management, Tokenization, Data Masking, AES, RSA, HSM, Secure Data Storage

Vulnerability Management

API Security - API Security, REST API, SOAP, OAuth2, JWT, OpenID Connect, API Gateway, Postman, Burp Suite, API Testing, Authentication Tokens, Rate Limiting, Secure Integration

Security Configuration & Hardening

Threat Modeling & Risk Assessment
- Threat Modeling, STRIDE, MITRE ATT&CK, Risk Assessment, Risk Analysis, Security Architecture, Threat Analysis, Attack Surface Management, Security Controls, Risk Mitigation

Compliance Control Testing (SOC
2) - SOC 2, Compliance Testing, Controls Testing, Security Controls, Audit Support, ISO 27001, NIST, Governance Risk and Compliance (GRC), Audit Evidence, Control Validation

Security Architecture Validation
- Security Architecture, Solution Architecture, Security Design, Enterprise Security, Architecture Reviews, Secure Design, Security Frameworks, Security Requirements, Design Reviews, Cybersecurity Architecture