ARCHIVED
This job listing has been archived and is no longer accepting applications.
MisuJob - AI Job Search Platform MisuJob
Login Sign Up

Penetration Testing Team Lead

Sofiastars

Sofia City, Bulgaria (Belgrade, Serbia, Lisbon, Portugal, Ontario, Canada, Sofia, Bulgaria, Valencia, Spain, Warsaw, Poland, Yerevan, Armenia) permanent

Posted: February 7, 2026

Interested in this position?

Create a free account to apply with AI-powered matching

Register to Apply

Quick Summary

We are looking for a Penetration Testing Team Lead to join our team. The ideal candidate will be responsible for leading the Offensive Security function and growing the team. The role involves leading and mentoring a team of security experts to deliver high-quality solutions.

Required Skills

Penetration Testing Team Leadership Offensive Security Risk Management Security Architecture Threat Intelligence Cross-Team Collaboration Methodologies Process Development Staying Current

Job Description

Sofia Stars is an operational services company based in Sofia. We offer a range of solutions for online businesses, including R&D, Marketing, Customer Support, KYC, Risk, and Anti-Fraud services. With 300+ bright stars on our team, we deliver secure, reliable solutions with a touch of quality that shines. When you join us, you’ll be part of a place where ideas light up, and growth isn’t just a promise—it’s a journey.

We invite a Penetration Testing Team Lead to join our team. It's an office-based role.

Core Mission
To lead and grow the Offensive Security function while maintaining a strong hands-on role. Leverage an attacker mindset to identify critical business logic vulnerabilities and attack paths (kill chains), drive collaboration with Application Security and Security Operations teams, and lead purple team activities.

✅ Responsibilities:
✔️ Build the Offensive security function from the ground up: define methodologies, reporting standards, and the hiring plan for future team expansion.
✔️ Recruit, mentor, and develop the team of offensive security engineers, ensuring technical excellence and consistent delivery quality once hired.
✔️ Perform deep-dive manual penetration testing for complex, high-risk, or business-critical assets, focusing on realistic attack scenarios rather than high-volume "bug-bounty style" findings.
✔️ Lead and coordinate purple team exercises with the SOC/Blue Team, simulating real-world attacks to validate detection capabilities and tune SIEM/EDR rules.
✔️ Collaborate closely with the Application Security Team to validate vulnerabilities and guide effective remediation strategies.
✔️ Translate offensive findings into actionable threat intelligence, TTPs, and recommendations to enhance detection and threat hunting.
✔️ Act as a subject matter expert in security architecture discussions, secure design reviews, and security code reviews.
✔️ Stay current with emerging attack techniques, tools, and security trends, and ensure knowledge is shared within the engineering teams.

✅ Areas of Ownership:
✔️ 0-to-1 establishment of the offensive security capabilities and team roadmap.
✔️ End-to-end ownership of penetration testing execution, quality, and reporting.
✔️ Identification of critical attack paths that threaten the company’s core business products.
✔️ Delivery of TTPs and threat-hunting insights for purple team initiatives.
✔️ Effective cross-team collaboration with Application Security, Security Operations, and Engineering.

✅ Requirements:
✔️ 5+ years of hands-on experience in Penetration Testing, including web, mobile, API, and cloud environments (AWS, Azure, GCP).
✔️ Experience building offensive security processes, methodologies, or tools from scratch.
✔️ Strong "playing coach" mindset: willingness to remain highly hands-on (70-80%) while setting up the function.
✔️ Deep understanding of penetration testing methodologies and frameworks (OWASP Top 10, SANS Top 25).
✔️ Demonstrated experience contributing to purple team exercises and working closely with SOC to improve detection logic.
✔️ Strong hands-on experience with industry-standard tools (Burp Suite Pro, Metasploit, Nmap, etc.) and ability to develop custom automation (Python, Go, PowerShell, Bash).
✔️ Solid knowledge of network protocols (TCP/IP, HTTP/S, DNS), operating systems (Linux, Windows), and cloud-native architectures (Docker, Kubernetes).
✔️ Excellent communication skills, with the ability to clearly present critical business risks to both technical and non-technical stakeholders.

✅ Nice to Have:
✔️ Advanced certifications such as OSCP, OSCE, OSWE, CRTP, or SANS GIAC.
✔️ Experience in fast-growing companies (Gaming/Fintech) with exposure to industry-specific security challenges.

✅ We offer excellent benefits, including but not limited to:
🏖️ Up to 25 vacation days;
🤒 6 Undocumented Sick Leave Days;
💷 Monthly food vouchers (102 EUR);
🏥 Private Medical Insurance;
🏋🏼 Multisport Card;
🎁 Birthday, Wedding and Newborn gifts;
🍔 Breakfast, Friday lunches, fruits, and snacks in the office;
🎭 Monthly company activities and team-building events;
🚀 Career growth opportunities.

Ready to shine? Let’s make it real.

By submitting your application, you agree to our Privacy Policy.

Why Apply Through MisuJob?

AI-Powered Job Matching: MisuJob uses advanced artificial intelligence to analyze your skills, experience, and career goals. Our matching algorithm compares your profile against thousands of job requirements to find positions where you have the highest chance of success. This saves you hours of manual job searching and ensures you only see relevant opportunities.

One-Click Applications: Once you create your profile, applying to jobs is effortless. Your resume and cover letter are automatically tailored to highlight the most relevant experience for each position. You can apply to multiple jobs in minutes, not hours.

Career Intelligence: Beyond job matching, MisuJob provides valuable career insights. See how your skills compare to market demands, identify skill gaps to address, and understand salary benchmarks for your experience level. Make data-driven decisions about your career path.

Frequently Asked Questions

How do I apply for this position?

Click the "Register to Apply" button above to create a free MisuJob account. Once registered, you can apply with one click and track your application status in your dashboard.

Is MisuJob free for job seekers?

Yes, MisuJob is completely free for job seekers. Create your profile, get matched with jobs, and apply without any cost. We help you find your dream job without any hidden fees.

How does AI matching work?

Our AI analyzes your resume, skills, and experience to understand your professional profile. It then compares this against job requirements using natural language processing to calculate a match percentage. Higher matches mean better fit for the role.

Can I apply to jobs in other countries?

Absolutely. MisuJob features jobs from companies worldwide, including remote positions. Filter by location or look for remote opportunities to find jobs that match your preferences.

Ready to Apply?

Join thousands of job seekers using MisuJob's AI to find and apply to their dream jobs automatically.

Create Free Account Sign In
← Browse all jobs
Register to Apply