Offensive Security Manager
Indexed description
- Product Security (AppSec)
Bug Bounty Management: Oversee the public or private Bug Bounty Program (e.g., HackerOne, Bugcrowd). Triage incoming reports, validate severity, and pay out researchers.
Developer Education: Move beyond "gatekeeping." Create a "Security Champions" program to train developers on how to write secure code (e.g., OWASP Top 10 prevention).
- Red Teaming & Adversary Simulation
Purple Teaming: Facilitate "Purple Team" exercises where your Red Team attacks and sits with the Blue Team (Defenders) to see if they can detect the attack in real-time.
Physical & Social Engineering: Authorize physical security tests (badge cloning, tailgating) and advanced spear-phishing campaigns to test human resilience.
- Vulnerability Management
SLA Enforcement: Act as the "bad guy" with IT and Engineering leadership when critical vulnerabilities are not patched within the agreed Service Level Agreement (SLA).
Asset Coverage: Ensure that scanners (Qualys/Tenable) are actually seeing 100% of the environment, including shadow IT and new cloud deployments.
Requirements
- 7+ years in Information Security, with 3–4+ years as a Penetration Tester, Red Teamer, or AppSec Engineer; hands-on ability to perform attacks like SQL injection or compromise Active Directory.
- Application Security Fluency: Deep understanding of modern application stacks, including API security, micro services, and CI/CD pipelines.
- Scripting & Automation: Proficient in Python, Go, or Bash for automating testing and security tools.
- Leadership & Risk Communication: Ability to explain technical risks (e.g., XSS) in business terms to Product Managers or stakeholders.
- Legal & Ethics Knowledge: Understanding of legal boundaries for ethical hacking (e.g., CFAA, safe harbor clauses).
- Preferred Certifications: OSCP / OSCE (technical credibility), GWAPT / GPEN / GXPN (penetration testing), CISSP (management-focused).
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search