Offensive Security Professional Titles

Penetration Tester

Professionals who assess security by simulating attacks against systems, networks, and applications to identify vulnerabilities before malicious actors can exploit them.

Attribute	Eng 1 / Entry	Eng 2 / Junior	Eng 3 / Mid	Eng 4 / Senior / Lead	Eng 5 / Staff	Eng 6 / Senior Staff	Eng 7 / Principal
General Description	Entry-level penetration tester learning foundational assessment methodologies. Performs basic vulnerability scanning and assists senior team members with engagements. Focuses on developing technical skills and understanding of common attack vectors.	Junior penetration tester capable of conducting routine assessments with moderate supervision. Demonstrates proficiency in common testing tools and methodologies. Beginning to develop specialization areas and can independently execute standard test cases.	Experienced penetration tester who independently conducts comprehensive security assessments. Demonstrates expertise in multiple testing domains and can handle complex engagements. Serves as technical resource for the team and contributes to methodology development.	Senior technical expert who leads complex, high-stakes penetration testing engagements. Sets technical direction for projects and serves as escalation point for difficult technical challenges. Drives innovation in testing methodologies and represents the team to clients and industry.	Distinguished technical expert who operates at the highest levels of penetration testing excellence. Defines organizational technical strategy and drives innovation across the practice. Recognized externally as an industry expert and thought leader.	Elite technical leader with industry-wide recognition and influence. Operates at the intersection of deep technical expertise and strategic business impact. Shapes not only organizational direction but industry practices and standards.	Legendary practitioner at the pinnacle of offensive security expertise. Sets industry direction and is recognized globally as a defining voice in the field. Combines unparalleled technical depth with strategic vision and business impact.
Primary Responsibilities	Execute automated vulnerability scans using commercial and open-source tools Assist with basic web application and network penetration tests Document findings in standardized report templates Participate in reconnaissance and information gathering phases Maintain and update testing tools and environments Learn and follow established engagement methodologies	Conduct web application and network penetration tests with guidance Perform manual exploitation of common vulnerabilities Write clear, actionable findings for technical reports Execute social engineering assessments (phishing campaigns) Contribute to methodology and process improvements Present findings to technical stakeholders Maintain testing infrastructure and tool updates	Lead penetration testing engagements from scoping through delivery Conduct advanced exploitation and post-exploitation activities Develop custom exploits and testing tools Perform complex web application and API security assessments Execute Active Directory attack chains and domain compromise Author comprehensive penetration test reports Provide technical guidance to junior team members Contribute to proposal development and scoping estimates	Lead and oversee multiple concurrent penetration testing engagements Perform advanced exploitation against hardened environments Develop novel attack techniques and bypass methods Design and scope complex assessment programs Present findings to executive and board-level audiences Mentor and develop junior and mid-level team members Drive methodology improvements and tool development Contribute to thought leadership (blogs, talks, research) Support business development and sales efforts	Define technical strategy and direction for penetration testing practice Lead research initiatives and novel capability development Oversee technical quality across all engagements Develop strategic client relationships at CISO/VP level Create thought leadership content (research papers, tools, talks) Architect complex, multi-phase assessment programs Drive innovation in methodologies and techniques Represent organization in industry forums and standards bodies Support strategic business development initiatives	Set multi-year technical vision for offensive security practice Lead groundbreaking research with industry-wide impact Build and maintain C-level client relationships Drive strategic partnerships and alliances Influence industry standards and regulatory frameworks Develop next-generation capabilities and services Serve as public face of organization's technical excellence Guide organizational technical investments and strategy	Define industry direction through research and thought leadership Lead transformational initiatives with multi-year horizons Serve as ultimate technical authority and escalation point Build strategic relationships at the highest levels Shape organizational strategy and market positioning Incubate new practices, capabilities, or business lines Represent organization at the highest industry levels Guide technical due diligence for M&A or investments
Required Skills	Basic understanding of TCP/IP networking and common protocols Familiarity with Linux and Windows operating systems Knowledge of common vulnerability types (OWASP Top 10, CVEs) Experience with vulnerability scanners (Nessus, OpenVAS) Basic scripting ability (Python, Bash) Understanding of penetration testing methodologies (PTES, OWASP)	Proficiency with penetration testing frameworks (Metasploit, Cobalt Strike basics) Web application testing (SQL injection, XSS, authentication bypasses) Network penetration testing (enumeration, privilege escalation) Manual exploitation techniques beyond automated tools Intermediate scripting for custom tool development Active Directory enumeration and basic attack paths Report writing and finding documentation	Expert-level web application and network penetration testing Advanced Active Directory attacks (Kerberoasting, delegation abuse, etc.) Custom exploit development and modification Advanced post-exploitation and lateral movement Strong programming skills (Python, C/C++, PowerShell) Cloud security assessment (AWS, Azure, GCP) Source code review for security vulnerabilities Client-facing communication and presentation skills	Mastery of penetration testing across multiple domains Advanced exploit development and weaponization Evasion techniques against modern security controls Deep Active Directory and cloud security expertise Strong reverse engineering capabilities Excellent written and verbal communication Project management and team leadership Business acumen and client relationship management	World-class penetration testing and exploitation skills Original security research and vulnerability discovery Strategic thinking and practice development Executive communication and influence Deep expertise across multiple security domains Industry relationship building Technical vision and roadmap development Cross-functional collaboration and leadership	Elite-level offensive security expertise Proven track record of industry-impacting research Executive presence and strategic leadership Industry-wide relationship network Business strategy and market understanding Innovation and capability incubation Public speaking and media engagement	Globally recognized offensive security expertise Transformational leadership and vision Executive and board-level communication Industry-shaping influence Strategic business development Innovation and emerging technology insight
Preferred Skills	CTF competition experience Home lab environment for practice Bug bounty participation Basic web application testing experience Familiarity with Burp Suite or similar tools	Cloud security assessment basics (AWS, Azure) Mobile application testing fundamentals Wireless network assessment Basic malware analysis Code review for security vulnerabilities	Binary exploitation fundamentals Mobile application security testing Container and Kubernetes security IoT/embedded device testing Reverse engineering basics Threat modeling experience	Original security research and CVE discovery Conference speaking experience Open-source tool development Red team infrastructure development Advanced malware development Hardware hacking and physical security	Published security research Major conference keynotes or presentations Recognized open-source contributions Advisory board or working group participation Patent or significant IP development	Startup advisory or board experience Published books or major works Government or regulatory advisory roles Academic affiliations or teaching	Founded or led successful security ventures Government advisory at national level Major industry awards or hall of fame recognition Academic appointments or distinguished fellowships
