Manager, Security & Privacy Testing - USDS

Responsibilities

About the Team
The Validation and Verification (VnV) organization ensures the security and reliability of our products by validating that security controls are implemented correctly, operating effectively, and delivering measurable risk reduction across the enterprise.

VnV operates across a continuous security lifecycle: Prevent → Assure → Test → Fix → Prove, ensuring that security posture is not only designed and tested, but continuously validated in real-world conditions.

About the Role
We are seeking a Manager of Offensive Security & Privacy Testing to lead a high-impact team of Penetration Testers and Offensive Privacy Testers. This is a dual-discipline leadership role where you will oversee the validation of both security controls and privacy-preserving mechanisms.

You will be responsible for the strategic vision and tactical execution of offensive operations that span cloud infrastructure, web resources, and mobile applications (iOS/Android). As a leader, you will bridge the gap between deep technical exploitation and executive-level risk management, ensuring that USDS maintains a world-class defense-in-depth posture.

Responsibilities
- Team Leadership & Development: Lead, mentor, and grow a specialized team of offensive security and privacy engineers. Foster a culture of continuous research, innovation, and ethical hacking.
- Strategic Oversight: Define the roadmap for both the Penetration Testing and Offensive Privacy programs, ensuring alignment with NIST, OWASP, and privacy frameworks (CCPA, COPPA, GDPR).
- Integrated Testing Operations: Plan and authorize comprehensive testing engagements, including red teaming, application pentesting, and privacy-specific threat modeling.
- Stakeholder Management: Act as the primary interface for executive leadership, Legal, Risk & Compliance, and Engineering teams. Translate complex technical vulnerabilities into actionable business risks.
- Methodology & Governance: Define and maintain Standard Operating Procedures (SOPs), Rules of Engagement (ROE), and testing methodologies for cloud, mobile, and infrastructure domains.
- Technical Excellence: Remain hands-on when necessary, guiding the team through complex exploitation scenarios, reverse engineering, and the development of custom tooling.
- Remediation Advocacy: Work closely with Blue Teams and Vulnerability Management to track findings through to completion, providing pragmatic, risk-appropriate recommendations.
- Metrics & Reporting: Develop and report key performance indicators (KPIs) to demonstrate program effectiveness and organizational risk reduction.

Qualifications

Minimum Qualifications
- Experience: 5+ years in offensive security or privacy disciplines (Red Teaming, Pentesting, Vulnerability Research), with at least 3+ years in a formal people management or lead role.
- Technical Breadth: Proven expertise across Cloud (AWS/Azure/OCI), Mobile (iOS/Android), and Web Application security.
- Privacy Knowledge: Deep understanding of privacy-enhancing technologies (PETs) and the ability to apply offensive mindsets to identify data leakage and privacy-control bypasses.