Manager

Job Title: Manager - Offensive Security (IC Role / Operational Lead)

highly skilled offensive security specialist

5-7 years of hands-on experience

lead from the front

Key Responsibilities:

• Lead offensive security operations

  end-to-end - from scoping and planning to execution and reporting.
• Design, coordinate, and execute advanced attack simulations aligned to the MITRE ATT&CK framework.
• Develop and lead Red Team and adversary emulation campaigns across infrastructure, applications, and cloud environments.
• Identify and exploit security gaps using real-world TTPs including privilege escalation, lateral movement, and domain dominance.
• Collaborate closely with defensive teams during Purple Team exercises to enhance detection and response capabilities.
• Own and improve Red Team methodologies, tools, playbooks, and workflows.
• Deliver high-quality technical reports and executive-level summaries with clear articulation of attack paths, risks, and mitigations.
• Stay ahead of the curve on evolving attacker techniques and incorporate them into offensive strategy.
• Mentor junior red teamers and act as the primary technical escalation point for offensive assessments.
• Represent offensive operations in internal security reviews and technical steering meetings.

Experience:

• 5-7 years

  of hands-on experience in Red Teaming, Penetration Testing, or Offensive Security roles.
• Proven experience in leading complex offensive assessments across enterprise environments.
• Experience in managing offensive operations, engagement lifecycle, and cross-team coordination.

Technical Skills:

• Deep understanding of Windows and Linux internals, enterprise AD security, and cloud attack surfaces.
• Proficient in lateral movement techniques, domain escalation, Kerberoasting, delegation abuse, and token manipulation.
• Comfortable with C2 frameworks (e.g., Cobalt Strike, Sliver, Mythic) and OPSEC-aware post-exploitation.
• Hands-on experience with tools like BloodHound, Mimikatz, Rubeus, Responder, SharpHound, Burp Suite, etc.
• Strong familiarity with the MITRE ATT&CK framework and applying it operationally.
• Scripting experience in PowerShell, Python, or Bash for PoCs, tooling, or automation.

Communication & Reporting:

• Strong technical documentation and reporting skills - ability to translate offensive findings into structured, actionable reports.
• Ability to confidently present findings, attack paths, and risk narratives to both technical and leadership stakeholders.
• Skilled in articulating the business impact of technical vulnerabilities and threat scenarios.

Preferred Qualifications:

• Experience leading Purple Team engagements and cross-functional security exercises.
• Exposure to threat intelligence-led Red Teaming methodologies (e.g., TIBER-EU, CBEST).
• Familiarity with

  Application Security (AppSec)

  testing methodologies.
• Exposure to

  AI/ML Red Teaming

  or adversarial testing of AI models and pipelines.
• Understanding of EDR/AV evasion, payload delivery, and defense bypass strategies.
• Experience in building offensive tools or attack automation frameworks.
• Relevant certifications:

  OSCP, CRTO, CRTP, OSEP

  , or equivalent.