Required Security Clearance:
NATO SECRET
DUTIES AND ROLE
* Support the SDM in delivering high-quality penetration testing services.
* Accurately evaluate scope and level of effort (LoE) for penetration testing tasks.
* Provide technical oversight of vulnerabilities identified during testing.
* Act as a technical liaison between penetration testers, service management, and stakeholders.
* Contribute to service quality, consistency, and continuous improvement.
* Assist in planning and scheduling penetration testing engagements across NATO and NCIA environments.
* Coordinate resources and ensure adherence to agreed timelines.
* Coordinate resources and ensure adherence to agreed timelines.
* Monitor engagement progress and manage risks and dependencies.
* Conduct technical scoping discussions with stakeholders.
* Assess complexity, attack surface, and constraints of target systems.
* Produce justified LoE estimates aligned with NCSC PTAE methodologies.
* Support engagement kick-offs, debriefings, and technical discussions.
* Translate technical findings into risk-focused language for decision-makers
* Support service reporting, KPIs, and dashboards.
* Contribute to methodology updates and lessons learned.
SKILL, KNOWLEDGE & EXPERIENCE
* NATO Secret security clearance.
* 3+ years in project management or service delivery management in cyber security.
* Extensive technical background in penetration testing and offensive security.
* Demonstrated understanding of vulnerabilities across network, application, and cloud environments.
* Ability to estimate effort and scope complex technical assessments.
* Strong understanding of the penetration testing service lifecycle.
* Proven ability to scope engagements including objectives, in/out of scope, assumptions, constraints, RoE, and deliverables.
* Solid knowledge of common penetration testing standards and requirements (e.g., OWASP, PTES, NIST/ISO-aligned practices).
* ITIL experience, with a strong focus on Change Management.
* Proven customer-facing experience including requirements gathering, stakeholder management, and expectation setting.