Lead Cybersecurity Specialist (Pentesting)

We're partnering with one of NYC's top law firms, who are looking for a Lead Cybersecurity Specialist (Pentesting) to join their security program. This role is responsible for safeguarding the organization's digital infrastructure through proactive monitoring, threat detection, and pentesting of both cloud and on-prem environments. You'll also support broader security operations and contribute to the deployment and maintenance of cybersecurity technologies across the firm.

Key Responsibilities:

• Monitor and analyze security alerts and logs from various sources (e.g., SIEM, DLP, IDS/IPS, antivirus, firewalls, system logs).
• Conduct manual and automated penetration testing across web applications, APIs, networks, cloud platforms, and mobile environments.
• Simulate real-world attack scenarios to uncover vulnerabilities and assess risk exposure.
• Develop scripts and automation tools to support testing and remediation efforts.
• Participate in red team operations, threat modeling, and collaborative purple team exercises.
• Assist in configuring, maintaining, and troubleshooting security tools and platforms.
• Enhance monitoring capabilities and contribute to a continuous security monitoring framework.
• Collaborate with internal teams to support cybersecurity initiatives and ensure alignment with organizational objectives.

Required Skills and Qualifications:

• Strong understanding of network protocols, vulnerabilities, attack vectors, and adversary tactics (TTPs).
• Proven experience in penetration testing, ethical hacking, or offensive security operations.
• Familiarity with OWASP Top 10, MITRE ATT&CK, CVSS, and common exploitation techniques.
• Proficiency with tools such as Burp Suite, Metasploit, Nmap, Nessus, Kali Linux, BloodHound, or similar.
• Scripting experience (e.g., Python, PowerShell) for automation and vulnerability validation.
• Solid knowledge of IT infrastructure, including Windows/Linux systems, networking, and application security.
• Experience with cloud platforms (e.g., AWS, Azure, GCP) and cloud security assessments.
• Understanding of mobile application security (iOS/Android) and threat modeling is a plus.
• Participation in Capture The Flag (CTF) events or offensive security challenges is advantageous.
• Strong analytical and problem-solving skills with attention to detail.
• Excellent communication and interpersonal skills.
• Self-driven, curious, and committed to continuous learning.

Education and Experience:

• Bachelor's degree in cybersecurity, computer science, or a related field.
• Minimum of 7 years of experience in information security or related roles.
• Certifications such as GPEN, OSCP, OSEP are highly desirable.
• Additional certifications like CISSP, CISA, CEH, or GIAC are considered a plus.