Manager

Job Title: Manager – Offensive Security (IC Role / Operational Lead)

highly skilled offensive security specialist

individual contributor (IC)

strategic and operational leadership

5–7 years of hands-on experience

lead from the front

Key Responsibilities

• Lead offensive security operations end-to-end — from scoping and planning to execution and reporting.
• Design, coordinate, and execute advanced attack simulations aligned to the MITRE ATT&CK framework.
• Develop and lead Red Team and adversary emulation campaigns across infrastructure, applications, and cloud environments.
• Identify and exploit security gaps using real-world TTPs including privilege escalation, lateral movement, and domain dominance.
• Collaborate closely with defensive teams during Purple Team exercises to enhance detection and response capabilities.
• Own and improve Red Team methodologies, tools, playbooks, and workflows.
• Deliver high-quality technical reports and executive-level summaries with clear articulation of attack paths, risks, and mitigations.
• Stay ahead of the curve on evolving attacker techniques and incorporate them into offensive strategy.
• Mentor junior red teamers and act as the primary technical escalation point for offensive assessments.
• Represent offensive operations in internal security reviews and technical steering meetings.
  

Experience

• 5–7 years of hands-on experience in Red Teaming, Penetration Testing, or Offensive Security roles.
• Proven experience in leading complex offensive assessments across enterprise environments.
• Experience in managing offensive operations, engagement lifecycle, and cross-team coordination.
  

Technical Skills

• Deep understanding of Windows and Linux internals, enterprise AD security, and cloud attack surfaces.
• Proficient in lateral movement techniques, domain escalation, Kerberoasting, delegation abuse, and token manipulation.
• Comfortable with C2 frameworks (e.g., Cobalt Strike, Sliver, Mythic) and OPSEC-aware post-exploitation.
• Hands-on experience with tools like BloodHound, Mimikatz, Rubeus, Responder, SharpHound, Burp Suite, etc.
• Strong familiarity with the MITRE ATT&CK framework and applying it operationally.
• Scripting experience in PowerShell, Python, or Bash for PoCs, tooling, or automation.
  

Communication & Reporting

• Strong technical documentation and reporting skills — ability to translate offensive findings into structured, actionable reports.
• Ability to confidently present findings, attack paths, and risk narratives to both technical and leadership stakeholders.
• Skilled in articulating the business impact of technical vulnerabilities and threat scenarios.
  

Preferred Qualifications

• Experience leading Purple Team engagements and cross-functional security exercises.
• Exposure to threat intelligence-led Red Teaming methodologies (e.g., TIBER-EU, CBEST).
• Familiarity with Application Security (AppSec) testing methodologies.
• Exposure to AI/ML Red Teaming or adversarial testing of AI models and pipelines.
• Understanding of EDR/AV evasion, payload delivery, and defense bypass strategies.
• Experience in building offensive tools or attack automation frameworks.
• Relevant certifications: OSCP, CRTO, CRTP, OSEP, or equivalent.