Offensive Security Associate Manager (Fintech)

Job Description

Role Purpose

• Leading offensive security operations, including penetration testing, red teaming, and vulnerability assessments.

Key Responsibilities

• Lead and manage a team of offensive security professionals, including penetration testers, red team members, and vulnerability analysts. Provide mentorship, training, and performance feedback to team members.
• Collaborate with cross-functional teams, including IT, development, and operations, to prioritize and remediate security vulnerabilities identified through offensive security testing. Communicate findings and recommendations to technical and non-technical stakeholders.
• Plan, coordinate, and execute offensive security operations, including penetration tests, red team exercises, and vulnerability assessments, to identify and exploit security weaknesses in our systems, networks, and applications.
• Continuously assess and improve offensive security practices, methodologies, and tools based on industry trends, lessons learned from previous engagements, and feedback from stakeholders.
• Conduct risk/findings audits.
• Ensure staff are informed and trained to support good corporate governance in their specific areas of work.

Knowledge

• Penetration Testing: In-depth knowledge of penetration testing methodologies, including reconnaissance, enumeration, exploitation, post-exploitation, and reporting.
• Red Teaming: Understanding of red teaming techniques and tactics to simulate real-world cyber attacks and assess an organization's security posture.
• Vulnerability Assessment: Proficiency in conducting vulnerability assessments across various attack surfaces, including networks, systems, applications, and cloud environments.
• Exploit Development: Familiarity with exploit development techniques and methodologies to identify and exploit security vulnerabilities.
• Scripting and Programming: Proficiency in scripting and programming languages such as Python, PowerShell, or Bash for automation, tool development, and exploit scripting.
• Regulatory Compliance: Understanding of relevant laws, regulations, and industry standards related to offensive security testing, including legal and ethical considerations.
• Cybersecurity: Knowledge of cybersecurity principles, practices, technologies, and regulatory requirements.

Qualifications

Technical

• Penetration tests, vulnerability assessments, and security audits (VAPT)
• Red teaming exercises and adversarial simulation techniques.
• Metasploit, Burp Suite, Nmap
• Scripting languages (e.g., Python, PowerShell)
• MobSF (Mobile Security Framework)
• Drozer
• OWASP Mobile Security Testing Guide (MSTG)

Non-technical

• Collaborative Leadership
• Time Management Skills
• Vision and Strategy
• Conflict Management Skills
• Emotional Resilience

Other Information

• Experience in leading and managing offensive security operations, including penetration tests, red team exercises, and vulnerability assessments. Experience with threat intelligence analysis, security research, and incident response support. Minimum of 3 years of experience in offensive security roles, with at least 2 years in a leadership or supervisory position.
• Bachelor's degree in computer science, information security, or a related field. Master's degree preferred. Offensive Security Certifications: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), or similar certifications highly desired.