Director of Offensive Security

You will lead a team of offensive security specialists, set technical direction, and work closely with Engineering, Infrastructure, and Security Architecture teams to embed an adversarial mindset throughout how the firm builds and operates its platforms. The scale, sensitivity, and complexity of our compute environment demands an offensive security program that goes well beyond the basics — this role exists to build and lead exactly that.

Responsibilities

• Define and own offensive security strategy, building a capability that covers the full platform — infrastructure, network, cloud, containers, and applications
• Lead, grow, and develop a high-performing team of offensive security specialists, providing technical direction, mentorship, and clear career development pathways
• Drive red team assessments and advanced penetration testing across the platform, using exploit techniques to prove vulnerabilities with evidence in pre-production environments
• Oversee threat modeling at design stage across platform and application architectures, identifying security risks before they are built in
• Direct manual secure code reviews and infrastructure configuration assessments, surfacing risks that automated tooling cannot detect
• Champion advanced threat hunting techniques across HPC and cloud environment, proactively identifying attacker activity and latent risk
• Define and track offensive security KPIs and coverage metrics, demonstrating assessment breadth and driving remediation effectiveness across engineering teams
• Generate clear, actionable assessment reports applying standard CWE and CVSS classifications, enabling teams to prioritize and remediate effectively
• Collaborate with Security Architecture, Infrastructure, and Engineering leadership to translate offensive findings into platform-wide hardening initiatives
• Communicate program status, risk posture, and strategic recommendations to senior leadership and key stakeholders

Requirements

• 10+ years of experience in information security, with deep expertise across offensive security disciplines including penetration testing, red teaming, and vulnerability research
• Bachelor’s Degree in a related field or equivalent experience
• Proven leadership experience, with a track record of building and managing high-performing offensive security teams
• Broad and deep understanding of attack surfaces across infrastructure, network, cloud, containers, and applications
• Hands-on experience with penetration testing, DAST, SAST, and red team tooling and methodologies
• Strong knowledge of vulnerability frameworks including OWASP Top 10, SANS Top 25, CWE, and CVSS
• Solid knowledge of cloud-scale services and container security, with a strong grasp of the security challenges involved in deploying cloud-native and containerized workloads at scale
• Experience integrating offensive security tooling and findings into CI/CD pipelines and engineering workflows
• Excellent communication skills, with the ability to convey complex technical risk to both engineering teams and senior leadership
• Strong planning and program management skills, with the ability to operate across multiple workstreams simultaneously

Nice to Have

• Active certifications such as OSCP, CISSP, CSSLP, or GIAC GPEN/GXPN
• Experience conducting offensive security assessments against HPC, bare-metal, or large-scale data center environments
• Background building or working alongside threat intelligence or SOC functions
• Experience coordinating with external security vendors and managing third-party penetration testing engagements