Manager

Job Title: Manager – Offensive Security (IC Role / Operational Lead)

We’re seeking a highly skilled offensive security specialist to lead and drive offensive security operations within our cybersecurity program. While this is an individual contributor (IC) position, the title “Manager” reflects the role’s strategic and operational leadership — not people management.

The ideal candidate will have 5–7 years of hands-on experience in red teaming, adversary simulation, or penetration testing, with a strong grasp of attack techniques and the ability to plan, coordinate, and execute advanced offensive assessments. You will be responsible for shaping offensive engagements, guiding technical direction, collaborating with internal teams, and ensuring that offensive operations align with real-world threats and business risk.

If you're a technically strong operator who can lead from the front, connect offensive insights to organizational impact, and drive continuous improvement in testing capabilities, this role is for you.

Key Responsibilities:

• Lead offensive security operations end-to-end — from scoping and planning to execution and reporting.
• Design, coordinate, and execute advanced attack simulations aligned to the MITRE ATT&CK framework.
• Develop and lead Red Team and adversary emulation campaigns across infrastructure, applications, and cloud environments.
• Identify and exploit security gaps using real-world TTPs including privilege escalation, lateral movement, and domain dominance.
• Collaborate closely with defensive teams during Purple Team exercises to enhance detection and response capabilities.
• Own and improve Red Team methodologies, tools, playbooks, and workflows.
• Deliver high-quality technical reports and executive-level summaries with clear articulation of attack paths, risks, and mitigations.
• Stay ahead of the curve on evolving attacker techniques and incorporate them into offensive strategy.
• Mentor junior red teamers and act as the primary technical escalation point for offensive assessments.
• Represent offensive operations in internal security reviews and technical steering meetings.

Experience:

• 5–7 years of hands-on experience in Red Teaming, Penetration Testing, or Offensive Security roles.
• Proven experience in leading complex offensive assessments across enterprise environments.
• Experience in managing offensive operations, engagement lifecycle, and cross-team coordination.

Technical Skills:

• Deep understanding of Windows and Linux internals, enterprise AD security, and cloud attack surfaces.
• Proficient in lateral movement techniques, domain escalation, Kerberoasting, delegation abuse, and token manipulation.
• Comfortable with C2 frameworks (e.g., Cobalt Strike, Sliver, Mythic) and OPSEC-aware post-exploitation.
• Hands-on experience with tools like BloodHound, Mimikatz, Rubeus, Responder, SharpHound, Burp Suite, etc.
• Strong familiarity with the MITRE ATT&CK framework and applying it operationally.
• Scripting experience in PowerShell, Python, or Bash for PoCs, tooling, or automation.

Communication & Reporting:

• Strong technical documentation and reporting skills — ability to translate offensive findings into structured, actionable reports.
• Ability to confidently present findings, attack paths, and risk narratives to both technical and leadership stakeholders.
• Skilled in articulating the business impact of technical vulnerabilities and threat scenarios.

Preferred Qualifications:

• Experience leading Purple Team engagements and cross-functional security exercises.
• Exposure to threat intelligence-led Red Teaming methodologies (e.g., TIBER-EU, CBEST).
• Familiarity with Application Security (AppSec) testing methodologies.
• Exposure to AI/ML Red Teaming or adversarial testing of AI models and pipelines.
• Understanding of EDR/AV evasion, payload delivery, and defense bypass strategies.
• Experience in building offensive tools or attack automation frameworks.
• Relevant certifications: OSCP, CRTO, CRTP, OSEP, or equivalent.