Mentorship Requirements	Receives direct mentorship from Senior or Lead penetration testers. Participates in pair testing sessions. Expected to complete internal training curriculum within first 6 months. Shadows on 3-5 engagements before leading any testing independently.	Receives mentorship from Senior/Lead testers on complex engagements. Expected to begin mentoring Entry-level team members informally. Participates in knowledge sharing sessions. Should be developing a specialization area with guidance.	Actively mentors Junior and Entry-level testers. Leads knowledge transfer sessions on specialty areas. Expected to help develop training materials. Should be establishing reputation as subject matter expert in 1-2 domains.	Primary mentor for multiple team members. Responsible for career development conversations. Creates and delivers training content. Expected to develop next generation of senior testers. Mentors across organizational boundaries.	Mentors Senior and Lead level practitioners. Shapes career paths across the organization. Develops mentorship programs and frameworks. Industry-level mentorship through community engagement. Sponsors and advocates for high-potential individuals.	Mentors Staff-level practitioners and emerging leaders. Develops organizational talent strategy. Industry-wide mentorship presence. Creates pathways for career advancement at senior levels.	Develops organizational leadership pipeline. Mentors future industry leaders. Legacy-building through talent development. May fund or sponsor security research and education initiatives.
Impact Scope	Individual contributor on specific testing tasks. Impact limited to assigned scan segments or documentation components. Work is reviewed before client delivery.	Contributes meaningfully to engagement outcomes. Responsible for specific testing phases or application components. Findings directly impact client security posture. Beginning to influence team processes.	Drives engagement outcomes and client security improvements. Influences team methodology and tool adoption. Technical decisions impact project success and client relationships. Contributes to practice growth.	Shapes practice direction and capabilities. Impacts organizational reputation through technical excellence. Client relationships and renewals depend on engagement success. Influences industry through research and thought leadership.	Organizational and industry-level impact. Shapes company technical reputation and market position. Defines practice capabilities and service offerings. Influences industry standards and practices.	Industry-defining impact. Organizational market position and competitive differentiation. Multi-year strategic outcomes. Shapes how the industry approaches offensive security.	Global industry impact. Defines how offensive security is practiced. Organizational transformation and long-term success. Creates lasting contributions to the field.
Autonomy & Decision Authority	Works under close supervision. Follows established procedures and checklists. Escalates all significant findings to senior team members. Limited authority to make testing decisions independently.	Works with moderate supervision. Can make tactical testing decisions within defined scope. Escalates scope changes and critical findings. Some independence on routine engagements.	Works independently with minimal supervision. Makes tactical and some strategic testing decisions. Authority to adjust testing approach within scope. Consulted on engagement scoping and estimates.	High autonomy with strategic input. Makes significant technical and engagement decisions. Authority over methodology and tool selection. Consulted on hiring and team composition. Trusted to represent organization externally.	Near-complete technical autonomy. Strategic decision-making authority. Influences organizational direction and investment. Authority over technical standards and methodologies. Trusted advisor to executive leadership.	Full technical autonomy. Strategic influence on business direction. May have P&L or budget authority. Shapes investment priorities. Trusted to make decisions with significant organizational impact.	Complete autonomy over technical domain. Executive-level decision-making authority. May have significant budget or investment authority. Shapes organizational strategy alongside executive leadership.
Communication & Stakeholders	Primarily internal communication with immediate team. May participate in client kickoff calls as observer. Communicates status updates to project lead. Limited direct client interaction.	Regular interaction with project leads and clients during technical discussions. Presents portions of findings to technical audiences. Participates actively in client status calls.	Primary technical point of contact for clients. Presents findings to technical and semi-technical audiences. Leads technical portions of client calls. Communicates with client security teams directly.	Executive-level client communication. Presents to boards and C-suite. Represents organization at conferences and industry events. Builds and maintains senior client relationships. Primary escalation point for client concerns.	C-suite and board-level engagement. Industry-wide communication through publications and speaking. Shapes external perception of organization. Builds relationships with industry peers and competitors. Media and analyst engagement.	Peer communication with client executives and CISOs. Industry-level influence through standards and forums. Media and analyst relationships. Board-level engagement as needed.	Global industry presence. Media and public thought leadership. Government and regulatory engagement. Client board-level relationships. Speaks at premier industry venues.
Degree / Experience	Bachelor's degree in Computer Science, Cybersecurity, or related field, OR 1-2 years of hands-on IT/security experience, OR completion of recognized bootcamp/training program with demonstrated practical skills.	Bachelor's degree in Computer Science, Cybersecurity, or related field, OR 2-4 years of hands-on penetration testing or security experience. Demonstrated ability through prior engagement work or significant bug bounty success.	Bachelor's degree in Computer Science, Cybersecurity, or related field, OR 4-6 years of hands-on penetration testing experience. Demonstrated track record of successful complex engagements. May have Master's degree with less experience.	Bachelor's degree in Computer Science, Cybersecurity, or related field, OR 6-10 years of penetration testing experience. Master's degree preferred for some organizations. Industry recognition through research, speaking, or tool development.	Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field, OR 10+ years of penetration testing experience with demonstrated industry impact. Advanced degree may be expected. Industry recognition is essential.	Advanced degree often expected (Master's or PhD), OR 12+ years of elite-level penetration testing experience with significant industry recognition. Published research, major tool development, or equivalent demonstration of expertise.	Advanced degree often present (Master's or PhD), but industry recognition is the primary qualification. 15+ years of elite-level experience with transformational impact. May be founders, inventors, or pioneers of major techniques or tools.
Certifications	CompTIA Security+ CompTIA PenTest+ eJPT (eLearnSecurity Junior Penetration Tester) CEH (Certified Ethical Hacker)	OSCP (Offensive Security Certified Professional) GPEN (GIAC Penetration Tester) PNPT (Practical Network Penetration Tester) eCPPT (eLearnSecurity Certified Professional Penetration Tester)	OSCP (required or equivalent) OSWE (Offensive Security Web Expert) OSEP (Offensive Security Experienced Penetration Tester) GXPN (GIAC Exploit Researcher and Advanced Penetration Tester) CRTO (Certified Red Team Operator)	OSCP, OSWE, OSEP (multiple offensive certs) OSCE3 (Offensive Security Certified Expert 3) GXPN CREST Certified Tester (CCT) Industry recognition may substitute	Multiple advanced offensive certifications Industry recognition often supersedes certifications May hold advisory or examiner roles with certification bodies Published research and CVEs	Certifications are typically secondary to demonstrated expertise May be certification authors or examiners Industry awards and recognition Published books or significant research	Certifications are irrelevant at this level Known by reputation and body of work May have certifications or techniques named after them Industry hall of fame recognition
Salary: US Gov't	$60,000 - $80,000 (GS-9 to GS-11)	$75,000 - $100,000 (GS-11 to GS-12)	$95,000 - $125,000 (GS-12 to GS-13)	$120,000 - $155,000 (GS-14 to GS-15)	$145,000 - $180,000 (GS-15 / SES equivalent)	$160,000 - $200,000 (Senior SES equivalent)	$180,000 - $220,000+ (Senior SES / Political appointee level)
Salary: US Startup	$70,000 - $95,000	$90,000 - $120,000	$120,000 - $160,000	$150,000 - $200,000 + equity	$180,000 - $250,000 + significant equity	$220,000 - $300,000 + major equity stake	$275,000 - $400,000+ + founder-level equity
Salary: US Corporate	$65,000 - $90,000	$85,000 - $115,000	$110,000 - $145,000	$140,000 - $185,000	$170,000 - $220,000	$200,000 - $275,000	$250,000 - $350,000+

↑ Back to navigation

Red Team - Analyst

Professionals who simulate advanced persistent threats (APTs) to test organizational detection and response capabilities. Analysts focus on threat intelligence, campaign planning, social engineering, and adversary emulation strategy.

