Infrastructure Security Practice Manager

DirectDefense
Full-time
USA
$165k-$212k per year
Senior Level
Posted 6 hours ago
security project management architecture budgeting infosec
Apply for this position →
Bookmark Report
Go ad-free with Premium ×

The Infrastructure Security Practice Manager plays a key role at DirectDefense as a leader on our technical team, directing the execution of penetration testing, adversary emulation, and vulnerability assessment engagements across client environments. Additionally, they lead a team conducting formal tests and offensive security assessments across a wide range of systems, networks, servers, databases, and other infrastructure components to measure an organization’s susceptibility to compromise.

In addition to great technical expertise and strong technical skills, the successful candidate in this role will have strong interpersonal skills and the ability to communicate complex security topics clearly to both technical and executive audiences, as well as to teams across various organizations and industry verticals.

Key success factors include staying current with the latest vulnerabilities and technological trends, developing proofs of concept that accurately and effectively demonstrate discovered vulnerabilities, and communicating findings and recommendations clearly in writing and verbally.

Responsibilities:

  • Lead and manage a team of ~10 consultants delivering network and infrastructure penetration testing, red and purple team engagements, wireless and social engineering assessments, vulnerability assessments, and high-level web application testing.

  • Lead engagements end-to-end, from scoping and kickoff through execution, reporting, and remediation support.

  • Develop comprehensive and accurate reports and presentations tailored to both technical and executive audiences.

  • Work closely with sales and project management to scope prospective engagements, manage client relationships, perform pre-sales scoping, and identify opportunities for follow-on work.

  • Build and maintain trusted, impactful client relationships, serving as a senior point of contact for Infrastructure Security matters.

  • Manage, mentor, and develop team members, providing technical guidance and career growth support.

  • Own practice-level financial performance, including revenue forecasting and targets, P&L oversight, and utilization management for the team.

  • Develop and manage the annual practice budget, including headcount planning, tooling investments, and lab infrastructure.

  • Recognize and safely utilize attacker tools, tactics, and procedures.

  • Develop and refine scripts, tools, and methodologies – aligned with frameworks such as MITRE ATT&CK to improve team efficiency and testing quality and enhance team processes.

  • Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff.

  • Assess, monitor, and recommend improvements to our client’s security architecture.

  • Reviews audits and evaluates security solutions and designs.

  • Proactively identify technical and architectural risks in client environments, providing actionable recommendations and alternatives, commenting and/or providing alternatives for improvement.

  • Represent the practice externally through thought leadership activities such as conference presentations, blog posts, published research, or open-source tool contributions.

  • Evaluate and manage third-party vendor relationships, including offensive software tooling and software platforms.

Qualifications:

  • 10-15 years of experience within network/infrastructure security, adversary emulation, and/or penetration testing, with progressive leadership experience.

  • Demonstrated experience managing or leading a technical consulting team.

  • Strong familiarity with offensive toolkits and methodologies used for in-network/infrastructure penetration testing and adversary emulation (e.g., C2 frameworks, AD attack paths, network pivoting, defense evasion).

  • A solid understanding of both offensive and defensive security IT concepts, including common enterprise architectures and controls.

  • Experience scoping and delivering consulting engagements in a client-facing environment.

  • Experience with practice or business unit financial management (revenue targets, utilization, budgeting) preferred.

  • Strong written and verbal communication skills, with experience producing and presenting executive-level deliverables.

  • OSCP, OSEP, CRTO, or equivalent offensive certifications preferred; CISSP or similar management-level certifications a plus.

  • Up to 25-30% of travel.

  • OSCP and OSEP certification preferred. Willingness to travel up to 25–30%.

Application Instructions: To apply, please submit your resume and cover letter through our online application portal. Applications will be reviewed on a rolling basis until the position is filled.

Salary range: $164,700 - $211,800

Benefits include:

  • 401(k)

  • AD&D Insurance

  • Dental Insurance

  • Disability insurance

  • Health insurance

  • Life insurance

  • Vision insurance

  • Flex PTO program

  • Paid certification and continuing education

Work schedule: Monday through Friday

Work hours: 40 hours a week

A little about DirectDefense

Since coming together in 2011 to form DirectDefense, our team has been committed to offering Cybersecurity defense strategies that are unmatched in the industry. Whether we are performing assessments of networks, platforms, and applications or applying managed services to improve your organization’s security posture, we are focused on providing world-class services that don’t just work–they work for you.

OUR MISSION

We establish partnerships with our clients based on trust and results. We leverage our deep industry knowledge and expertise to identify and remediate blind spots in your security program, provide meaningful visibility of your entire enterprise, and align your organization with security best practices and compliance standards.

OUR VISION

We aim to secure organizations across all industries against advanced threats and attacks in today’s world. Acting in partnership with organizations, we will provide unmatched information security services designed to improve your overall security posture, close gaps, and track vulnerabilities on an ongoing basis through continued education and support.

In accordance with applicable state laws, we are providing a good-faith estimate of the compensation range for this role. The anticipated salary range for this position is $_____ to $______ per year. Actual compensation will be based on a variety of factors, including but not limited to the candidate’s qualifications, experience, skills, and location. This position may also be eligible for bonus incentives and a comprehensive benefits package.

