Director- Offensive Security

About The Position

Requirements

• Bachelor’s degree from accredited university or college with minimum of 8 years of professional experience OR Associates degree with minimum of 11 years of professional experience OR High School Diploma with minimum of 13 years of professional experience
• Minimum of 5 years of specific experience in offensive security, penetration testing, and/or Red Team operations
• Demonstrated people leadership experience leading and developing technical teams (including performance management and talent development).
• Demonstrated experience overseeing penetration testing services, including web application testing and broader multi-layer (Defense-in-Depth) assessments.
• Demonstrated experience leading Red Team engagements, including safe execution, stakeholder alignment, and high-quality reporting.
• Experience managing third-party vendors/consultants supporting security delivery.
• This role requires access to U.S. export-controlled information. Therefore, employment will be conditioned upon the ability to prove that you meet the status of a U.S. Person as one of the following: U.S. lawful permanent resident, U.S. Citizen, have been granted asylee or refugee status (i.e., a protected individual under the Immigration and Naturalization Act, 8 U.S.C. 1324b(a)(3)).

Nice To Haves

• Experience assessing or leading engagements in OT and/or embedded/on-product environments, including uptime- and safety-sensitive contexts.
• Experience maturing an offensive security program using repeatable playbooks, automation, governance, and metrics.
• Experience owning or administering offensive security tooling and engagement management platforms (for example, AttackForge, Nessus), including budget/contract accountability.
• Purple-team experience partnering with detection engineering/SOC to validate telemetry, tune detections, and demonstrate defensive improvements.
• Relevant certifications (desired, not required): OSCP/OSWE/OSCE, GPEN/GXPN, GCIH, CISSP, or equivalent demonstrated expertise.

Responsibilities

• Hire, lead, coach, and retain an expert team; establish goals, role clarity, performance expectations, and development plans; build succession and continuity.
• Define and execute the offensive security strategy, including an automation-first and AI-enabled operating model that scales penetration testing, adversary emulation, and continuous security validation across IT, cloud, product, OT, and AI/ML environments. Drive roadmap priorities across talent, tooling, process standardization, service maturity, and measurable risk reduction.
• Own end-to-end engagement delivery for web application penetration testing, Defense-in-Depth assessments, and Red Team operations, including intake, scope definition, scheduling, quality review, and executive/stakeholder communications.
• Direct stealth and overt engagements; establish rules of engagement, testing safety controls, deconfliction, and coordination with detection and incident response teams.
• Ensure assessments address application, infrastructure, identity, cloud, product/software, and OT considerations (as applicable), balancing thoroughness with operational reliability.
• Manage vendor relationship(s) supporting Red Team activities, including SOW/SLAs, onboarding/offboarding, service quality, and cost management.
• Own the offensive security tool portfolio and contracts (for example, Nessus, AttackForge), including renewals, license management, usage optimization, secure operations, and capability roadmap.
• Partner with vulnerability management, product security, engineering, and infrastructure teams to ensure findings are actionable, prioritized, tracked, and re-tested as appropriate.
• Define and maintain assessment methodologies, reporting standards, and measurable KPIs (coverage, cycle time, remediation progress, repeat findings, and detection/control validation).

Benefits

• professional development
• challenging careers
• competitive compensation
• Relocation Assistance Provided: No