Membership has its privileges. Contact us today to see if you qualify.
North America's Preferred Building Materials Recruiter.
subpage banner subpage banner
Back to jobs

Manager, Offensive Security

Location: Remote in the US

About us

TalentHunt Inc. is a North American premier talent management and recruitment solutions provider for established and growth stage companies. We help candidates figure out the next challenge that fits their professional and personal growth plans and match them with exciting and very rewarding opportunities with leading companies across the globe.

Our client

Our client is a global technology leader that helps enterprise companies, Federal and SLED government agencies discover, manage, secure and service all of their IT assets. They are a billion dollar revenue generating behemoth and are marching on to crush revenue targets for this year. With offices in around 30 countries, they provide a strong support structure to all their clients.

What will you do?

As an Offensive Security Manager, you will be a driving force into moving our client to a risk-based security organization. Your work will have direct impact on reducing the IT security risks in products and services. With a solid technical background and knowledge in IT security and software development, you’ll be the link between the different security and engineering teams and their stakeholders.

You will be leading a team of experienced penetration testers in performing targeted internal penetration tests based on the risks you identified. You are a strong advocate of security by design and secure software development lifecycle. Specifically you will:

  • Lead and manage a team of offensive security experts, including recruitment, training, and performance management.
  • Work with Offensive Security team members and key Engineering/Product Management stakeholders to schedule testing engagements, based on product threat models.
  • Support the Product Security team in devising hypothesis-driven testing engagements against Ivanti’s products and components.
  • Support the Product Security Leader with driving product security improvement initiatives, such as improving penetration testing process, responsible disclosure and bug bounty program workflows, etc.
  • Participate in meaningful thought leadership around product security and red teaming by engaging with the community in blogs, webinars, conferences, etc. as well as working with partners on driving industry improvements.
  • Review and finalize Product Threat Model definitions.
  • Collaborate closely with other Infosec teams to ensure a holistic approach to security.
  • Lead the Product Security Incident Response Team (PSIRT) investigations, as required.
  • Maintain PSIRT response plan by regularly holding meetings with cross-functional teams, including engineering, product management, customer support, legal, marketing and PR.
  • Stay abreast of emerging threats, vulnerabilities, and attack techniques, and incorporate this knowledge into offensive security operations.
  • Conduct regular assessments of security controls, policies, and procedures to identify areas of improvement and recommend appropriate remediation measures.

Who are you?

  • 5-6 years’ experience as a network or application penetration tester.
  • Experienced in leading a red team against a large, complex target strongly preferred.
  • Previous managerial or people-leader experience helpful.
  • Associated degree or higher in a technology or security field.
  • A solid understanding of common technology such as, Active Directory, O365, cloud platforms (AWS and Azure), Windows, OS X and Linux operating systems, mobile operating systems, networking etc.
  • A solid understanding of application security standards (OWASP, ASVS, etc.) highly desired.
  • Understanding of how to implement secure application architecture and securing the SDLC, e.g. OWASP SAMM.
  • Strong analytical and problem-solving skills, with the ability to prioritize and address security risks effectively in a fast-paced environment.
  • Strong verbal and written communication skills for communicating with both engineering and business stakeholders.
  • Demonstrated ability to collaborate cross-functionally and build relationships with stakeholders at all levels of the organization.
  • Also strongly preferred:
    • Infosec Community engagement including bug bounties, blogs, CVEs, or conference talks.
    • OSCP, OSCE, GPEN, GWAPT, CRTP/CRTA certifications

If you’re interested, please send your resume to Allan Gomes at allan@talenthunt.ca

Our Clients

We are proud to be associated with our esteemed clients

LET’S TALK
Lets talk