Go ad-free with Premium ×
Apply for this position →
Bookmark Report
About the Job
Full-time
USA
Senior Level
$165k-$212k per year
Posted 6 hours ago
security project management architecture budgeting infosec
Apply for this position →
Bookmark Report
Check if your resume is a good fit
25/100
Get Full Report
+ 1,284 new jobs added today
30,000+
Remote Jobs

Don't miss out — new listings every hour

Join Premium

Infrastructure Security Practice Manager

DirectDefense

The Infrastructure Security Practice Manager plays a key role at DirectDefense as a leader on our technical team, directing the execution of penetration testing, adversary emulation, and vulnerability assessment engagements across client environments. Additionally, they lead a team conducting formal tests and offensive security assessments across a wide range of systems, networks, servers, databases, and other infrastructure components to measure an organization’s susceptibility to compromise.

In addition to great technical expertise and strong technical skills, the successful candidate in this role will have strong interpersonal skills and the ability to communicate complex security topics clearly to both technical and executive audiences, as well as to teams across various organizations and industry verticals.

Key success factors include staying current with the latest vulnerabilities and technological trends, developing proofs of concept that accurately and effectively demonstrate discovered vulnerabilities, and communicating findings and recommendations clearly in writing and verbally.

Responsibilities:

  • Lead and manage a team of ~10 consultants delivering network and infrastructure penetration testing, red and purple team engagements, wireless and social engineering assessments, vulnerability assessments, and high-level web application testing.

  • Lead engagements end-to-end, from scoping and kickoff through execution, reporting, and remediation support.

  • Develop comprehensive and accurate reports and presentations tailored to both technical and executive audiences.

  • Work closely with sales and project management to scope prospective engagements, manage client relationships, perform pre-sales scoping, and identify opportunities for follow-on work.

  • Build and maintain trusted, impactful client relationships, serving as a senior point of contact for Infrastructure Security matters.

  • Manage, mentor, and develop team members, providing technical guidance and career growth support.

  • Own practice-level financial performance, including revenue forecasting and targets, P&L oversight, and utilization management for the team.

  • Develop and manage the annual practice budget, including headcount planning, tooling investments, and lab infrastructure.

  • Recognize and safely utilize attacker tools, tactics, and procedures.

  • Develop and refine scripts, tools, and methodologies – aligned with frameworks such as MITRE ATT&CK to improve team efficiency and testing quality and enhance team processes.

  • Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff.

  • Assess, monitor, and recommend improvements to our client’s security architecture.

  • Reviews audits and evaluates security solutions and designs.

  • Proactively identify technical and architectural risks in client environments, providing actionable recommendations and alternatives, commenting and/or providing alternatives for improvement.

  • Represent the practice externally through thought leadership activities such as conference presentations, blog posts, published research, or open-source tool contributions.

  • Evaluate and manage third-party vendor relationships, including offensive software tooling and software platforms.

Qualifications:

  • 10-15 years of experience within network/infrastructure security, adversary emulation, and/or penetration testing, with progressive leadership experience.

  • Demonstrated experience managing or leading a technical consulting team.

  • Strong familiarity with offensive toolkits and methodologies used for in-network/infrastructure penetration testing and adversary emulation (e.g., C2 frameworks, AD attack paths, network pivoting, defense evasion).

  • A solid understanding of both offensive and defensive security IT concepts, including common enterprise architectures and controls.

  • Experience scoping and delivering consulting engagements in a client-facing environment.

  • Experience with practice or business unit financial management (revenue targets, utilization, budgeting) preferred.

  • Strong written and verbal communication skills, with experience producing and presenting executive-level deliverables.

  • OSCP, OSEP, CRTO, or equivalent offensive certifications preferred; CISSP or similar management-level certifications a plus.

  • Up to 25-30% of travel.

  • OSCP and OSEP certification preferred. Willingness to travel up to 25–30%.

Application Instructions: To apply, please submit your resume and cover letter through our online application portal. Applications will be reviewed on a rolling basis until the position is filled.

Salary range: $164,700 - $211,800

Benefits include:

  • 401(k)

  • AD&D Insurance

  • Dental Insurance

  • Disability insurance

  • Health insurance

  • Life insurance

  • Vision insurance

  • Flex PTO program

  • Paid certification and continuing education

Work schedule: Monday through Friday

Work hours: 40 hours a week

A little about DirectDefense

Since coming together in 2011 to form DirectDefense, our team has been committed to offering Cybersecurity defense strategies that are unmatched in the industry. Whether we are performing assessments of networks, platforms, and applications or applying managed services to improve your organization’s security posture, we are focused on providing world-class services that don’t just work–they work for you.

OUR MISSION

We establish partnerships with our clients based on trust and results. We leverage our deep industry knowledge and expertise to identify and remediate blind spots in your security program, provide meaningful visibility of your entire enterprise, and align your organization with security best practices and compliance standards.

OUR VISION

We aim to secure organizations across all industries against advanced threats and attacks in today’s world. Acting in partnership with organizations, we will provide unmatched information security services designed to improve your overall security posture, close gaps, and track vulnerabilities on an ongoing basis through continued education and support.

In accordance with applicable state laws, we are providing a good-faith estimate of the compensation range for this role. The anticipated salary range for this position is $_____ to $______ per year. Actual compensation will be based on a variety of factors, including but not limited to the candidate’s qualifications, experience, skills, and location. This position may also be eligible for bonus incentives and a comprehensive benefits package.