Attribute	Analyst 1 / Entry	Analyst 2 / Junior	Analyst 3 / Mid	Analyst 4 / Senior / Lead	Analyst 5 / Staff	Analyst 6 / Senior Staff	Analyst 7 / Principal
General Description	Entry-level red team analyst learning threat intelligence fundamentals and adversary emulation concepts. Supports campaign planning and execution through research and reconnaissance. Develops foundational skills in social engineering and OSINT.	Junior red team analyst capable of conducting independent research and supporting campaign execution. Demonstrates proficiency in OSINT, threat intelligence analysis, and social engineering campaign components. Contributes to adversary emulation planning.	Experienced red team analyst who plans and executes sophisticated adversary emulation campaigns. Serves as subject matter expert in threat intelligence, social engineering, or specific threat actor TTPs. Independently manages campaign components and mentors junior analysts.	Senior red team analyst and campaign strategist who defines adversary emulation approaches and leads high-profile engagements. Recognized expert in threat intelligence, social engineering, or specific adversary domains. Drives innovation and shapes organizational capabilities.	Distinguished analyst and strategist who shapes organizational and industry approaches to adversary emulation. Combines deep threat expertise with strategic vision. Recognized externally as thought leader in red team operations and threat intelligence.	Elite strategist and thought leader with industry-defining influence in threat intelligence and adversary emulation. Operates at the intersection of deep expertise and organizational strategy. Shapes not only practice direction but industry approaches.	Legendary practitioner at the pinnacle of threat intelligence and adversary emulation expertise. Globally recognized authority who defines how the industry approaches advanced threats. Combines unparalleled expertise with strategic vision.
Primary Responsibilities	Conduct open-source intelligence (OSINT) gathering Research threat actor TTPs and document findings Support social engineering campaign development Assist with phishing and vishing campaign execution Maintain threat intelligence databases and tracking Document campaign activities and timelines Learn adversary emulation frameworks (MITRE ATT&CK)	Lead OSINT collection efforts for campaigns Develop social engineering pretexts and scenarios Execute phishing and social engineering attacks Map target organizations and identify attack surfaces Analyze threat actor behaviors for emulation Contribute to campaign planning documents Produce threat intelligence reports and briefings Track and document campaign metrics	Plan and lead adversary emulation campaigns Develop comprehensive threat actor profiles Design and execute complex social engineering operations Create detailed attack chains mapped to ATT&CK Brief clients on threat landscape and campaign rationale Mentor junior analysts on tradecraft and methodology Develop organizational threat intelligence capabilities Contribute to red team methodology and procedures	Lead complex, high-stakes red team campaigns Define adversary emulation strategy and methodology Develop novel social engineering and influence techniques Build and maintain strategic threat intelligence programs Present to executive and board-level audiences Mentor and develop analyst team members Represent organization in industry forums Support business development with expertise Drive innovation in tradecraft and techniques	Define multi-year strategy for adversary emulation practice Lead industry-impacting research and capability development Build strategic relationships with clients and partners Develop next-generation tradecraft and methodologies Represent organization at highest industry levels Guide organizational investments in capabilities Shape industry standards and practices Develop senior analyst talent pipeline	Set multi-year vision for threat intelligence and adversary emulation Lead transformational capability development Build and maintain C-level strategic relationships Influence industry standards and government policy Develop next-generation services and capabilities Guide organizational strategy alongside executive leadership Represent organization as premier thought leader	Define industry direction for threat intelligence and red teaming Lead transformational multi-year initiatives Serve as ultimate strategic authority Shape national or international security policy Build generational capabilities and practices Guide organizational transformation Represent organization at highest levels globally
Required Skills	OSINT techniques and tools (Maltego, Recon-ng) Social engineering fundamentals Understanding of threat intelligence concepts Basic knowledge of MITRE ATT&CK framework Research and analytical writing skills Attention to detail and documentation Basic understanding of phishing techniques	Advanced OSINT and reconnaissance techniques Social engineering execution (phishing, vishing, smishing) Threat intelligence analysis and production MITRE ATT&CK mapping and application Target development and attack surface mapping Pretext development and scenario planning Clear analytical writing and presentation	Expert-level OSINT and threat intelligence Advanced social engineering and influence techniques Adversary emulation planning and execution Deep knowledge of APT groups and TTPs Campaign design and operational security Executive-level briefing and communication Mentorship and knowledge transfer	Mastery of threat intelligence and adversary emulation Expert social engineering and influence operations Strategic campaign planning and execution Executive communication and presentation Team leadership and development Industry expertise and recognition Business acumen and client management	World-class threat intelligence and adversary expertise Strategic practice leadership Executive presence and influence Industry-wide recognition and relationships Innovation and capability incubation Cross-functional leadership	Elite threat intelligence and strategic expertise Transformational leadership Executive and board-level communication Industry-shaping influence and relationships Business strategy and market understanding Innovation leadership	Globally recognized expertise Transformational strategic vision Executive and government-level influence Industry-defining thought leadership Strategic business development
Preferred Skills	Experience with threat intelligence platforms Foreign language capabilities Background in psychology or communications Social media analysis experience Previous investigative or research experience	Red team infrastructure familiarity Physical security assessment basics Dark web research experience Behavioral analysis training Experience with commercial threat intel platforms	Physical penetration testing Government or military intelligence background Published threat intelligence research Training development and delivery Red team infrastructure architecture	Published research or industry presentations Government advisory or liaison experience Training course development Media engagement experience Academic or teaching background	Government or intelligence community senior roles Published books or major research Advisory roles with government or industry bodies Academic affiliations	Government advisory at senior levels Published books or seminal research Board or advisory positions Academic appointments	Founded or led successful security ventures National-level government advisory Major industry awards Academic distinguished appointments
