Senior Manager – Offensive Security Engineering & AI Security Validation

Overview

Experience Required

• 8–10 years in Cyber Security / Offensive Security / Red Team / Security Engineering
• Strong background in:
• Offensive security and penetration testing
• Cloud security (preferably AWS)
• Blue-team validation / security assurance engineering
• Adversarial simulation and continuous security testing frameworks
• Experience in financial services / regulated banking environment preferred

Mandatory Certifications

• Candidates must hold at least one OSCP or OSCE (mandatory requirement) plus additional certifications:
• Core Mandatory

• Additional Required And Strongly Preferred

• GIAC GPEN or GIAC GXPN
• GIAC GMLE or equivalent AI-security / ML security credential
• CREST Certified Simulated Attack Tester (CCT) (desirable, especially for banking/financial sectors)

• Emerging And AI Security Exposure (Preferred)

• Exposure or enrollment in AI security/red-teaming programs (e.g., Anthropic or equivalent frontier model security evaluation programs)

• Continuous Security Validation

• Design and operate continuous adversarial testing pipelines across:
• Cloud infrastructure (AWS-focused)
• Application security layers
• AI/ML models and LLM supply chain
• Implement automated security validation aligned with a 2LoD-approved threat coverage matrix
• Replace periodic penetration testing with always-on security validation systems

• Threat Intelligence Operationalization (7-Day SLA)

• Ingest and analyze threat intelligence from:
• MITRE ATLAS (AI attack techniques)

• OWASP LLM Top 10

• Convert new adversarial techniques into automated test cases within 7 days
• Maintain a structured and auditable threat-to-test traceability pipeline

• Vulnerability Aggregation & Governance

• Own centralized defect tracking using tools such as:
• DefectDojo or equivalent vulnerability management platforms
• Deduplicate, classify, and manage security findings end-to-end
• Enforce severity-based remediation SLAs and gating controls before production release

• Security Metrics & Reporting

• Build and maintain executive dashboards (e.g., Power BI) tracking:
• Open findings
• Mean Time to Remediate (MTTR)
• Pipeline gate pass rate
• Prompt injection / AI attack block rate
• Provide governance-ready reporting for 1LoD/2LoD stakeholders

• Offensive Security & AI Red Teaming

• Conduct and oversee:
• Automated penetration testing using tools such as Horizon3.ai or equivalent autonomous pentest platforms
• AI red-teaming using tools like Garak, PyRIT, and LLM-based attack frameworks
• Develop adversarial test cases aligned with:

• OWASP LLM Top 10

• MITRE ATLAS framework
• Validate resilience of AI systems against prompt injection, data leakage, and model manipulation attacks

• Governance & Operating Model Alignment

• Maintain clear separation of responsibilities between:
• 1LoD: Continuous control validation and security assurance
• 2LoD: Independent red teaming and unknown-scenario adversarial testing
• Ensure compliance with internal risk governance frameworks in regulated environments
• Skills: oscp,penetration testing,security