About the position
The Lead, Cyber Security Assurance Testing is a working‑lead / “player‑coach role” within Guardian’s Cybersecurity Assurance organization. This role includes formal people management responsibility for a small number of senior engineers, with a focus on operational and tactical planning ,execution, and reporting, contributing to strategic planning, and accountable for project and program outcomes. The role is structured roughly as: ~60% leadership, coordination, and program execution ~40% hands‑on technical contribution and research This position leads through influence, technical credibility, and ownership. It is designed for an experienced security professional who demonstrates ambition, strong execution discipline, and the potential to grow into broader leadership over time, while remaining close to the work today. The role supports and helps evolve Guardian’s Application Security Testing, Ethical Hacking (Red Team), and Third‑Party Testing programs, working closely with Cyber Defense, application owners, and Guardian India Security Assurance.
Responsibilities
• Lead and coordinate day‑to‑day execution of: Application Security Testing Ethical Hacking / Red Team activities Third‑party penetration testing engagements
• Lead the Improvement and evolution of AppSec and Red Team programs, increasing consistency, structure, and measurable outcomes.
• Own and maintain processes, procedures, playbooks, and documentation to ensure clarity, repeatability, and quality.
• Contribute to and execute against program planning artifacts, including Roadmaps, backlogs, and quarterly and annual goals
• Coordinate work across US And India Based assurance staff and third party testing vendors.
• Remain actively involved in application security testing and ethical hacking, providing technical guidance and quality assurance
• Participate selectively in: Targeted application security testing Rating & Validation of high‑risk or high‑impact findings Red‑team or adversarial exercises where appropriate
• Provide technical review and direction: Support security product evaluation, selection, proof‑of‑concepts, and implementation, ensuring tools are operationalized effectively.
• Communicate technical findings clearly and simply to non‑technical stakeholders.
• Translate testing results into risk‑based, actionable insights.
• Collaborate closely with Cyber Defense, application teams, and security stakeholders to ensure testing results lead to defensive improvements and remediation.
Requirements
• 5+ years of experience in application security testing, ethical hacking, or offensive security, with demonstrated leadership responsibility.
• Strong understanding of: Application security testing techniques Penetration testing vs. red team objectives Secure SDLC and risk-based testing Hands on technical experience validating vulnerabilities and testing application security controls.
• Experience improving or evolving existing security programs, rather than only building from scratch.
• Strong process orientation with proven ability to create practical, lightweight documentation.
• Excellent communication skills with the ability to explain technical concepts in simple, business relevant terms.
• Demonstrated ambition and intent to grow into broader leadership scope over time.
• Bachelor’s degree in a related field or equivalent experience/certifications.
Nice-to-haves
• Experience in financial services or other large, regulated enterprise environments.
• Exposure to cloud‑native application security and modern CI/CD environments.
• Experience working with globally distributed teams (e.g., US and India).
• Familiarity with AppSec and Offensive Security tools.