Mentorship Requirements	Receives direct mentorship from Senior analysts. Shadows on red team campaigns. Completes internal threat intelligence training. Participates in tabletop exercises as observer.	Receives guidance from Senior analysts on complex campaigns. Begins mentoring Entry-level analysts informally. Contributes to knowledge base and training materials.	Primary mentor for Junior and Entry analysts. Develops training content for analyst track. Expected to establish expertise in specific threat actors or regions. Shares knowledge through internal and external presentations.	Primary mentor for Mid and Junior analysts. Responsible for analyst track career development. Creates mentorship programs and frameworks. Industry mentorship through community engagement. Shapes analyst development curriculum.	Mentors Senior analysts and emerging leaders. Shapes organizational talent strategy. Industry-level mentorship presence. Creates pathways for analyst career advancement.	Develops organizational leadership pipeline. Mentors future industry leaders. Legacy-building through talent development.	Develops organizational and industry leadership. Mentors future industry leaders. Legacy-building through generational impact. May fund or sponsor research initiatives.
Impact Scope	Supports campaign success through quality research. Contributes to intelligence products consumed by team. Work is reviewed and validated before operational use.	Directly contributes to campaign success. Intelligence products inform operational decisions. Social engineering results impact engagement outcomes.	Shapes campaign strategy and outcomes. Intelligence products influence client security priorities. Builds organizational threat intelligence capability. Reputation impacts client relationships.	Defines organizational adversary emulation capability. Impacts client security strategy and investments. Industry influence through thought leadership. Organizational reputation depends on campaign excellence.	Industry and organizational transformation. Shapes how adversary emulation is practiced. Multi-year strategic outcomes. Defines organizational market position.	Industry-defining impact. Organizational competitive differentiation. Multi-year strategic transformation. Shapes industry practices and standards.	Global industry impact. Defines how threats are understood and addressed. Organizational transformation. Lasting contributions to national and international security.
Autonomy & Decision Authority	Works under close supervision. Follows established research and collection procedures. Limited operational decision-making. Escalates findings to senior analysts.	Moderate supervision. Can make tactical decisions within campaign parameters. Authority over assigned collection and research tasks. Escalates scope or strategy changes.	Works independently with strategic guidance. Makes significant campaign decisions. Authority over intelligence collection and analysis priorities. Consulted on engagement scoping and approach.	High autonomy with strategic alignment. Makes significant operational and tactical decisions. Authority over methodology and capability development. Trusted to represent organization and make commitments.	Near-complete autonomy over domain. Strategic influence on business direction. Shapes investment and capability priorities. Makes decisions with significant organizational impact.	Full autonomy over strategic domain. Executive-level decision authority. May have P&L or significant budget authority. Shapes organizational direction.	Complete strategic autonomy. Executive-level authority. Shapes organizational strategy. May have significant investment authority.
Communication & Stakeholders	Internal team communication. May assist with campaign documentation for client delivery. Observer role in client interactions.	Interacts with technical team members regularly. May present portions of findings to clients. Participates in campaign planning sessions actively.	Regular client-facing communication. Presents threat briefings to technical and executive audiences. Primary analyst contact for campaigns. Builds relationships with client security teams.	Executive and board-level client engagement. Industry conference presentations. May engage with media on threat topics. Builds senior relationships across client organizations.	C-level client engagement. Industry-wide influence. Media and analyst relationships. Government and regulatory engagement as appropriate.	Peer engagement with client executives and government officials. Industry-defining thought leadership. Media and public presence. Board-level engagement.	Global presence. Government and international engagement. Media thought leadership. Premier industry venues.
Degree / Experience	Bachelor's degree in Intelligence Studies, Political Science, Psychology, Cybersecurity, or related field, OR 1-2 years of relevant analytical or research experience.	Bachelor's degree in relevant field, OR 2-4 years of intelligence analysis, OSINT, or social engineering experience. Demonstrated success in previous campaigns or research.	Bachelor's degree in relevant field, OR 4-6 years of red team, threat intelligence, or intelligence community experience. Master's degree may substitute for some experience. Demonstrated campaign success.	Bachelor's or Master's degree in relevant field, OR 6-10 years of elite red team or intelligence community experience. Industry recognition through research, speaking, or published work. Advanced degree may be preferred.	Advanced degree often expected, OR 10+ years of elite red team or intelligence community experience with demonstrated industry impact. Recognition is essential qualification.	Advanced degree often present, but industry recognition is primary qualification. 12+ years of elite experience with transformational impact. May have senior government or intelligence community background.	Advanced degree often present, but recognition is primary qualification. 15+ years of elite experience with transformational impact. May be founders or pioneers of major methodologies.
Certifications	CompTIA Security+ GOSI (GIAC Open Source Intelligence) Social Engineering training certifications MITRE ATT&CK training	GOSI (GIAC Open Source Intelligence) SEC567: Social Engineering for Penetration Testers OSINT certifications Threat intelligence certifications	GCTI (GIAC Cyber Threat Intelligence) GRTP (GIAC Red Team Professional) CREST certifications Government intelligence certifications (if applicable)	Multiple advanced certifications Industry recognition often supersedes certifications May be certification developers or instructors Government clearances may be relevant	Certifications secondary to demonstrated expertise May be certification authors or examiners Industry awards and recognition Published research and contributions	Certifications irrelevant at this level Known by reputation and body of work Industry recognition and awards	Certifications irrelevant at this level Known by reputation and legacy May have awards or recognition named after them
Salary: US Gov't	$55,000 - $75,000 (GS-7 to GS-9)	$70,000 - $95,000 (GS-9 to GS-11)	$90,000 - $120,000 (GS-12 to GS-13)	$115,000 - $150,000 (GS-14 to GS-15)	$140,000 - $175,000 (GS-15 / SES equivalent)	$160,000 - $195,000 (Senior SES equivalent)	$175,000 - $215,000+ (Senior SES / Political appointee)
Salary: US Startup	$65,000 - $90,000	$85,000 - $115,000	$115,000 - $150,000	$145,000 - $190,000 + equity	$175,000 - $240,000 + significant equity	$215,000 - $290,000 + major equity	$265,000 - $380,000+ + founder-level equity
Salary: US Corporate	$60,000 - $85,000	$80,000 - $110,000	$105,000 - $140,000	$135,000 - $175,000	$165,000 - $210,000	$195,000 - $260,000	$240,000 - $330,000+

