Offensive Security Engagement Coordinator

About The Position

Requirements

• 3+ years of experience in security program management or technical project management, preferably in an offensive security, penetration testing, or similar cybersecurity domain.
• Demonstrated ability to coordinate complex, concurrent projects across multiple stakeholders, ensuring timely delivery and risk management.
• Strong organizational skills, attention to detail, and experience with project management methodologies (e.g., Agile, Kanban) and tools (e.g., JIRA or similar).
• Familiarity with offensive security operations (red teaming, penetration testing, vulnerability management) and a solid understanding of the risk management lifecycle.
• Experience translating technical findings into business risk terms and managing a risk register or similar tracking system.
• Ideally, knowledgeable about frameworks like MITRE ATT&CK and risk assessment standards to contextually prioritize threats.
• Exceptional written and verbal communication skills.
• Proven ability to interface with technical teams and business leadership alike, convening meetings and delivering clear updates and readouts.
• Strong influence and relationship-building skills to manage expectations, negotiate schedules, and drive remediation efforts across cross-functional teams (engineering, security operations, risk, fraud).
• A track record of building trust through organized, reliable program execution.
• Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent experience.
• Project management training or certification (e.g., PMP, Agile/Scrum certification) is highly valued.
• Relevant security certifications (e.g., CISSP, CISM, or technical certs like OSCP) are a plus, demonstrating a mix of security domain knowledge and program management proficiency.

Nice To Haves

• Project management training or certification (e.g., PMP, Agile/Scrum certification) is highly valued.
• Relevant security certifications (e.g., CISSP, CISM, or technical certs like OSCP) are a plus, demonstrating a mix of security domain knowledge and program management proficiency.

Responsibilities

• Own end-to-end planning and scheduling of multiple concurrent engagements (red team operations, pentests, purple team exercises, etc.) based on priority and risk.
• Manage intake of new engagement requests, prioritizing and sequencing operations in alignment with enterprise risk priorities.
• Assign appropriate offensive security operators to each project based on skills and availability, ensuring balanced workloads and on-time delivery.
• Serve as the central coordination point for offensive engagements.
• Facilitate all key engagement meetings – from initial scoping/kickoff to peer reviews and wrap-up sessions.
• Keep engagements on track by monitoring timelines, deliverables, and dependencies, proactively resolving scheduling or logistical issues so that technical teams can maintain focus.
• Provide regular status updates to stakeholders (security leadership, asset owners, Risk Advisors) on engagement progress and roadblocks.
• Act as the primary liaison between the offensive team and stakeholders (security leadership, risk management, IT owners, fraud teams).
• Coordinate stakeholder readouts and debriefs – scheduling and facilitating post-operation briefings and executive summaries to discuss findings, business impacts, and recommended actions.
• Ensure that stakeholders, including risk and technology partners, are informed and engaged throughout engagements.
• Manage the output of offensive security operations by overseeing the identification, documentation, and closure of findings.
• Record and track all discovered vulnerabilities and risks in the enterprise risk register or issue tracking system, with accurate severity ratings and ownership assignments.
• Coordinate remediation and retesting efforts – work with system owners and risk teams to ensure timely remediation of findings, and schedule re-tests to validate that fixes are effective.
• Facilitate formal risk acceptance processes for any residual risks that cannot be fully mitigated, ensuring that all findings are resolved or appropriately dispositioned.
• Maintain and improve engagement processes to ensure consistency and quality across operations.
• Oversee weekly team huddles and quarterly backlog reviews to track progress, adjust priorities, and groom upcoming engagements.
• Ensure consistent use of project tracking tools (e.g., Jira) and templates for engagement planning and reporting.
• Enforce documentation standards for deliverables, including peer-reviewed reports, and capture attack tactics & techniques (TTPs) in the team’s knowledge repository for metrics and future reference.
• Identify opportunities to streamline workflows (e.g., automation of recurring tasks, improved reporting dashboards) and work with the team to implement improvements.
• Bridge the gap between offense, defense, and risk management.
• Liaise with security operations, fraud, and risk management colleagues to align offensive testing plans with top threats and risk scenarios.
• Ensure that each offensive engagement has clear objectives linked to enterprise risk priorities and that the results directly inform risk registers and defensive improvements.
• Collaborate on Purple Team exercises, coordinating efforts between red team operators and blue team defenders for joint simulations and knowledge exchange.

Benefits

• Hybrid working model
• Enhanced flexibility
• In-person learning, collaboration, and connection
• Mission-driven and highly collaborative culture
• Long-term financial wellbeing for clients
• Product and services that transform clients' lives
• Opportunities to learn and develop skills as individuals and as a team