Offensive Security Lead

Job Description:

Seeking a skilled offensive Security lead, pivotal in running offensive related (penetration testing, red teaming) efforts for the whole organization. within a team running security operations services for the whole organization, the offensive lead spearhead comprehensive security testing programs that bring value to the different business units and teams of the organization. collaborating with customers, perform penetration testing, development of new services, and coaching the team, as well as closely working with external partners to deliver well scoped and value driven offensive services to the organization. There's a big offensive program currently running and the offensive lead will use their experience in offensive testing, reviews and helping teams get value from finding, both short term risk-based remediation and mitigations as well as learnings and long-term best practices establishment for an increasing security maturity of the organization.

In this role, the candidate will contribute to shaping the company's cybersecurity strategy, and practice in offensive security, employing solutions and processes, and helping customer to better defend its infrastructure, applications and assets, and more efficiently pentest, or perform red teaming operations that will bring value in lowering the security risk in an evolving complex landscape of cyber threats.

Responsibilities:

Develop and oversee comprehensive security testing, penetration testing, and vulnerability assessments.

Lead penetration testing campaigns and adversary simulation engagements throughout the organization.

Collaborate with Vulnerability Management to prioritize vulnerabilities for remediation based on risk.

Generate actionable reports derived from testing activities and recommend remediation steps.

Coordinate with cross-functional teams to ensure alignment on security initiatives.

Facilitate security awareness programs and training across the organization.

Evaluate and manage security testing tools for optimal effectiveness.

Stay updated with the latest security threats and integrate them into the testing program.

Ensure compliance with industry standards and regulatory requirements.

Communicate risk exposure and its consequences to non-technical stakeholders.

Drive capabilities and methodologies within the cybersecurity function.

Requirements:

Degree or equivalent technical training in information security, computer science, IT or related field.

Five years of experience in information security testing, ethical hacking, red team methodologies and tools, and overall exposure security assessments, ideally including experience in an internal role.

Strong understanding of cloud environments, networks, web applications and operating systems.

Experience with data analysis, performing complex analysis, and investigation of issues, and most importantly understanding their business impact for a risk based prioritization and remediation/mitigation advice for action to stakeholders involved.

Relevant industry certifications like GPEN, OSCP, OSCE, CRTO, CRTP, PNPT, and experience working with frameworks like MITRE ATT&CK/D3FEND)and security-related legal and regulatory requirements (ISO 27001, NIST etc.).

Strong problem-solving skills and leadership abilities, with good interpersonal skills to build relationships and communicate findings professionally, with fluency in written and spoken English.