↑ Back to navigation

Red Team - Engineer

Technical practitioners who build and operate red team infrastructure, develop custom tools and implants, and execute sophisticated attack chains. Engineers focus on the technical execution of adversary emulation campaigns.

Attribute	Eng 1 / Entry	Eng 2 / Junior	Eng 3 / Mid	Eng 4 / Senior / Lead	Eng 5 / Staff	Eng 6 / Senior Staff	Eng 7 / Principal
General Description	Entry-level red team engineer learning infrastructure development and tool operation. Supports campaigns by maintaining attack infrastructure and executing established attack playbooks. Develops foundational skills in C2 frameworks and evasion techniques.	Junior red team engineer capable of operating attack infrastructure and executing campaign playbooks with moderate supervision. Demonstrates proficiency in C2 operations, basic payload development, and infrastructure management. Beginning to develop custom tooling.	Experienced red team engineer who independently builds sophisticated attack infrastructure and develops custom tools. Demonstrates expertise in evasion, C2 development, and advanced attack techniques. Leads technical execution of campaign components.	Senior red team engineer and technical leader who architects sophisticated attack capabilities and leads technical innovation. Develops novel techniques that evade state-of-the-art defenses. Recognized as expert in offensive tool development and serves as escalation point for complex challenges.	Distinguished red team engineer and capability architect who defines organizational technical direction. Develops industry-leading attack capabilities and drives innovation at the cutting edge of offensive security. Recognized externally as thought leader in red team engineering.	Elite red team engineer with industry-defining technical influence. Operates at the frontier of offensive security research and capability development. Shapes how the industry approaches red team engineering and advanced attack techniques.	Legendary red team engineer at the pinnacle of offensive security capability development. Globally recognized for transformational contributions to the field. Defines how the industry approaches advanced attack techniques and capabilities.
Primary Responsibilities	Deploy and maintain red team infrastructure components Execute attack playbooks under supervision Operate commercial C2 frameworks (Cobalt Strike, etc.) Assist with payload development and testing Document technical procedures and findings Maintain and update attack tools and frameworks Learn evasion and detection bypass techniques	Build and operate red team attack infrastructure Execute post-exploitation and lateral movement Develop and modify payloads for campaigns Implement basic evasion techniques Operate multiple C2 frameworks Support infrastructure automation Document technical findings and artifacts Contribute to playbook development	Architect and build red team infrastructure Develop custom implants and C2 channels Create evasion techniques for modern defenses Lead technical execution of campaigns Develop automation for attack chains Research and implement new techniques Mentor junior engineers on technical skills Contribute to capability roadmap	Lead red team capability development program Develop novel evasion and attack techniques Architect enterprise-scale attack infrastructure Create custom C2 frameworks and implants Drive technical innovation and research Mentor and develop engineering team Present technical capabilities to clients and industry Support strategic business development Define technical standards and practices	Define technical strategy for red team capabilities Lead advanced research with industry impact Architect next-generation attack platforms Build strategic technical partnerships Develop groundbreaking evasion capabilities Guide organizational technical investments Represent organization as technical expert Shape industry practices through research and tools	Set multi-year technical vision for offensive capabilities Lead transformational research initiatives Build strategic technical alliances Develop capabilities that redefine possible Influence industry and vendor security roadmaps Guide organizational technical strategy Serve as ultimate technical authority	Define industry technical direction Lead generational capability development Serve as ultimate technical authority globally Shape security vendor and platform roadmaps Build lasting technical contributions Guide organizational transformation Pioneer new domains of offensive security
Required Skills	Linux and Windows system administration Basic networking and infrastructure concepts Scripting fundamentals (Python, PowerShell, Bash) Familiarity with C2 frameworks Understanding of common attack techniques Basic malware analysis concepts Documentation and procedure following	C2 framework operation and configuration Payload development and obfuscation basics Post-exploitation techniques Infrastructure as code concepts Intermediate programming (C, C++, C#, Go) Windows internals fundamentals Basic evasion and AV bypass Cloud infrastructure deployment	Advanced payload and implant development C2 framework customization and development EDR and AV evasion techniques Windows internals and API knowledge Advanced Active Directory attacks Strong programming (C, C++, C#, Go, Rust) Infrastructure automation and orchestration Cloud attack techniques	Expert-level offensive tool development Advanced evasion research and implementation Custom C2 and implant architecture Deep Windows/Linux internals Exploit development and weaponization EDR/XDR bypass research Team leadership and mentorship Technical presentation and communication	World-class offensive capability development Advanced security research methodology Strategic technical leadership Industry recognition and relationships Innovation and capability incubation Cross-functional technical leadership	Elite offensive capability development Transformational research leadership Industry-wide technical influence Executive presence and communication Strategic vision and planning Innovation at scale	Globally recognized technical expertise Transformational capability development Industry-defining influence Strategic technical vision Innovation leadership at global scale
Preferred Skills	Cloud infrastructure experience (AWS, Azure) Container technologies (Docker) Programming beyond scripting CTF experience Home lab infrastructure	Malware development basics Reverse engineering fundamentals Active Directory attack techniques Custom tool development Automation and orchestration	Kernel-level development Custom protocol development Advanced reverse engineering Exploit development Hardware/embedded systems	Published security research Open-source tool development Conference presentations Kernel and driver development Hardware security research	Major open-source tool maintainer Published vulnerability research Advisory roles with vendors or industry Patents or significant IP	Major tool frameworks maintained Multiple significant CVEs Vendor advisory relationships Academic research collaborations	Founded significant security tools or companies National-level technical advisory Hall of fame recognition Academic distinguished positions
