Team Lead Penetration Testing (Cybersecurity)

TL;DR

Team Lead Penetration Testing (Cybersecurity): Leading and growing the Offensive Security function while maintaining a strong hands-on role in identifying critical business logic vulnerabilities and attack paths. Focus on building offensive security capabilities from scratch, coordinating purple team exercises, and acting as a subject matter expert in security architecture and code reviews.

Location: Onsite in Valencia, Spain. Relocation package provided to Spain for employees and their family members, including visa support.

Company

hirify.global is a global company creating end-to-end tech products for clients across Fintech, iGaming, and Marketing, with a team of 1,300 across multiple countries.

What you will do

• Build the Offensive Security function from the ground up, defining methodologies, reporting standards, and hiring plans.
• Recruit, mentor, and develop a team of offensive security engineers, ensuring technical excellence.
• Perform deep-dive manual penetration testing for complex, high-risk, or business-critical assets.
• Lead and coordinate purple team exercises with the SOC/Blue Team to simulate real-world attacks.
• Collaborate closely with the Application Security Team to validate vulnerabilities and guide remediation.
• Translate offensive findings into actionable threat intelligence, TTPs, and recommendations.

Requirements

• 5+ years of hands-on experience in Penetration Testing, including web, mobile, API, and cloud environments (AWS, Azure, GCP).
• Experience building offensive security processes, methodologies, or tools from scratch.
• Strong "playing coach" mindset with a willingness to remain highly hands-on (70-80%).
• Deep understanding of penetration testing methodologies and frameworks (OWASP Top 10, SANS Top 25).
• Demonstrated experience contributing to purple team exercises and working closely with SOC.
• Strong hands-on experience with industry-standard tools (Burp Suite Pro, Metasploit, Nmap) and ability to develop custom automation (Python, Go, PowerShell, Bash).

Nice to have

• Advanced certifications such as OSCP, OSCE, OSWE, CRTP, or SANS GIAC.
• Experience in fast-growing companies (Gaming/Fintech) with exposure to industry-specific security challenges.

Culture & Benefits

• Learning and development opportunities and challenging tasks.
• Global coverage health insurance.
• 23 working days of annual vacation and 6 additional paid sick days.
• Competitive remuneration level with annual review.
• Teambuilding activities.