We are seeking an experienced Offensive Security Manager to lead our offensive security initiatives within Arab Bank. This role involves overseeing penetration testing. Red teaming activities and a robust bug bounty program. The ideal candidate will have 7+ years of experience in cybersecurity, with at least 3 years in a managerial role, and a strong background in offensive security & red teaming exercises.

Accountabilities & Key Roles :

Leadership & Strategy:

• Develop and implement the offensive security strategy aligned with the organization’s security objectives.
• Manage and mentor a team of security professionals specializing in penetration testing and red team exercises.
• Manage and mentor the team, helping them grow and succeed in their roles while fostering a culture of continuous improvement.
• Coordinate with other departments and stakeholders to integrate offensive security practices into overall security operations.
• Prepare detailed reports and presentations for senior management, summarizing key findings, risks, and recommendations for action.
• Keep up with the latest developments in cybersecurity and offensive security techniques to ensure Arab Bank always using the most up-to-date methods.
• Make sure all offensive security activities and responsibilities are conducted within the guidelines of relevant regulations and Arab Bank internal policies.
• Oversee and conduct comprehensive penetration tests on various systems, Web and Mobile applications, and network environments to identify vulnerabilities and security weaknesses.
• Develop and review testing methodologies, tools, and frameworks to ensure up-to-date and effective assessment techniques.
• Analyze and report findings, providing actionable recommendations to improve security posture.
• Envision and execute the strategy for ongoing product security assurance through penetration testing.
• Supervise the scoping, scheduling, and execution of third-party penetration testing assessments and manage the 3rd party partners.
• Stay current with emerging threats, vulnerabilities, and security technologies.
• Continuously refine and enhance offensive security processes and methodologies.
• Resource and budget management.

Bug Bounty Program:

• Lead the organization’s bug bounty program, including program design, vendor management, and relationship building with the security research community.
• Evaluate, triage and prioritize reported vulnerabilities, ensuring timely resolution and communication with the bug bounty researchers.

Reporting & Documentation

• Prepare and present detailed reports on offensive security activities, including penetration testing results, red teaming activities and bug bounty findings.
• Ensure proper documentation and tracking of vulnerabilities and remediation efforts.
• Ensure timely remediation of issues discovered during assessments.

Job Requirements:

Education:

• Graduate degree in Computer Science, Information Security, or a related field is preferred. A Master’s degree would be a bonus.

Experience:

• 7+ years of experience in cybersecurity, with a minimum of 4 years in a role focused on offensive security, penetration testing or application security.
• Hands-on practical Offensive Cybersecurity certifications (OSCP, OSWE, OSEP, OSED, eCPTX, eWAPTX, GIAC, etc.) or equivalent.
• General information security management certifications (CISSP, CISM, CISA, etc.) or equivalent.

Competencies:

• Advanced working understanding of web application technologies, mobile applications, programing languages, databases, Linux, Unix, Mac OSX, and Windows operating systems.
• Technical Skills: You should have hands-on experience with penetration testing tools, attack frameworks, and scripting languages like Python or PowerShell.
• Previous management and project leadership experience required.
• Leadership Ability: You should be comfortable leading a team, with strong communication skills to engage with both technical and non-technical colleagues.
• Must be well organized and able to leverage best practices, able to thrive in fast-paced environment, and, most importantly, have the ability to approach problems with an innovative, can-do attitude.
• A proactive approach to security, with a solid understanding of current and emerging threats.