Senior Offensive Security Manager

About The Position

Requirements

• Minimum of 8 years in offensive security (penetration testing, red teaming, vulnerability research, or exploit development).
• At least 4 years in a people management or leadership capacity, including experience managing managers or tech leads.
• Demonstrated experience attacking AI/ML systems (adversarial ML research, LLM red teaming, agentic system exploitation, or building offensive tooling for AI targets).
• Understanding of AI attack vectors such as prompt injection, indirect prompt injection, tool-use confusion attacks, and RAG poisoning.
• Demonstrated ability to build and scale an offensive security program from the ground up or significantly mature an existing one.
• Experience setting OKRs, managing budgets, and presenting to executive leadership.
• Deep understanding of the modern threat landscape and its application to cloud-native, API-first, and AI-native architectures.
• Hands-on experience with AI-augmented pentesting tools (e.g., PentestGPT, Horizon3, custom LLM-based fuzzing) and AI red team frameworks (e.g., Microsoft PyRIT, Garak, custom harnesses).
• Ability to manage non-deterministic AI outputs in offensive tooling and target systems.
• Ability to present complex exploit chains, including AI-specific attack paths, to developers in an inspiring manner.
• Preference for building automated 'exploit-as-code' validators over manual testing.
• Ability to architect evaluation harnesses and adversarial test suites for ML models.

Nice To Haves

• Track record of contributions to the offensive security or AI security community (conference talks, tool releases, published research, CVEs, or active participation in OWASP, MITRE, or similar working groups).
• Relevant certifications such as OSCP, OSCE, OSEP, GXPN, GPEN, CRTP, or equivalent.
• AI/ML-specific credentials (e.g., GIAC GMAI) are a differentiator.
• Deep familiarity with AWS security primitives, cloud-native attack paths, and container/Kubernetes exploitation.
• Experience with API-specific attack methodologies (BOLA, BFLA, mass assignment, GraphQL abuse, gRPC exploitation).
• Familiarity with how offensive security outputs map to SOC 2 Type II, ISO 27001, ISO 42001, FedRAMP, or CMMC control evidence.

Responsibilities

• Define and execute the multi-year offensive security roadmap, aligning Red Team, Purple Team, and continuous validation capabilities with Postman's threat landscape and business priorities.
• Establish and scale a dedicated offensive capability for AI/ML systems, including adversarial testing of LLM integrations, agentic workflows, RAG pipelines, and model-serving infrastructure.
• Develop AI threat intelligence by tracking the evolving AI threat landscape and translating research into red team playbooks and detection hypotheses.
• Lead structured adversarial campaigns against Postman's LLM deployments and AI agents, targeting various vulnerabilities like prompt injection and data exfiltration.
• Design and deploy AI-based penetration testing platforms and autonomous agents for continuous security validation.
• Integrate automated breach and attack simulation (BAS) into CI/CD pipelines, including AI model deployment pipelines.
• Build, manage, and scale a high-performing team of offensive security engineers, including specialized AI red team operators.
• Identify and hire talent at the intersection of offensive security and AI/ML, and develop internal training paths for cross-skilling.
• Lead live 'Exploitable Demonstrations' to educate engineering teams on vulnerabilities and AI-specific attack vectors.
• Translate offensive findings into business-level risk narratives for executive leadership and stakeholders.
• Partner with GRC on audit evidence and compliance posture derived from offensive operations.
• Collaborate with Product Security, Security Operations, and Engineering to ensure offensive findings drive measurable improvements.

Benefits

• Competitive equity package
• Flexible schedule
• Full medical coverage
• Flexible PTO
• Wellness reimbursement
• Monthly lunch stipend
• Wellness programs
• Frequent and fascinating team-building events
• Donation-matching program