Manager, Offensive Security
Ivanti
full-time
Posted on:
Location: 🇺🇸 United States
Visit company websiteJob Level
SeniorLead
Tech Stack
AWSAzureCloudLinuxSDLC
About the role
- Lead and assist multiple teams of four penetration testers in performing targeted internal penetration tests based on identified risks
- Design, implement, and manage comprehensive offensive security programs including penetration testing, red team exercises, and security assessments
- Lead internal and external penetration testing initiatives across web applications, mobile applications, network infrastructure, and cloud environments
- Develop and maintain offensive security methodologies, frameworks, and testing procedures
- Conduct advanced threat-modelling and attack simulation exercises
- Collaborate with development teams to integrate security testing into SDLC processes
- Build and scale responsible disclosure programs and work with bug bounty platforms
- Coordinate multiple concurrent initiatives and manage project timelines
- Develop policies, procedures, and operational frameworks
- Act as the link between different security and engineering teams and stakeholders; advocate security by design and secure software development lifecycle
Requirements
- 10+ years of hands-on offensive security experience including penetration testing, vulnerability assessment, and ethical hacking
- Experience in leading a red team against a large, complex target strongly preferred
- Background in security research or academic security work
- Solid understanding of Active Directory, O365, cloud platforms (AWS and Azure), Windows, OS X and Linux operating systems, mobile operating systems, networking
- Solid understanding of application security standards (OWASP, ASVS, etc.)
- Proven track record of building and scaling responsible disclosure programs
- Experience working with bug bounty platforms (HackerOne, Bugcrowd, etc.)
- Strong project management skills with ability to coordinate multiple concurrent initiatives
- Experience developing policies, procedures, and operational frameworks
- Leadership experience with ability to influence without direct authority
- Strong verbal and written communication skills for communicating with both engineering and business stakeholders
- Infosec community engagement including bug bounties, blogs, CVEs, or conference talks (preferred)
- OSCP, OSCE, GPEN, GWAPT, CRTP/CRTA certifications (preferred)