Principal Security Architect

The Principal Penetration Tester will play a critical role in building and shaping our newly formed penetration testing team, bringing deep technical expertise and a collaborative mindset to establish a world-class program. This role focuses on hands-on penetration testing across diverse environments, including cloud (AWS, Azure, GCP), applications, networks, and endpoints, while contributing to the strategic development of the team's methodologies, tools, and processes.

This position requires exceptional technical aptitude, a passion for identifying and exploiting vulnerabilities, and the ability to work closely with cross-functional teams to enhance the organization's security posture. The Principal Penetration Tester will deliver detailed findings and actionable recommendations, maintaining clear communication with technical teams, leadership, and compliance stakeholders.

Responsibilities:

• Conduct advanced penetration tests across cloud environments (AWS, Azure, GCP), web and mobile applications, APIs, networks, and endpoints to identify vulnerabilities and misconfigurations.
• Develop and execute custom exploits, scripts, and attack scenarios to simulate real-world threats.

Team Building and Development:

• Collaborate with leadership to build and shape the new penetration testing team, defining methodologies, workflows, and standards.
• Mentor junior testers, fostering a culture of technical excellence, curiosity, and continuous learning.

Technical Expertise:

• Maintain and enhance a penetration testing toolkit, including custom tools, scripts (Go, Python, Bash), and industry-standard platforms (e.g., Burp Suite, Nmap).
• Stay current with emerging vulnerabilities, exploits, and attack techniques to ensure cutting-edge testing practices.

Reporting and Collaboration:

• Produce detailed, high-quality reports with clear findings, risk assessments, and remediation recommendations for technical and non-technical audiences.
• Partner with application development, infrastructure, and security operations teams to prioritize and address vulnerabilities.
• Contribute to metrics and KPIs to demonstrate the impact of the penetration testing program.

Process Improvement:

• Establish repeatable, scalable testing processes aligned with frameworks like OWASP, NIST, PTES, and CVSS.
• Drive automation initiatives to enhance the efficiency and coverage of penetration testing activities.
• Required Experience and Skills
• 10+ years of cybersecurity experience, with at least 6 years focused on penetration testing across diverse environments.
• Proven expertise in testing cloud platforms (AWS, Azure, GCP), web/mobile applications, APIs, and network infrastructure.
• Advanced technical skills in scripting (Python, Bash, PowerShell) and hands-on use of tools like Burp Suite, Metasploit, Nmap, and Nessus.
• Experience contributing to or building a penetration testing program, including defining methodologies and workflows.
• Strong understanding of vulnerability management processes and frameworks (e.g., OWASP, NIST, CVSS, CWE).
• Excellent documentation skills, with the ability to produce clear, actionable reports for technical and executive audiences.
• Superior communication skills to collaborate with cross-functional teams and present findings to stakeholders.
• Demonstrated ability to mentor and guide junior team members.
• Familiarity with secure development practices and DevSecOps principles is a plus.

Education and Certifications:

• A bachelor's degree in Computer Science, Cybersecurity, or a related field.
• Preferred Certifications: OSCP, OSCE, OSEP, GPEN, GWAPT, CEH, or equivalent.

Harvard Partners is a management consulting firm focused on helping companies more effectively leverage their IT investment. We engage with the C-Suite and Technology Team to help them better understand their IT infrastructure and process in order to align the technology strategy and organization to reach the firm’s strategic business goals.Some of our practices include:• Program/Project Management and "PMO as a Service"​• IT Assessments• Business Continuity/Disaster Recovery• Optimized Infrastructure• Concierge Managed Services• Data Center Strategy, Transformation, and Migration• Cloud Management Programs• Security Assessments and Remediation• Staffing, technical & tacticalWorking with the client’s staff, vendors, and consultants, we deliver supportive and collaborative engagements where direct dialog, simplified reporting, productive meetings, and clear responsibility and accountability encourage active participation resulting in consensus-based business outcomes.