Manager - Offensive Security

About the job

Overview
Position Manager - Offensive Security
Job Code
Reports to Head of Cybersecurity
Direct Reports
Division/Section Technology & Science
Department Cybersecurity
Sector Oxagon
Job Family

Role Purpose
The Manager of Offensive Security is instrumental in safeguarding the organization's assets from external and internal threats. This individual drives proactive measures through penetration testing and red team activities, simulating advanced adversaries to identify and rectify vulnerabilities before they are exploited. Tasked with constantly challenging and validating the organization's security posture, the ideal candidate possesses a mix of deep technical skills, a hacker's curiosity, and the strategic foresight to anticipate the next wave of threats. The Manager of Offensive Security is not only a technical expert but also a leader, guiding a team of ethical hackers in their mission to secure the organization.

Key Accountabilities & Activities
Core Mandate
Lead, design, and execute comprehensive penetration testing and red team campaigns against the organization's assets, ensuring a constant assessment of potential vulnerabilities. Manage a team of offensive security professionals, fostering an environment of continuous learning, innovation, and dedication. Oversee and support service providers for the deployment & operations of SIEM solution for OXAGON including the integration, configuration, and customization of use cases. Collaborate with defensive security teams to provide feedback and insights from offensive campaigns, bridging the gap between detection and exploitation. Stay abreast of the latest cyber threats, tactics, techniques, and procedures (TTPs) and ensure the team is equipped to simulate these advanced persistent threats. Create detailed reports post engagements, outlining vulnerabilities, risks, and recommended remediations, presenting them to both technical and non-technical stakeholders. Engage with external penetration testing firms or consultants as needed, overseeing their activities to ensure maximum value. Design and lead training initiatives to spread security awareness throughout the organization, ensuring everyone is equipped to recognize and report potential threats. Build and maintain a state-of-the-art offensive security lab environment to support research and development. Coordinate with legal, compliance, and other relevant departments to ensure all offensive security activities are compliant with regulations and standards. Advocate for the necessary tools, resources, and training to keep the offensive security team at the forefront of the field.

Background, Skills & Qualifications
Knowledge, Skills and Experience
Strong background in cybersecurity with specific expertise in offensive security methodologies. Proven experience in managing and executing penetration testing, vulnerability assessments, and red team operations. Familiarity with various penetration testing tools (e.g., Metasploit, Burp Suite, Cobalt Strike) and environments (e.g., Windows, Linux, macOS). Proven experience and knowledge in utilizing Cyber Vulnerability tools such as Qualys, Tenable, * Microfocus for EDR and Application Security. Ability to communicate complex security issues and their implications to a broader audience, including executive leadership. Proficiency in scripting languages (e.g., Python, Bash, or PowerShell) is a plus with strong analytical and problem-solving skills, and a keen attention to detail.

Qualifications
Bachelor's or Master's degree in Cybersecurity, Information Technology, Computer Science, or related fields. Professional certifications such as OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), or equivalent are highly recommended. A minimum of 5 years of experience in a cybersecurity role, with at least 2 years in offensive security or red team operations. Demonstrable history of continued professional development, including attending relevant conferences, workshops, or training sessions in the field of offensive security. Participation in Capture The Flag (CTF) challenges or contributions to the cybersecurity community would be a notable advantage.

COMMUNICATION - MAIN STAKEHOLDERS

• Internal
• External Directors Oxagon BUs NEOM Tech and Science team External partners Consultancy firms See less

Security Manager, Neom, Tabuk, Saudi Arabia