The Cybersecurity Lead (offensive) is a senior technical role responsible for leading and executing sophisticated offensive security initiatives. This position involves designing, managing, and delivering end-to-end security assessments such as penetration testing, red teaming, and application security reviews. The goal is to uncover critical vulnerabilities and evaluate organizational risk across varied client environments.
Key Responsibilities
Technical Leadership & Execution
- Engagement Planning & Scoping: Define, plan, and lead security assessments across network infrastructure, web applications, mobile platforms, and cloud environments.
- Advanced Security Testing: Perform in-depth offensive security activities, including Red Team exercises, to emulate real-world threat scenarios and evaluate defensive controls.
- Post-Assessment Analysis: Ensure comprehensive documentation of findings, with clear, prioritized, and actionable remediation recommendations.
Consulting & Reporting
- Client Engagement: Collaborate closely with clients to understand their security goals, establish testing scope, and communicate technical findings along with business impact.
- Quality Assurance: Act as a technical reviewer for reports produced by junior team members, ensuring accuracy, quality, and alignment with best practices.
- Strategic Advisory: Provide expert guidance on strengthening security posture, improving incident response, and meeting compliance requirements.
Team Development & Mentorship
- Coaching & Mentorship: Support and develop junior consultants by enhancing their technical skills in penetration testing methodologies, application security practices, and report writing.
Qualifications & Experience
Core Technical Expertise
- Extensive Experience: Minimum of 5 years of hands-on experience in offensive security, including web and mobile application security and managing Red Team engagements.
- Advanced Skill Set: Strong understanding of exploitation techniques, attack frameworks (e.g., MITRE ATT&CK), and vulnerability assessment tools.
- Security Foundations: Comprehensive knowledge of cybersecurity principles, defensive strategies, and relevant regulatory standards.
Education & Professional Credentials
- Certifications: Recognized certifications such as OSCP, CREST CRT, or equivalent are highly preferred.
- Analytical Capability: Strong analytical thinking and attention to detail, particularly in vulnerability discovery, analysis, and reporting.
Other Skills
- Communication Skills: Strong verbal and written communication abilities, with the capability to clearly explain complex technical concepts to both technical stakeholders and senior executives.
- Collaboration & Teamwork: Proven ability to lead initiatives, operate effectively in on-site environments, and work collaboratively with cross-functional teams, including both internal colleagues and client stakeholders.
