Penetration Testing Team Lead

Sofia Stars is an operational services company based in Sofia. We offer a range of solutions for online businesses, including R&D, Marketing, Customer Support, KYC, Risk, and Anti-Fraud services. With 300+ bright stars on our team, we deliver secure, reliable solutions with a touch of quality that shines. When you join us, you’ll be part of a place where ideas light up, and growth isn’t just a promise—it’s a journey. 

We invite a Penetration Testing Team Lead to join our team. It's an office-based role.

Core Mission
To lead and grow the Offensive Security function while maintaining a strong hands-on role. Leverage an attacker mindset to identify critical business logic vulnerabilities and attack paths (kill chains), drive collaboration with Application Security and Security Operations teams, and lead purple team activities.

✅ Responsibilities:
✔️ Build the Offensive security function from the ground up: define methodologies, reporting standards, and the hiring plan for future team expansion. 
✔️ Recruit, mentor, and develop the team of offensive security engineers, ensuring technical excellence and consistent delivery quality once hired. 
✔️ Perform deep-dive manual penetration testing for complex, high-risk, or business-critical assets, focusing on realistic attack scenarios rather than high-volume "bug-bounty style" findings. 
✔️ Lead and coordinate purple team exercises with the SOC/Blue Team, simulating real-world attacks to validate detection capabilities and tune SIEM/EDR rules. 
✔️ Collaborate closely with the Application Security Team to validate vulnerabilities and guide effective remediation strategies. 
✔️ Translate offensive findings into actionable threat intelligence, TTPs, and recommendations to enhance detection and threat hunting. 
✔️ Act as a subject matter expert in security architecture discussions, secure design reviews, and security code reviews. 
✔️ Stay current with emerging attack techniques, tools, and security trends, and ensure knowledge is shared within the engineering teams. 

✅ Areas of Ownership:
✔️ 0-to-1 establishment of the offensive security capabilities and team roadmap. 
✔️ End-to-end ownership of penetration testing execution, quality, and reporting. 
✔️ Identification of critical attack paths that threaten the company’s core business products. 
✔️ Delivery of TTPs and threat-hunting insights for purple team initiatives. 
✔️ Effective cross-team collaboration with Application Security, Security Operations, and Engineering. 

✅ Requirements:
✔️ 5+ years of hands-on experience in Penetration Testing, including web, mobile, API, and cloud environments (AWS, Azure, GCP). 
✔️ Experience building offensive security processes, methodologies, or tools from scratch. 
✔️ Strong "playing coach" mindset: willingness to remain highly hands-on (70-80%) while setting up the function. 
✔️ Deep understanding of penetration testing methodologies and frameworks (OWASP Top 10, SANS Top 25). 
✔️ Demonstrated experience contributing to purple team exercises and working closely with SOC to improve detection logic. 
✔️ Strong hands-on experience with industry-standard tools (Burp Suite Pro, Metasploit, Nmap, etc.) and ability to develop custom automation (Python, Go, PowerShell, Bash). 
✔️ Solid knowledge of network protocols (TCP/IP, HTTP/S, DNS), operating systems (Linux, Windows), and cloud-native architectures (Docker, Kubernetes). 
✔️ Excellent communication skills, with the ability to clearly present critical business risks to both technical and non-technical stakeholders. 

✅ Nice to Have:
✔️ Advanced certifications such as OSCP, OSCE, OSWE, CRTP, or SANS GIAC. 
✔️ Experience in fast-growing companies (Gaming/Fintech) with exposure to industry-specific security challenges. 

✅ We offer excellent benefits, including but not limited to:
🏖️ Up to 25 vacation days; 
🤒 6 Undocumented Sick Leave Days; 
💷 Monthly food vouchers (102 EUR); 
🏥 Private Medical Insurance; 
🏋🏼 Multisport Card; 
🎁 Birthday, Wedding and Newborn gifts; 
🍔 Breakfast, Friday lunches, fruits, and snacks in the office; 
🎭 Monthly company activities and team-building events; 
🚀 Career growth opportunities.

Ready to shine? Let’s make it real.

By submitting your application, you agree to our Privacy Policy.