Solstice is seeking a highly skilled and experienced Sr Adv Cyber Security Architect to build, lead, and continuously evolve its penetration testing program. This is a senior, hands-on leadership role in which the successful candidate will serve as the primary point of contact for penetration testing activities across the organization.

The role is responsible for designing a comprehensive penetration testing program, directly contributing to technical assessments, and mentoring a growing team of security professionals.

Key Responsibilities

Technical Responsibilities

Design, execute, and lead end-to-end penetration tests across a wide range of environments, including web applications, APIs, cloud infrastructure, internal and external networks, and mobile applications.

Conduct penetration testing across software-as-a-service and platform-as-a service environments, identifying unique risks and attack surfaces specific to cloud hosted and multi-tenant platforms. Perform AI and machine learning application security assessments, including testing of large language model applications for vulnerabilities such as prompt injection, model inversion attacks, data poisoning, insecure output handling, and training data leakage.

Simulate real-world adversarial attack scenarios using threat intelligence and red team methodologies.

Conduct vulnerability assessments, threat modeling, and risk analysis across diverse technology stacks.

Develop and maintain custom exploits, scripts, and tooling to support advanced testing scenarios.

Perform social engineering, phishing simulations, and physical security assessments as required.

Program Development and Leadership

Architect and build a comprehensive, scalable penetration testing program aligned with recognized industry frameworks, including OWASP, PTES, NIST, and MITRE ATT&CK.

Define penetration testing standards, methodologies, playbooks, and reporting templates.

Establish key performance indicators and metrics to measure the eAectiveness and maturity of the penetration testing program.

Serve as the primary point of contact for all internal and external penetration testing engagements.

Collaborate with Engineering, DevSecOps, Information Technology, Risk, and Compliance teams to integrate security testing into the software development lifecycle and continuous integration and delivery pipelines.

Manage relationships with third-party penetration testing vendors and coordinate external assessments.

Present findings, risks, and remediation strategies to executive leadership and technical stakeholders. Team Leadership and Mentorship

Lead, mentor, and develop a team of penetration testers at various skill levels.

Conduct regular knowledge-sharing sessions, red team exercises, and skills development programs.

Define career paths and growth frameworks for the penetration testing team.

Foster a culture of continuous learning and maintain awareness of the evolving threat landscape.

Recruit and onboard new team members as the program scales.

Key Responsibilities

• Leading the design and implementation of cyber security solutions to protect critical systems and data
• Conducting vulnerability assessments and penetration testing to identify and address security vulnerabilities
• Developing and implementing security policies, standards, and procedures to ensure compliance with industry regulations and best practices
• Collaborating with crossfunctional teams to integrate security controls into new and existing systems
• Providing guidance and support to internal stakeholders on cyber security best practices and incident response procedures

YOU MUST HAVE:

• 10+ years of hands-on penetration testing experience in enterprise environments. 
• Proven experience building or significantly maturing a penetration testing program. 
• Extensive experience testing software-as-a-service and platform-as-a-service environments and cloud-native applications. 
• Strong knowledge of OWASP, PTES, NIST 800-115, MITRE ATT&CK, and CVSS frameworks. 
• Demonstrated experience leading and mentoring technical security teams. 
• Strong understanding of secure coding practices and software development lifecycle integration. 
• Experience writing detailed, executive-ready penetration test reports. 
• Excellent written and verbal communication skills, with the ability to translate complex technical findings for non-technical audiences. 
• Experience working in regulated industries, such as finance, healthcare, or technology, is preferred.

WE VALUE:

Preferred Certifications Certification 

• OSCP (OAensive Security Certified Professional) 
• Issuing Body OAensive Security OSCE3 (OAensive Security Certified Expert 3) 
• OAensive Security CISSP (ISC)² Candidates with equivalent demonstrated experience and a strong portfolio will also be considered. 
• Soft Skills and Leadership Qualities 
• Exceptional communication skills, with the ability to present eAectively to executive leadership and technical teams. 
• Strategic thinking skills, with the ability to balance hands-on responsibilities and program-level planning. 
• Adaptability and forward-looking judgment to stay ahead of emerging threats and technologies. Collaborative leadership skills and the ability to build strong cross-functional relationships. 
• Results-oriented mindset with the ability to prioritize and manage muCloud and Modern Architecture  Demonstrated understanding of Amazon Web Services, Microsoft Azure, and Google Cloud Platform security models and attack surfaces. 
• Experience testing containerized environments, including Docker and Kubernetes. 
• Familiarity with serverless architectures and microservices security. 
• Experience with API security testing, including REST, GraphQL, and SOAP. AI and LLM Security
•  Knowledge of the OWASP Top 10 for LLM Applications.  Understanding of artificial intelligence governance, model risk, and responsible artificial intelligence security principles. 
• Ability to develop custom test cases for generative artificial intelligence systems.ltiple engagements simultaneously. 
• Commitment to mentorship and developing the next generation of security professionals. 
• Strong attention to detail, analytical thinking, and problem-solving skills.

S PERSON REQUIREMENT

Due to compliance with US export control laws and regulations, candidate must be a us person, which is defined as, a US citizen, a US permanent resident, or have protected status in the US under asylum or refugee status.

COMPENSATION

The annual base range for this position is $168,140-$210,469. Please note that this salary information serves as a general guideline. Solstice considers various factors when extending an offer, including but not limited to the scope and responsibilities of the position, the candidate's work experience, education and training, key skills, as well.

BENEFITS OF WORKING FOR SOLSTICE ADVANCED MATERIALS

In addition to a competitive salary, leading-edge work, and developing solutions side-by-side with dedicated experts in their fields, Solstice Advanced Materials employees are eligible for a comprehensive benefits package. This package includes employer-subsidized Medical, Dental, Vision, and Life Insurance; Short-Term and Long-Term Disability; 401(k) match, Flexible Spending Accounts, Health Savings Accounts, EAP, and Educational Assistance; Parental Leave, Paid Time Off (for vacation, personal business, sick time, and parental leave), and 12 Paid Holidays.

The application period for the job is estimated to be 40 days from the job posting date; however, this may be shortened or extended depending on business needs and the availability of qualified candidates.

Solstice Advanced Materials is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, religion, or veteran status.