Role Purpose
- Leading offensive security operations, including penetration testing, red teaming, and vulnerability assessments.
Key Responsibilities
- Lead and manage a team of offensive security professionals, including penetration testers, red team members, and vulnerability analysts. Provide mentorship, training, and performance feedback to team members.
- Collaborate with cross-functional teams, including IT, development, and operations, to prioritize and remediate security vulnerabilities identified through offensive security testing. Communicate findings and recommendations to technical and non-technical stakeholders.
- Plan, coordinate, and execute offensive security operations, including penetration tests, red team exercises, and vulnerability assessments, to identify and exploit security weaknesses in our systems, networks, and applications.
- Continuously assess and improve offensive security practices, methodologies, and tools based on industry trends, lessons learned from previous engagements, and feedback from stakeholders.
- Risk/Findings audit to be fulfilled
- Ensure staff are informed and trained to support good corporate governance in their specific areas of work.
Knowledge
- Penetration Testing: In-depth knowledge of penetration testing methodologies, including reconnaissance, enumeration, exploitation, post-exploitation, and reporting.
- Red Teaming: Understanding of red teaming techniques and tactics to simulate real-world cyber attacks and assess an organization's security postureVulnerability Assessment: Proficiency in conducting vulnerability assessments across various attack surfaces, including networks, systems, applications, and cloud environments.
- Vulnerability Assessment: Proficiency in conducting vulnerability assessments across various attack surfaces, including networks, systems, applications, and cloud environments.
- Exploit Development: Familiarity with exploit development techniques and methodologies to identify and exploit security vulnerabilities.
- Scripting and Programming: Proficiency in scripting and programming languages such as Python, PowerShell, or Bash for automation, tool development, and exploit scripting.
- Regulatory Compliance: Understanding of relevant laws, regulations, and industry standards related to offensive security testing, including legal and ethical considerations.
- Cybersecurity : Knowledge of cybersecurity principles, practices, technologies, and regulatory requirements.
Qualifications
Technical
- Penetration tests, vulnerability assessments, and security audits (VAPT)
- Red teaming exercises and adversarial simulation techniques.
- Metasploit , Burp Suite, Nmap
- Scripting languages (e.g., Python, PowerShell)
- MobSF (Mobile Security Framework)
- Drozer
- OWASP Mobile Security Testing Guide (MSTG)
Non-technical
- Collaborative Leadership
- Time Management Skills
- Vision and Strategy
- Conflict Management Skills
- Emotional Resilience
Other Information
- Experience in leading and managing offensive security operations, including penetration tests, red team exercises, and vulnerability assessments.Experience with threat intelligence analysis, security research, and incident response support.Minimum of 3 years of experience in offensive security roles, with at least 2 years in a leadership or supervisory position.
- Bachelor's degree in computer science, information security, or a related field. Master's degree preferred.Offensive Security Certifications: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), or similar certifications highly desired.
