Proactively identifying, testing, and mitigating security gaps within the organization’s digital estate.
Review organizational security policies, standards, and procedures.
Analyze existing cybersecurity architecture to identify design flaws.
Collaborate with security architects and engineering teams.
Design and execute continuous control validation programs.
Perform proactive exercises and threat hunts to identify failures.
Simulate real-world attack scenarios to validate controls.
Translate findings into actionable remediation plans.
Track and report on the Time to Detect and Time to Remediate metrics.
Serve as the internal subject matter expert on offensive security techniques.

8–10 years of hands-on experience in cybersecurity, with a specific focus on penetration testing, threat hunting, or security architecture.
Proven experience in reviewing and auditing security policies and technical architectures for enterprise environments.
Experience with Breach and Attack Simulation (BAS) tools (e.g., AttackIQ, Cymulate) or manual emulation frameworks (e.g., Atomic Red Team, MITRE CALDERA).
Deep understanding of the MITRE ATT&CK framework and how to map specific controls to adversary tactics.
Proficiency in scripting languages (Python, PowerShell, Bash) for automating hunts and validation tests.
Strong knowledge of operating system internals (Windows, Linux) and network protocols (TCP/IP, DNS, HTTP/S).
Familiarity with security control platforms (SIEM, EDR, IDS/IPS, Firewalls) and how to bypass or test them.
Must hold at least one advanced certification such as OSCP (Offensive Security Certified Professional), GPEN (GIAC Penetration Tester), CEH (Certified Ethical Hacker) Practical, or CompTIA PenTest+.

Senior Manager, Information Security – Red Team Lead

Similar Jobs