Sr Manager, Offensive Security

About The Position

Requirements

• 8+ years of experience in offensive security, penetration testing, red teaming, or ethical hacking
• 4+ years of direct people leadership experience managing technical cybersecurity teams
• 3+ years of experience managing complex, global projects and initiatives across multiple regions
• Expert-level understanding of adversarial tactics, techniques, and procedures (TTPs), the cyber kill chain, and MITRE ATT&CK framework
• Extensive hands-on experience across multiple testing disciplines: application, cloud, network, infrastructure, hardware, and mobile penetration testing
• Demonstrated ability to lead teams through all stages of a cyber-attack lifecycle (reconnaissance, scanning, enumeration, gaining access, privilege escalation, maintaining access, network exploitation, and covering tracks)
• Qualified to mentor analysts in examining system and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, SQL injection, race conditions, return-oriented attacks, malicious code)
• Proven ability to operate with minimal oversight, make quick and effective decisions, and navigate ambiguity in fast-paced, deadline-driven environments
• Mastery of commercial and open-source offensive security tools and frameworks

Nice To Haves

• Professional certifications such as OSCP, OSCE3, GXPN, GCPN, GCDA, GPEN, GWAPT, CRTO, CEH, or equivalent
• Expert understanding of cloud security architectures (Azure, AWS, GCP) and modern application/API security testing
• Experience with C2 frameworks (e.g., Cobalt Strike, Mythic, Sliver), BAS platforms (e.g., SafeBreach), and EASM tools
• Experience managing vulnerability disclosure programs (VDP), bug bounty programs, or coordinated disclosure processes
• Strong understanding of SIEM/SOAR platforms, detection engineering workflows, and how offensive findings integrate with defensive operations
• Experience managing MSSP relationships, vendor SOWs, and hybrid delivery models for offensive security services

Responsibilities

• Own day-to-day operations of McDonald's Offensive Security program, including intake management, assessment scheduling, scoping, rules of engagement, execution oversight, and reporting
• Manage complex, concurrent testing engagements across cloud, network, infrastructure, hardware, application, mobile, and SaaS environments
• Serve as the primary customer-facing point of contact for internal stakeholders
• Plan and execute Red Team operations, adversary simulations, and adversary emulation exercises informed by real-world threat intelligence and the MITRE ATT&CK framework
• Design and lead custom Cyber Defense Exercises (CDX), tabletop simulations, social engineering campaigns, and physical security assessments
• Translate complex technical findings into actionable, risk-ranked business impact assessments for executive leadership, including CIO and CISO audiences
• Develop, measure, and track metrics and KPIs to assess the performance, effectiveness, and business value of offensive security operations
• Produce high-quality technical reports, executive summaries, findings documentation, and remediation recommendations
• Serve as the people leader for all offensive security individual contributors (penetration testers, red team operators, offensive security analysts) across the US and UK
• Provide hands-on technical guidance and mentorship — able to work side-by-side with the team on complex assessments while coaching junior and senior analysts alike
• Support the Director in defining and executing the offensive security strategy, roadmap, and program objectives aligned to enterprise risk priorities
• Collaborate cross-functionally with different teams to ensure offensive findings feed into unified remediation pipelines

Benefits

• health and welfare benefits
• comprehensive health insurance
• medical coverage
• prescription drug coverage
• mental health coverage
• dental coverage
• vision coverage
• life insurance
• Bonus eligible
• Long term Incentive eligible