Lead Offensive Security Engineers

Sri Lanka·Colombolead

OtherEngineers

2 views0 saves0 applied

Apply Now

Quick Summary

Overview

Lead and manage offensive security activities including vulnerability assessments, penetration testing, and red team exercises. Plan, coordinate, and execute security assessments for networks,

Technical Tools

OtherEngineers

Lead and manage offensive security activities including vulnerability assessments, penetration testing, and red team exercises.
Plan, coordinate, and execute security assessments for networks, applications,
APIs, cloud platforms, endpoints, and infrastructure.
Conduct adversarial simulations to validate the effectiveness of security controls,
SOC monitoring, and incident response capabilities.
Identify, validate, prioritize, and report security vulnerabilities with clear remediation recommendations.
Perform advanced penetration testing including web, mobile, API, Active Directory, cloud, wireless, and container/Kubernetes environments.
Develop and maintain automated security assessment and validation capabilities
integrated with CI/CD and DevSecOps processes.
Execute phishing simulations, privilege escalation testing, lateral movement
testing, and threat emulation exercises aligned with real-world attack techniques.
Utilize and manage offensive security tools, frameworks, and platforms for
continuous security validation and attack surface assessment.
Map security testing activities to frameworks such as MITRE ATT&CK, NIST, PCI
DSS, ISO 27001, SWIFT CSP, and regulatory TRM requirements.
Collaborate with SOC, infrastructure, application, cloud, and DevOps teams to
improve detection, response, and remediation capabilities.
Prepare technical and executive-level assessment reports for management, audit, and regulatory stakeholders.
Validate remediation effectiveness through re-testing and continuous monitoring
activities.
Develop offensive security methodologies, standards, procedures, and testing
playbooks.
Stay updated on emerging cyber threats, attack techniques, vulnerabilities, and
security technologies.

Requirements

~1 min read

Minimum 3+ years of experience in cybersecurity, including at least 1+ year in
technical leadership or senior engineering role.
Bachelor's degree in Information Security, Computer Science, Engineering, or a related discipline from a recognized university.
Industry-recognized certifications such as CISSP, CISM, OSCP, CEH, or equivalent qualifications (preferred).
Proven expertise in penetration testing, red team operations, and adversary emulation, covering enterprise environments (networks, applications, APIs, cloud, and Active Directory).
Strong hands-on experience in security architecture assessment, vulnerability analysis, risk prioritization, and exploitation techniques.
Experience with enterprise security technologies and detection controls, including SIEM, EDR/XDR, IDS/IPS, Firewalls, WAF, SOAR, and threat detection platforms.
Strong knowledge of DevSecOps practices, secure software development lifecycle (SSDLC), and application security testing tools and methodologies (SAST, DAST, SCA, and API security testing).
Strong understanding of MITRE ATT&CK framework, attack lifecycle modeling, and threat-informed security validation approaches.
Proficiency in scripting and automation using Python, PowerShell, Bash, or similar languages for offensive security tooling and security process automation.
Good understanding of zero-trust architecture, micro-segmentation, and software-defined security controls.
Strong leadership and stakeholder management abilities
Excellent analytical and problem-solving skills
Ability to work under pressure and manage security incidents effectively