Offensive Security Manager

We are seeking an experienced Offensive Security Manager to lead our offensive security initiatives within Arab Bank. This role involves overseeing penetration testing. Red teaming activities and a robust bug bounty program. The ideal candidate will have 7+ years of experience in cybersecurity, with at least 3 years in a managerial role, and a strong background in offensive security & red teaming exercises.

Accountabilities & Key Roles :

Leadership & Strategy:

  • Develop and implement the offensive security strategy aligned with the organization’s security objectives.
  • Manage and mentor a team of security professionals specializing in penetration testing and red team exercises.
  • Manage and mentor the team, helping them grow and succeed in their roles while fostering a culture of continuous improvement.
  • Coordinate with other departments and stakeholders to integrate offensive security practices into overall security operations.
  • Prepare detailed reports and presentations for senior management, summarizing key findings, risks, and recommendations for action.
  • Keep up with the latest developments in cybersecurity and offensive security techniques to ensure Arab Bank always using the most up-to-date methods.
  • Make sure all offensive security activities and responsibilities are conducted within the guidelines of relevant regulations and Arab Bank internal policies.
  • Oversee and conduct comprehensive penetration tests on various systems, Web and Mobile applications, and network environments to identify vulnerabilities and security weaknesses.
  • Develop and review testing methodologies, tools, and frameworks to ensure up-to-date and effective assessment techniques.
  • Analyze and report findings, providing actionable recommendations to improve security posture.
  • Envision and execute the strategy for ongoing product security assurance through penetration testing.
  • Supervise the scoping, scheduling, and execution of third-party penetration testing assessments and manage the 3rd party partners.
  • Stay current with emerging threats, vulnerabilities, and security technologies.
  • Continuously refine and enhance offensive security processes and methodologies.
  • Resource and budget management.

Bug Bounty Program:

  • Lead the organization’s bug bounty program, including program design, vendor management, and relationship building with the security research community.
  • Evaluate, triage and prioritize reported vulnerabilities, ensuring timely resolution and communication with the bug bounty researchers.

Reporting & Documentation

  • Prepare and present detailed reports on offensive security activities, including penetration testing results, red teaming activities and bug bounty findings.
  • Ensure proper documentation and tracking of vulnerabilities and remediation efforts.
  • Ensure timely remediation of issues discovered during assessments.


Job Requirements:


Education:

  • Graduate degree in Computer Science, Information Security, or a related field is preferred. A Master’s degree would be a bonus.

Experience:

  • 7+ years of experience in cybersecurity, with a minimum of 4 years in a role focused on offensive security, penetration testing or application security.
  • Hands-on practical Offensive Cybersecurity certifications (OSCP, OSWE, OSEP, OSED, eCPTX, eWAPTX, GIAC, etc.) or equivalent.
  • General information security management certifications (CISSP, CISM, CISA, etc.) or equivalent.


Competencies:

  • Advanced working understanding of web application technologies, mobile applications, programing languages, databases, Linux, Unix, Mac OSX, and Windows operating systems.
  • Technical Skills: You should have hands-on experience with penetration testing tools, attack frameworks, and scripting languages like Python or PowerShell.
  • Previous management and project leadership experience required.
  • Leadership Ability: You should be comfortable leading a team, with strong communication skills to engage with both technical and non-technical colleagues.
  • Must be well organized and able to leverage best practices, able to thrive in fast-paced environment, and, most importantly, have the ability to approach problems with an innovative, can-do attitude.
  • A proactive approach to security, with a solid understanding of current and emerging threats.

تاريخ النشر: اليوم
الناشر: LinkedIn
تاريخ النشر: اليوم
الناشر: LinkedIn