Senior Manager of Offensive Security

About The Position

Requirements

• Experience: Minimum of 10+ years in cybersecurity, with at least 5 years specifically in offensive security roles and 2+ years in a leadership or management capacity.
• Technical Expertise: Deep knowledge of security frameworks like the MITRE ATT&CK framework, Cyber Kill Chain, and advanced exploitation techniques (e.g., AD, cloud, and applications attacks).
• Certifications: Possession of advanced industry certifications such as OSCP, OSEP, OSWE, GXPN or similar
• Infrastructure Knowledge: Proficient in attacking and defending diverse environments including AWS/Azure/GCP, Kubernetes, and hybrid-cloud architectures.
• Hands-on AI Testing: Proven experience in automating red teaming for GenAI and proficiency in using AI offensive tools like PyRIT, Prompfoo, Xbow or Counterfit to build and stage AI powered attacks
• Tooling Proficiency: Advanced experience with red team and penetration testing tools such as Cobalt Strike, Burp Suite Pro, Metasploit, BloodHound, and Sliver.
• Programming Skills: Strong ability to code or script in Python, PowerShell, Go, or C++ for exploit development and task automation.
• Analytical Thinking: Proven ability to connect individual vulnerabilities into complex attack chains that demonstrate significant business impact.
• Ethical Integrity: A flawless record of ethical conduct and the ability to handle extremely sensitive access and information with total discretion.

Nice To Haves

• Telecom expertise is preferred

Responsibilities

• Strategic Leadership: Develop and execute a multi-year roadmap for offensive security, including red teaming, penetration testing, bug bounty, and vulnerability research.
• Adversary Emulation: Design and lead full-scope red team engagements that simulate Advanced Persistent Threats (APTs) to test detection and response capabilities.
• Program Management: Oversee the end-to-end lifecycle of offensive engagements, from initial scoping and Rules of Engagement (RoE) to final reporting.
• Purple Teaming: Facilitate collaborative "Purple Team" exercises with Detection and Response (TDR) to improve detection logic and incident response playbooks.
• Executive Communication: Translate complex technical findings into actionable business risk assessments for C-suite executives and Board members.
• Team Mentorship: Recruit, retain, and develop a high-performing team of offensive security engineers, providing technical guidance and career coaching.
• Vulnerability Management Integration: Partner with vulnerability management, product, and engineering to ensure that findings from offensive tests are prioritized and remediated effectively.
• Tooling & Automation: Oversee the development of custom scripts, payloads, and C2 (Command and Control) frameworks to enhance the team’s stealth and efficiency.
• Adversarial AI Testing: Conduct specialized threat modeling for AI-native applications, focusing on the OWASP Top 10 for LLMs and MITRE ATLAS (Adversarial Threat Landscape for AI Systems).
• AI attacks and mitigations: Design and execute manual and automated Prompt Injection & Jailbreaking to bypass model guardrails, system prompts, and safety filters.
• Regulatory Compliance: Ensure all offensive activities align with legal, ethical, and regulatory standards (e.g., GDPR, SOC2, PCI-DSS).
• Threat Intelligence Integration: Incorporate current Cyber Threat Intelligence (CTI) into attack scenarios to ensure they reflect the latest real-world TTPs (Tactics, Techniques, and Procedures).
• Third-Party Oversight: Manage relationships and quality control for external security consultancy firms performing third-party penetration tests.
• Research & Development: Encourage and lead research into emerging technologies to identify future attack vectors.
• Cross-Functional Collaboration: Work closely with Product and Engineering teams to bake security into the Software Development Life Cycle (SDLC) through testing and assessments

Benefits

• Working at Twilio offers many benefits, including competitive pay, generous time off, ample parental and wellness leave, healthcare, a retirement savings program, and much more.