Senior Manager - Cyber Security Engineers (m/f/d)

Role Purpose

Continuous Security Validation (CSV)

1st Line of Defense (1LoD)

• Continuous Security Validation (CSV) Delivery

• Operate continuous security validation pipelines across:
• + Cloud and infrastructure environments (AWS Security Agent or equivalent)
• + AI/ML systems and model supply chain
• Ensure validation is executed on every significant deployment
• Map validation coverage to a 2LoD-approved threat coverage matrix
• Drive shift from manual, periodic pentesting to automated, continuous control validation frameworks

• Threat Intelligence Integration & Operationalization

• Own and enforce a 7-day Threat Intelligence SLA
• Ingest and operationalize threat data from:
• + MITRE ATLAS
• + OWASP LLM Top 10 / threat feeds
• Automate ingestion workflows via Jira and security tooling integrations
• Translate emerging threats into test cases and adversarial simulations within 7 days
• Continuously enhance test coverage based on new attack techniques

• Findings Management & Remediation Governance

• Aggregate and normalize findings across tools and pipelines
• Manage vulnerability lifecycle using:
• + DefectDojo → Attestation workflow
• Deduplicate findings and enforce severity-based prioritization
• Implement MTTR-based remediation SLAs and enforce deployment gating controls
• Prevent release of applications or infrastructure that do not meet defined security thresholds

• Metrics, Dashboards & Reporting

• Build and maintain Power BI dashboards to track:
• + Open vulnerabilities
• + Mean Time to Remediate (MTTR)

+ Prompt Injection Block Rate

• Provide actionable insights to:
• + CISO
• + Engineering leadership
• + Risk and governance forums
• Use metrics to drive continuous security posture improvement

• Offensive Security & Adversarial Testing

• Lead continuous adversarial testing programs, including:
• + Blue-team driven validation against known threat scenarios
• + AI red-teaming activities
• Utilize advanced tools such as:
• + AWS Security Agent / Horizon3 (or equivalent)
• + Garak, PyRIT for AI red teaming
• + Claude Security (Opus 4.x), Codex (controlled offensive usage)
• Design test scenarios aligned with:
• + MITRE ATLAS framework
• + OWASP LLM Top 10 risks
• Governance & 3 Lines of Defense Alignment
• Operate clearly within the 1LoD/2LoD boundary:
• + Execute control validation (blue team) against known scenarios
• + Support but do not replace independent 2LoD red team testing
• Ensure activities are aligned with 2LoD-approved policies and threat models
• Provide evidence and assurance outputs for audit and regulatory requirements
• Collaborate with risk and compliance teams on security validation outcomes

Qualifications & Experience

• 8–10 years of experience in:
• + Cybersecurity engineering
• + Offensive security / penetration testing / adversarial simulation
• Proven experience transitioning from:
• + Manual pentesting → automated continuous validation models
• Experience working in banking or regulated environments is strongly preferred

Mandatory

• OSCP or OSCE

Preferred

• GIAC GPEN or GXPN
• GIAC GMLE (Machine Learning Engineer) or equivalent AI-security certification
• Anthropic Cyber Verification Program enrolment (for controlled offensive AI usage)
• CREST CCT (highly desirable in regulated banking environments)

Technical Skills

• Strong expertise in:
• + Continuous security validation frameworks
• + Offensive security tools and methodologies
• Hands-on experience with:
• + Autonomous pentesting tools (e.g., Horizon3, AWS Security Agent)
• + DefectDojo or similar vulnerability management platforms
• Working knowledge of:
• + AI/LLM security threats and mitigation
• + OWASP LLM Top 10 vulnerabilities
• + MITRE ATT&CK and MITRE ATLAS frameworks
• Proficiency in:
• + Automation and scripting (Python, Bash, etc.)
• + CI/CD pipeline integrations and DevSecOps practices

Leadership & Soft Skills

• Strong leadership with ability to guide engineering and validation teams
• Analytical mindset with attention to risk prioritization and outcomes
• Ability to communicate complex findings to senior stakeholders
• Strong governance awareness and regulatory sensitivity

• Offensive Security & Adversarial Testing

• AI/LLM Security

• Threat Intelligence Operationalization

• DevSecOps Integration

Ideal Candidate Profile

• Deep technical expert with strong offensive and validation experience
• Proven ability to implement continuous, automated security assurance models
• Hands-on exposure to AI security testing and adversarial frameworks
• Experience operating within regulated environments and structured risk models (3LoD)
• + Strong balance of technical depth, governance understanding, and leadership capability
• Senior Manager - Cyber Security Engineers in Abu Dhabi, United Arab Emirates