Overview
Lead, mentor, and develop a team of adversary emulation engineers. Define and oversee Red and Purple teaming strategies, methodologies, and processes.
Key Responsibilities
- Lead, mentor, and develop a team of adversary emulation engineers.
- Define and oversee Red and Purple teaming strategies, methodologies, and processes.
- Manage and prioritize engagements, ensuring alignment with business objectives and risk management strategies.
- Provide technical oversight and guidance, ensuring comprehensive and high-quality security assessments.
- Manage training programs, skills development, and certification pathways for the adversary emulation teams.
- Represent the organization in security forums, industry conferences, and working groups.
Required Experience
- 10+ years of experience in cybersecurity, with at least 5 years in offensive cybersecurity (penetration testing, red teaming, vulnerability research).
- Proven experience, at least 3 years, in a leading role managing adversary emulation / offensive cybersecurity services within enterprise environments.
- Extensive knowledge and experience (at least 5 years) in conducting or leading Red Team engagements, penetration testing, exploit development, network security architecture design, assessing security vulnerabilities within OS, software, protocols & networks, researching and evaluating security products & technologies.
- Knowledge in system and network administration of UNIX and Windows systems.
- Use of penetration testing tools, techniques, and recognized testing methodologies.
- Scripting skills in at least one of the following: Perl, Python, Ruby, shell (bash, sh).
- Practical experience in leading Red Team engagements.
- Extensive hands-on expertise with penetration testing tools.
- Extensive experience leading interdisciplinary teams, preferably in international environment.
- Understanding of the principles of adversary emulation.
- Understanding of tactics, techniques and procedures of threat actors based on MITRE ATT&CK Framework.
- Strong understanding of secure coding practices, application security testing, and enterprise security architectures.
- Proven experience working with developers, security architects, and system administrators to drive remediation efforts.
- Ability to lead and mentor technical teams, fostering professional growth and skills development.
- Excellent communication and negotiation skills across technical, non-technical and Executive audiences, including at flag officer level.
- Strong analytical and problem-solving skills, with the ability to make data-driven decisions.
- Experience working in high-security environments (e.g., financial, government, or military sectors).
Qualifications
- A Master’s degree at a nationally recognised/certified University in a related discipline and 5 years post-related experience. Or a Bachelor’s degree with 8 years post related experience;
- Relevant certifications such as CRTO, GREM, OSCP, OSCE, OSWE, OSEE, GWAPT, GPEN, GXPN, or equivalent;
