VP, Application Security & Penetration Testing

Role Overview

As VP / AVP – Offensive security services, you will provide strategic and technical leadership for NopalCyber’s Offensive Security practice. You will lead and evolve core services such as Penetration Testing, Red Teaming, Application Security Assessments, BAS, AI Security and Threat Simulation. This role requires deep technical expertise, engagement leadership, and the ability to influence C-level clients while driving operational excellence across service delivery.

You will be accountable for the scaling, maturity, and quality of offensive security services across multiple client environments, and responsible for shaping the offensive security roadmap, delivery methodologies, and team capability development.

Key Responsibilities

Own and lead the Offensive Security & VAPT function, including service line P&L, strategic delivery roadmap, team management, and client satisfaction.

Architect and oversee enterprise-scale VAPT and red team engagements, driving delivery excellence across infrastructure, applications, APIs, mobile, and cloud environments.

Engage directly with senior client stakeholders (CISOs, CTOs, Risk Leaders) to translate business risk into actionable technical assessments and recommend mitigation strategies.

Define testing frameworks and reusable methodologies to standardize and elevate delivery across projects, including red teaming, threat emulation, and advanced attack simulations.

Direct a high-performing offensive security team, including Red Teamers, AppSec specialists, and security testers, ensuring their continuous development and engagement.

Lead strategic threat modeling and secure design reviews in collaboration with clients' architecture and engineering teams, integrating security into early lifecycle stages.

Govern quality of deliverables, including technical findings, risk summaries, and executive-ready reports, ensuring alignment with business impact and remediation feasibility.

Drive operational excellence across testing engagements, ensuring timelines, SLAs, and KPIs (e.G., MTTR, false positive rate, TTP coverage) are consistently met or exceeded.

Spearhead R&D initiatives to evaluate emerging threats, tools, and offensive capabilities relevant to client environments and evolving attack surfaces.

Collaborate with cross-functional internal teams (MXDR, GRC, Incident Response, Product) to align offensive security outputs with broader risk and advisory services.

Represent NopalCyber at industry forums, client executive reviews, and security advisory boards as a trusted expert in offensive cybersecurity.

Required Qualifications

• Bachelor's degree in Engineering, Computer Science, or a related field;

a Master’s is preferred.

15–18 years of experience in cybersecurity with at least 5 years in leadership roles across VAPT, Red Team, or Application Security domains.

Demonstrated experience managing technical delivery and strategic outcomes for multiple clients or large-scale programs.

Preferred Certifications

Mandatory : OSCP, CEH

Highly Desirable : OSCE, OSWE, GPEN, GWAPT, GCIH, GXPN, CISSP

Desired Skills

In-depth understanding of modern attack vectors, OWASP Top 10, MITRE ATT&CK, and real-world exploitation techniques.

Strong command of tools such as Burp Suite Pro, Cobalt Strike, Metasploit, Nmap, Kali Linux, AppDetective, and WebInspect.

experience with containerized and microservices-based environments.

Hands-on exposure to reviewing or attacking applications built using C++, Java, Python, Go, JavaScript, and working within Kubernetes or CI / CD pipelines.

Capability to present complex technical findings in clear, business-relevant language to executive stakeholders.

Leadership Attributes

Strategic thinker with a track record of scaling cybersecurity programs or service lines.

Proven ability to lead, mentor, and retain high-performing technical teams.

Exceptional client engagement and communication skills.

Ability to influence and collaborate across teams and functions to drive security outcomes.

#PenetrationTesting #RedTeamOperations #ApplicationSecurity #OffensiveSecurity #CybersecurityLeadership #CloudSecurity #ThreatModeling #OWASP #StakeholderManagement

#OSCP #MITREATTACK