Mentorship Requirements	Receives direct mentorship from Senior engineers. Shadows on campaigns. Completes internal training on tools and infrastructure. Participates in lab exercises before operational deployment.	Receives guidance from Senior engineers on complex tasks. Begins mentoring Entry-level engineers informally. Contributes to technical documentation and training materials.	Primary mentor for Junior and Entry engineers. Develops technical training content. Expected to establish expertise in specific capability areas. Shares knowledge through internal presentations and documentation.	Primary mentor for multiple engineers. Responsible for technical career development. Creates advanced training and capability programs. Industry mentorship through tool releases and community engagement.	Mentors Senior engineers and technical leaders. Shapes engineering career paths. Industry mentorship through community engagement and tool releases.	Develops technical leadership pipeline. Mentors future industry technical leaders. Legacy through tools, research, and people developed.	Develops generational technical talent. Mentors future industry pioneers. Legacy through lasting technical contributions.
Impact Scope	Supports campaign execution through infrastructure reliability. Executes assigned attack components. Work is reviewed before operational use.	Directly contributes to campaign success. Infrastructure reliability affects engagement outcomes. Technical execution impacts detection and mission success.	Shapes campaign technical approach. Custom capabilities enable mission success. Technical decisions impact engagement outcomes and detection risk.	Defines organizational technical capabilities. Capabilities enable successful campaigns against sophisticated targets. Technical reputation impacts client relationships. Innovation shapes practice direction.	Organizational technical differentiation. Industry-level impact through research and tools. Defines state-of-the-art in offensive capabilities.	Industry-defining technical impact. Shapes how red teaming is practiced. Organizational competitive differentiation through capabilities.	Global technical impact. Defines offensive security capabilities. Lasting contributions to the field.
Autonomy & Decision Authority	Close supervision. Follows established procedures and playbooks. Limited operational decision-making. Escalates issues immediately.	Moderate supervision. Can make tactical decisions during operations. Authority over assigned infrastructure components. Escalates significant issues or scope changes.	Works independently with guidance on strategy. Makes significant technical decisions. Authority over capability development priorities. Consulted on engagement technical approach.	High autonomy over technical domain. Makes strategic capability decisions. Authority over technical standards and architecture. Trusted to represent organization's technical capabilities.	Near-complete technical autonomy. Strategic influence on capability direction. Shapes investment priorities. Makes decisions with significant organizational impact.	Full technical autonomy. Strategic authority over capability direction. May have significant R&D budget authority. Shapes organizational strategy.	Complete technical autonomy. Executive authority over technical domain. Shapes organizational and industry direction.
Communication & Stakeholders	Internal team communication. Updates project lead on status. Observer role in technical discussions.	Regular interaction with campaign team. Participates in technical planning sessions. May present technical findings to team.	Regular client technical communication. Presents technical findings and capabilities. Primary technical contact for campaigns. Collaborates with client security teams on findings.	Executive-level technical communication. Industry conference presentations. Client CISO/VP engagement on capabilities. Technical escalation point for complex engagements.	C-level technical engagement. Industry conference keynotes. Media and analyst engagement on technical topics. Vendor and partner technical relationships.	Industry-defining technical presence. Vendor and partner strategic engagement. Premier conference keynotes. Media thought leadership.	Global technical authority. Premier industry venues. Government and international engagement. Media presence.
Degree / Experience	Bachelor's degree in Computer Science, Cybersecurity, or related field, OR 1-2 years of system administration, development, or security experience. Demonstrated technical aptitude through projects or labs.	Bachelor's degree in Computer Science, Cybersecurity, or related field, OR 2-4 years of security engineering, development, or red team experience. Demonstrated technical skills through projects or prior work.	Bachelor's degree in Computer Science, Cybersecurity, or related field, OR 4-6 years of red team engineering, malware development, or related experience. Demonstrated capability development track record.	Bachelor's or Master's degree in Computer Science or related field, OR 6-10 years of elite red team engineering experience. Demonstrated capability development and research track record. Industry recognition through tools or research.	Advanced degree often expected, OR 10+ years of elite red team engineering with demonstrated industry impact. Recognition through research, tools, or CVEs is essential.	Advanced degree often present, but recognition is primary qualification. 12+ years of elite experience with transformational technical impact.	Recognition is primary qualification. May have advanced degrees. 15+ years with transformational impact. Pioneers of major techniques or tools.
Certifications	CompTIA Security+ OSCP (in progress acceptable) CRTO (Certified Red Team Operator) Cloud certifications	OSCP (required or equivalent) CRTO GPEN Cloud security certifications	OSCP, OSEP (multiple offensive certs) CRTO, CRTL OSED (Offensive Security Exploit Developer) Malware development training	Multiple advanced offensive certifications OSCE3 or equivalent Industry recognition often supersedes certifications Published research and tool development	Certifications secondary to demonstrated expertise May be certification developers Known for tool development and research	Certifications irrelevant at this level Known by technical contributions Tools or techniques may be named after them	Certifications irrelevant Known by technical legacy May have techniques or tools named after them
Salary: US Gov't	$65,000 - $85,000 (GS-9 to GS-11)	$80,000 - $105,000 (GS-11 to GS-12)	$100,000 - $130,000 (GS-12 to GS-13)	$125,000 - $160,000 (GS-14 to GS-15)	$150,000 - $185,000 (GS-15 / SES equivalent)	$165,000 - $205,000 (Senior SES equivalent)	$180,000 - $225,000+ (Senior SES / Technical fellow equivalent)
Salary: US Startup	$75,000 - $100,000	$95,000 - $130,000	$125,000 - $165,000	$155,000 - $210,000 + equity	$190,000 - $260,000 + significant equity	$225,000 - $310,000 + major equity	$280,000 - $400,000+ + founder-level equity
Salary: US Corporate	$70,000 - $95,000	$90,000 - $120,000	$115,000 - $150,000	$145,000 - $190,000	$175,000 - $230,000	$205,000 - $280,000	$255,000 - $360,000+

