OVERVIEWPosition Manager - Offensive Security Job Code Reports to Head of Cybersecurity Direct Reports Division/Section Technology & Science Department Cybersecurity Sector Oxagon Job Family Role Purpose The Manager of Offensive Security is instrumental in safeguarding the organization's assets from external and internal threats. This individual drives proactive measures through penetration testing and red team activities, simulating advanced adversaries to identify and rectify vulnerabilities before they are exploited. Tasked with constantly challenging and validating the organization's security posture, the ideal candidate possesses a mix of deep technical skills, a hacker's curiosity, and the strategic foresight to anticipate the next wave of threats. The Manager of Offensive Security is not only a technical expert but also a leader, guiding a team of ethical hackers in their mission to secure the organization. KEY ACCOUNTABILITIES & ACTIVITIESCore Mandate• Lead, design, and execute comprehensive penetration testing and red team campaigns against the organization's assets, ensuring a constant assessment of potential vulnerabilities.• Manage a team of offensive security professionals, fostering an environment of continuous learning, innovation, and dedication.• Oversee and support service providers for the deployment & operations of SIEM solution for OXAGON including the integration, configuration, and customization of use cases.• Collaborate with defensive security teams to provide feedback and insights from offensive campaigns, bridging the gap between detection and exploitation.• Stay abreast of the latest cyber threats, tactics, techniques, and procedures (TTPs) and ensure the team is equipped to simulate these advanced persistent threats.• Create detailed reports post engagements, outlining vulnerabilities, risks, and recommended remediations, presenting them to both technical and non-technical stakeholders.• Engage with external penetration testing firms or consultants as needed, overseeing their activities to ensure maximum value.• Design and lead training initiatives to spread security awareness throughout the organization, ensuring everyone is equipped to recognize and report potential threats.• Build and maintain a state-of-the-art offensive security lab environment to support research and development.• Coordinate with legal, compliance, and other relevant departments to ensure all offensive security activities are compliant with regulations and standards.• Advocate for the necessary tools, resources, and training to keep the offensive security team at the forefront of the field. BACKGROUND, SKILLS & QUALIFICATIONSKnowledge, Skills and Experience• Strong background in cybersecurity with specific expertise in offensive security methodologies.• Proven experience in managing and executing penetration testing, vulnerability assessments, and red team operations.• Familiarity with various penetration testing tools (e.g., Metasploit, Burp Suite, Cobalt Strike) and environments (e.g., Windows, Linux, mac OS).• Proven experience and knowledge in utilizing Cyber Vulnerability tools such as Qualys, Tenable, * Microfocus for EDR and Application Security.• Ability to communicate complex security issues and their implications to a broader audience, including executive leadership.• Proficiency in scripting languages (e.g., Python, Bash, or Power Shell) is a plus with strong analytical and problem-solving skills, and a keen attention to detail. Qualifications• Bachelor's or Master's degree in Cybersecurity, Information Technology, Computer Science, or related fields.• Professional certifications such as OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), or equivalent are highly recommended.• A minimum of 5 years of experience in a cybersecurity role, with at least 2 years in offensive security or red team operations.• Demonstrable history of continued professional development, including attending relevant conferences, workshops, or training sessions in the field of offensive security.• Participation in Capture The Flag (CTF) challenges or contributions to the cybersecurity community would be a notable advantage. COMMUNICATION - MAIN STAKEHOLDERSInternal
#J-18808-Ljbffr