Director of Offensive Security

About The Position

Requirements

• 15+ years in offensive security with demonstrated hands-on depth across at least three of: network penetration testing, red team operations, cloud penetration testing, application exploitation, hardware and firmware attack research, or advanced adversary emulation
• 5+ years leading offensive security teams, including direct accountability for hiring specialized offensive talent, managing operational security of red team infrastructure, and operating under formal rules of engagement against production systems
• Demonstrated red team leadership against mature target environments: environments with functioning SOC, EDR, and IR capability, not greenfield pentest targets
• Deep operational fluency with MITRE ATT&CK v15 and ATT&CK Navigator for coverage mapping, adversary emulation planning using frameworks such as MITRE CALDERA or Atomic Red Team, and purple team execution models
• Hands-on capability with production-grade offensive tooling: C2 frameworks (Cobalt Strike, Mythic, Sliver, or equivalent), exploitation frameworks, custom tool development, and operational security for red team infrastructure
• Strong command of cloud and container offensive tradecraft: Kubernetes attack paths, cloud IAM privilege escalation chains, service mesh and sidecar abuse, and multi-tenant isolation testing
• Fluency with CWE, CVSS v3.1 and v4.0, OWASP Top 10, SANS CWE Top 25, and the CIS Controls v8 Penetration Testing domain (Control 18)
• Experience integrating offensive findings into engineering workflow systems (Jira or equivalent) with enforceable SLA tracking, not report-and-walk-away engagements
• Demonstrated ability to execute offensive work against production with appropriate authorization, blast radius control, and executive communication discipline
• Exceptional written communication: findings must stand up to scrutiny from engineering leadership who will push back, and from auditors and customers who will consume the output

Nice To Haves

• OSCP, OSEP, OSED, GXPN, GPEN, or CRTO certifications; CISSP alone is not sufficient evidence of hands-on offensive capability
• Prior experience building an offensive security function from scratch, not inheriting an existing one
• HPC, bare-metal, or hyperscale data center offensive assessment experience
• Published CVE credits, conference talks (DEF CON, Black Hat, Offensive Con, Recon), or public offensive research
• Background in threat intelligence consumption for adversary emulation planning (CTI-led red teaming)
• Experience with sovereign cloud, export-controlled, or financial services customer environments

Responsibilities

• Build and run a continuous red team program against the production NMC² environment: HPC clusters, multi-tenant Kubernetes, bare-metal provisioning infrastructure, customer network fabric, identity plane, and the internal control surface itself (SIEM, EDR, IAM, PAM)
• Execute adversary emulation campaigns aligned to MITRE ATT&CK v15 TTPs relevant to our threat model: financially motivated access brokers (e.g., TTP sets associated with initial access brokers targeting financial services customers), APT groups with demonstrated interest in research computing and scientific workloads, and insider threat scenarios covering privileged operator abuse
• Independently validate detection and response efficacy: every red team operation produces a detection coverage report measured against the SOC and IR functions, including time-to-detect, time-to-contain, and detection gap inventory by ATT&CK technique ID
• Own the purple team feedback loop: every undetected TTP becomes a tracked detection engineering deliverable with owner and SLA, every detected-but- unresponded TTP becomes a tracked IR playbook deliverable
• Run continuous attack surface validation against production, not just pre-production, with a documented rules-of-engagement framework, blast radius controls, and CISO-level authorization gates for destructive or high-risk techniques
• Lead threat-led penetration testing of the HPC-specific attack surface: Slurm and workload manager abuse, GPU driver and firmware attack paths, InfiniBand and RDMA fabric isolation, scheduler privilege escalation, cross-tenant lateral movement in shared compute, and scientific software supply chain compromise
• Own offensive validation of cloud and Kubernetes controls: IAM boundary testing, cross-account and cross-tenant escape attempts, container breakout chains, service mesh bypass, admission controller evasion, and secrets management integrity
• Drive threat modeling at design stage for new platform capabilities and major architecture changes, producing adversarial design reviews that the CISO signs off on before build
• Manage the external pentest and red team vendor portfolio: scoping, vendor selection, quality control of deliverables, and integration of external findings into the internal remediation tracking system
• Build and maintain the offensive tooling stack including custom implants, C2 infrastructure, and internal exploit development capability, with clear controls on tool custody, source code management, and destruction protocols
• Define and publish offensive security KPIs to CISO and board level: coverage against MITRE ATT&CK technique inventory, mean time to compromise from assumed-breach scenarios, control validation pass rate by control family, remediation velocity on P1 and P2 findings, and repeat finding rate
• Issue formal assessment reports using CWE classification, CVSS v3.1 base and environmental scoring, and explicit exploitation evidence; findings are attestations, not suggestions
• Champion an adversarial engineering culture across Platform and Security Engineering through documented attack patterns, regular internal briefings, and integration of offensive findings into developer tooling and CI/CD gates

Benefits

• Company-Paid Lunch Stipend: Lunch is provided via GrubHub
• 100% Employer-Paid Medical in our High Deductible Health Plan, Dental and Vision benefits for employees and their families
• 16 weeks of Paid Parental Leave
• Employee Assistance Program
• Life insurance
• Short-Term Disability and Long-Term Disability
• Company will match 100% of your contributions up to 6% (401k)
• Medical insurance in our PPO plan
• Health Savings Accounts (with Company Contribution!)
• Flexible Spending Accounts
• Supplemental Life Insurance
• Wellhub
• 25 days of Paid Time Off plus 12 company holidays