↑ Back to navigation

Purple Team

Professionals who bridge offensive and defensive security by facilitating collaboration between red and blue teams. Focus on improving detection capabilities, validating security controls, and enabling continuous security improvement through adversary simulation.

Attribute	Specialist 1 / Entry	Specialist 2 / Junior	Specialist 3 / Mid	Specialist 4 / Senior / Lead	Specialist 5 / Staff	Specialist 6 / Senior Staff	Specialist 7 / Principal
General Description	Entry-level purple team specialist learning to facilitate collaboration between offensive and defensive teams. Supports adversary simulation exercises and helps document detection gaps. Develops foundational understanding of both attack techniques and defensive controls.	Junior purple team specialist capable of executing adversary simulations and working with defensive teams to improve detection. Demonstrates proficiency in both offensive techniques and defensive tool analysis. Contributes to detection engineering and control validation.	Experienced purple team specialist who independently designs and leads adversary simulation exercises. Expert in translating offensive techniques into detection opportunities. Develops advanced detection capabilities and mentors junior team members.	Senior purple team leader who defines organizational approach to adversary simulation and detection validation. Expert in bridging offensive and defensive security at strategic level. Drives innovation in purple team methodologies and builds organizational capabilities.	Distinguished purple team strategist who shapes organizational and industry approaches to adversary simulation and detection validation. Combines deep expertise with strategic vision. Recognized externally as thought leader in purple team operations.	Elite purple team leader with industry-defining influence. Operates at the intersection of deep expertise and organizational strategy. Shapes not only practice direction but industry approaches to adversary simulation and continuous security validation.	Legendary practitioner at the pinnacle of purple team and continuous security validation expertise. Globally recognized authority who defines how the industry approaches adversary simulation and detection improvement collaboration.
Primary Responsibilities	Support adversary simulation exercises Document attack techniques and detection opportunities Assist with ATT&CK mapping and coverage analysis Help correlate offensive activities with defensive telemetry Maintain purple team exercise documentation Learn detection engineering fundamentals Support tabletop exercises and workshops	Execute adversary simulation scenarios Analyze defensive telemetry during exercises Develop detection rules and signatures Map organizational defenses to ATT&CK Document detection gaps and recommendations Facilitate collaboration between red and blue teams Create exercise reports with actionable findings Support detection engineering initiatives	Design and lead adversary simulation exercises Develop comprehensive ATT&CK coverage programs Create advanced detection rules and analytics Build purple team methodologies and frameworks Train defensive teams on adversary techniques Evaluate and improve security control effectiveness Mentor junior purple team specialists Drive detection engineering maturity	Lead purple team program strategy and development Design enterprise-scale adversary simulation programs Build organizational detection maturity roadmaps Develop novel simulation and detection techniques Present to executive audiences on security posture Mentor and develop purple team members Drive industry thought leadership Support business development with expertise Define purple team standards and methodologies	Define multi-year strategy for purple team practice Lead industry-impacting research and methodology development Build strategic relationships with clients and vendors Develop next-generation purple team capabilities Represent organization at highest industry levels Guide organizational investments in detection and simulation Shape industry standards and practices	Set multi-year vision for purple team capabilities Lead transformational methodology development Build strategic alliances with clients, vendors, and partners Influence industry standards and frameworks Develop next-generation practices and services Guide organizational strategy alongside executive leadership	Define industry direction for purple team operations Lead transformational multi-year initiatives Serve as ultimate authority in the domain Shape security industry practices and standards Build lasting methodological contributions Guide organizational transformation
Required Skills	Understanding of both offensive and defensive security concepts Familiarity with MITRE ATT&CK framework Basic knowledge of SIEM and detection tools Understanding of common attack techniques Documentation and communication skills Basic scripting ability Knowledge of security control frameworks	Proficiency in common attack techniques SIEM query language expertise (Splunk, Sentinel, etc.) Detection rule development ATT&CK mapping and gap analysis Endpoint detection tool familiarity Scripting for automation Clear technical communication	Expert knowledge of offensive and defensive techniques Advanced detection engineering ATT&CK-based program development Security control validation methodology Training and workshop facilitation Strong programming and automation skills Executive communication on security gaps	Mastery of offensive and defensive security Strategic program development Advanced detection architecture Executive communication and influence Team leadership and development Industry expertise and recognition Business acumen and client management	World-class purple team expertise Strategic practice leadership Executive presence and influence Industry-wide recognition Innovation and capability incubation Cross-functional leadership	Elite purple team and detection expertise Transformational leadership Executive communication Industry-shaping influence Business strategy understanding Innovation leadership	Globally recognized expertise Transformational strategic vision Executive and industry-level influence Industry-defining thought leadership
Preferred Skills	SOC or blue team experience Penetration testing exposure Log analysis experience Detection rule writing basics Threat intelligence fundamentals	C2 framework operation Threat hunting experience Security control validation Automation development Incident response background	Threat intelligence integration Custom tool development Red team experience SOC architecture knowledge Published detection research	Published research or methodologies Conference speaking experience Open-source tool development Vendor or product experience Security program leadership	Founded significant methodologies or frameworks Published books or major research Advisory roles with vendors or standards bodies Academic affiliations	Major framework or methodology creator Vendor advisory roles Board positions Academic appointments	Founded or led significant security initiatives Major framework creator Industry awards Distinguished appointments
Mentorship Requirements	Receives direct mentorship from Senior purple team members. Shadows on exercises and workshops. Completes cross-training in both offensive and defensive tracks.	Receives guidance from Senior specialists on complex exercises. Begins mentoring Entry-level team members. Contributes to methodology documentation.	Primary mentor for Junior and Entry specialists. Develops training content for purple team track. Expected to establish expertise in detection or simulation specialization.	Primary mentor for Mid and Junior specialists. Responsible for purple team career development. Creates mentorship programs. Industry mentorship through community engagement.	Mentors Senior specialists and emerging leaders. Shapes organizational talent strategy. Industry-level mentorship presence.	Develops organizational leadership pipeline. Mentors future industry leaders. Legacy-building through talent development.	Develops organizational and industry leadership. Mentors future industry leaders. Legacy-building through generational impact.
Impact Scope	Supports exercise success and documentation quality. Contributes to detection improvement tracking. Work is reviewed before client delivery.	Directly contributes to detection improvement. Exercise findings drive security investments. Work impacts organizational security posture.	Shapes organizational detection strategy. Exercises drive significant security improvements. Methodology influences how teams collaborate.	Defines organizational purple team capability. Impacts client security strategy and investments. Industry influence through thought leadership.	Industry and organizational transformation. Shapes how purple teaming is practiced. Multi-year strategic outcomes.	Industry-defining impact. Organizational competitive differentiation. Multi-year strategic transformation.	Global industry impact. Defines how purple teaming is practiced. Lasting contributions to the field.
Autonomy & Decision Authority	Close supervision. Follows established exercise procedures. Limited decision-making authority. Escalates issues to senior team members.	Moderate supervision. Makes tactical decisions during exercises. Authority over assigned simulation components. Escalates significant findings.	Works independently with strategic guidance. Makes significant exercise and methodology decisions. Authority over detection development priorities.	High autonomy with strategic alignment. Makes significant program decisions. Authority over methodology and capability development. Trusted to represent organization.	Near-complete autonomy. Strategic influence on direction. Shapes investment priorities. Makes decisions with significant impact.	Full autonomy. Executive-level authority. May have significant budget authority. Shapes organizational direction.	Complete strategic autonomy. Executive-level authority. Shapes organizational strategy.
Communication & Stakeholders	Internal team communication. May assist with exercise documentation. Observer role in client workshops.	Regular interaction with both red and blue teams. Participates in exercise debriefs. May present findings to technical stakeholders.	Regular client-facing communication. Presents findings to technical and management audiences. Primary contact for purple team engagements.	Executive and board-level client engagement. Industry conference presentations. Builds senior relationships across organizations.	C-level client engagement. Industry-wide influence. Media and analyst relationships.	Peer engagement with executives. Industry-defining thought leadership. Media presence.	Global presence. Premier industry venues. Media thought leadership.
Degree / Experience	Bachelor's degree in Cybersecurity, Computer Science, or related field, OR 1-2 years of security operations, penetration testing, or related experience.	Bachelor's degree in relevant field, OR 2-4 years of security operations, penetration testing, or purple team experience.	Bachelor's degree in relevant field, OR 4-6 years of combined offensive and defensive security experience. Demonstrated purple team methodology expertise.	Bachelor's or Master's degree in relevant field, OR 6-10 years of elite purple team, red team, or detection engineering experience. Industry recognition required.	Advanced degree often expected, OR 10+ years of elite purple team, detection engineering, or offensive security experience with demonstrated impact.	Advanced degree often present, but recognition is primary qualification. 12+ years of elite experience with transformational impact.	Recognition is primary qualification. 15+ years with transformational impact. May be pioneers of major methodologies or frameworks.
Certifications	CompTIA Security+ CompTIA CySA+ BTL1 (Blue Team Level 1) MITRE ATT&CK training	OSCP or equivalent offensive cert GCIH (GIAC Certified Incident Handler) GDAT (GIAC Defending Advanced Threats) Detection engineering certifications	Multiple offensive and defensive certifications GDAT, GCIH OSCP, CRTO Detection engineering specializations	Multiple advanced certifications Industry recognition often supersedes certifications May be certification developers or instructors	Certifications secondary to demonstrated expertise May be certification authors Industry awards and recognition	Certifications irrelevant at this level Known by reputation and contributions	Certifications irrelevant Known by reputation and legacy
Salary: US Gov't	$60,000 - $80,000 (GS-9 to GS-11)	$75,000 - $100,000 (GS-11 to GS-12)	$95,000 - $125,000 (GS-12 to GS-13)	$120,000 - $155,000 (GS-14 to GS-15)	$145,000 - $180,000 (GS-15 / SES equivalent)	$165,000 - $200,000 (Senior SES equivalent)	$180,000 - $220,000+ (Senior SES / Political appointee level)
Salary: US Startup	$70,000 - $95,000	$90,000 - $120,000	$120,000 - $155,000	$150,000 - $195,000 + equity	$180,000 - $250,000 + significant equity	$220,000 - $300,000 + major equity	$270,000 - $390,000+ + founder-level equity
Salary: US Corporate	$65,000 - $90,000	$85,000 - $115,000	$110,000 - $145,000	$140,000 - $180,000	$170,000 - $220,000	$200,000 - $270,000	$250,000 - $350,000+

↑ Back to navigation

Offensive Security Management

Leaders who manage offensive security teams, programs, and business units. Responsible for strategy, people development, client relationships, and business outcomes. Progress from team management to organizational and business leadership.

