Manager, Offensive Security

About The Position

Requirements

• 10+ years of hands-on offensive security experience including penetration testing, vulnerability assessment, and ethical hacking
• Experience in leading a red team against a large, complex target strongly preferred
• Background in security research or academic security work
• A solid understanding of common technology such as Active Directory, O365, cloud platforms (AWS and Azure), Windows, OS X and Linux operating systems, mobile operating systems, networking etc.
• A solid understanding of application security standards (OWASP, ASVS, etc.) is highly desired
• Experience working in collaborative, cross-functional environments
• Leadership experience with ability to influence without direct authority
• Strong verbal and written communication skills for communicating with both engineering and business stakeholders

Nice To Haves

• Infosec Community engagement including bug bounties, blogs, CVEs, or conference talks
• OSCP, OSCE, GPEN, GWAPT, CRTP/CRTA certifications

Responsibilities

• Design, implement, and manage comprehensive offensive security programs including penetration testing, red team exercises, and security assessments
• Lead internal and external penetration testing initiatives across web applications, mobile applications, network infrastructure, and cloud environments
• Develop and maintain offensive security methodologies, frameworks, and testing procedures
• Conduct advanced threat-modelling and attack simulation exercises
• Collaborate with development teams to integrate security testing into SDLC processes
• Proven track record of building and scaling responsible disclosure programs
• Experience working with bug bounty platforms (HackerOne, Bugcrowd, etc.)
• Strong project management skills with ability to coordinate multiple concurrent initiatives
• Experience developing policies, procedures, and operational frameworks