Attribute	Mgr 1 / Manager	Mgr 2 / Associate Director / Senior Manager	Mgr 3 / Director
General Description	First-line manager responsible for a team of offensive security practitioners. Balances people management with technical oversight. Ensures engagement quality, team development, and operational excellence. May maintain some hands-on technical work.	Senior manager or associate director responsible for multiple teams or a significant practice area. Drives strategy, develops managers, and owns business outcomes for their area. Balances operational excellence with strategic development.	Director responsible for an offensive security practice, department, or business unit. Sets strategy, owns P&L, and drives practice growth and capability development. Leads senior managers and builds organizational capability while maintaining strong client and industry relationships.
Primary Responsibilities	Manage team of 3-8 offensive security practitioners Conduct performance reviews and career development Ensure engagement quality and client satisfaction Manage team utilization and project assignments Hire and onboard new team members Handle escalations and client concerns Contribute to methodology and process improvement Support business development as needed Manage team budget and resources	Lead multiple offensive security teams or practice area Develop and mentor first-line managers Drive practice strategy and capability development Own P&L or significant budget responsibility Build and maintain senior client relationships Drive business development and sales support Shape methodology and service offerings Represent practice in organizational leadership Drive operational excellence and quality	Lead offensive security practice, department, or business unit Set practice strategy and multi-year roadmap Own P&L and financial performance for area Build and develop senior management team Drive practice growth and market expansion Build strategic client relationships at director/VP level Shape service offerings and capability investments Represent practice in executive leadership forums Drive thought leadership and industry presence Partner with sales on strategic opportunities Ensure quality and methodology excellence Manage organizational change and transformation initiatives
Required Skills	Strong offensive security technical background People management and development Project management fundamentals Client relationship management Communication and conflict resolution Hiring and team building Performance management Business acumen basics	Strong technical and business leadership Multi-team management Strategic planning and execution P&L management Executive client relationships Business development leadership Organizational influence Change management	Strategic leadership and planning P&L management and business acumen Senior team leadership and development Executive client relationship management Business development and sales partnership Organizational influence and navigation Industry presence and thought leadership Change management and transformation Executive communication and presentation
Preferred Skills	Prior senior technical role Formal management training Business development experience Cross-functional collaboration Budget management	MBA or business education Prior director-level experience Large engagement or program leadership Industry recognition Board or advisory experience	Prior director-level experience MBA or advanced business education Public company or PE-backed experience Industry conference speaking Advisory board participation M&A or integration experience
Mentorship Requirements	Primary mentor for direct reports. Responsible for team career development. Develops junior managers informally. Participates in management development programs.	Primary mentor for managers and senior ICs. Responsible for leadership development in area. Creates career frameworks and development programs. Industry mentorship presence.	Develops senior management talent pipeline. Mentors senior managers and high-potential leaders. Shapes practice career frameworks. Industry mentorship through speaking and community engagement. Sponsors emerging leaders.
Impact Scope	Team performance and development. Engagement outcomes for assigned projects. Team retention and growth. Local client relationships.	Practice or area performance. Business outcomes and growth. Multi-team capability and development. Strategic client relationships.	Practice performance and strategic direction. Business unit financial outcomes. Senior leadership capability. Strategic client relationships. Industry reputation and market position.
Autonomy & Decision Authority	Authority over team operations and assignments. Makes hiring recommendations. Budget authority within defined limits. Escalates strategic decisions to director.	Significant operational autonomy. P&L or budget authority. Authority over strategy within area. Makes significant hiring and investment decisions. Reports to VP/CISO level.	Full authority over practice operations. P&L ownership and investment decisions within budget. Authority over senior hiring and organizational structure. Strategic decision-making for practice. Reports to VP or executive leadership.
Communication & Stakeholders	Regular communication with director leadership. Client communication on engagement matters. Team communication and alignment. Cross-functional coordination.	Executive-level client engagement. Organizational leadership communication. May represent organization externally. Board-level reporting as needed.	VP and executive leadership engagement. Client VP and director-level relationships. Industry conference and event presence. Cross-functional executive collaboration. May engage with board on practice matters.
Degree / Experience	Bachelor's degree in relevant field with 6+ years of offensive security experience including leadership, OR equivalent experience. Technical depth with demonstrated leadership capability.	Bachelor's degree with 8+ years experience including management, OR Master's degree with 6+ years. Demonstrated leadership of managers and business outcomes.	Bachelor's degree with 10+ years including senior management leadership, OR Master's/MBA with 8+ years. Demonstrated P&L ownership and practice growth. Industry recognition developing.
Certifications	Offensive security certifications from IC track Management or leadership certifications helpful PMP or project management training Business certifications optional	Prior offensive security certifications MBA or executive education Leadership development programs Industry recognition	Executive education programs Industry recognition often supersedes certifications Board governance training helpful CISSP, CISM for credibility if needed
Salary: US Gov't	$130,000 - $165,000 (GS-14 to GS-15)	$155,000 - $195,000 (GS-15 / SES equivalent)	$175,000 - $210,000 (GS-15 Step 10 / SES equivalent)
Salary: US Startup	$160,000 - $210,000 + equity	$190,000 - $270,000 + significant equity	$220,000 - $300,000 + significant equity
Salary: US Corporate	$150,000 - $195,000	$180,000 - $250,000	$200,000 - $280,000 + bonus

↑ Back to navigation

Sector	Notes
US Government	Based on General Schedule (GS) and Senior Executive Service (SES) pay scales. Actual compensation varies by locality pay area.
US Startup	Reflects venture-backed companies. Equity compensation can significantly increase total compensation.
US Corporate	Reflects Fortune 500 and large enterprise compensation. May include bonus structures of 10-30%+.

🔐 Security Titles

Offensive Security Professional Titles

Penetration Tester

Red Team - Analyst

Red Team - Engineer

Purple Team

Offensive Security Management

About This Framework

Salary Notes

Contributing