Description
The Offensive Security Manager is responsible for the provision of penetration & red team testing services to the business, including leading teams, creating processes, and management of technologies & 3rd parties that make up the service. The role reports to the Director of Offensive Security.
The position does not need to be filled by a hands-on penetration/red tester, as organizational, leadership. relationship and supplier management skills are the key focuses of the role but will need to have a good understanding of security vulnerabilities and testing methodology to be able to understand the subject matter of the service and manage quality.
The role will work closely alongside the rest of the Cyber Team (e.g. Vulnerability Management), the wider Information & Cyber Security function (e.g. Project Assurance) and leaders in operational IT teams to ensure accurate detection, and the prioritized, timely and appropriate resolution of security vulnerabilities.
We are looking for a collaborative team player, with a good technical knowledge and the ability to lead others and experience working with 3rd party service providers. The successful candidate will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top-down support across the business. They will help the wider community in fostering a culture which is both security aware and is a great place to come to work.
Responsibility
- Create, maintain and execute appropriate security testing processes to enable timely detection, risk-based prioritization, and co-ordinate the remediation of security testing findings.
- Penetration Assessments: To plan and execute complex assessments to identify vulnerabilities, weaknesses and misconfigurations for technologies used within the network environment.
- Red Team Assessments: To plan complex assessments to identify vulnerabilities, weaknesses and misconfigurations for technologies used within the network environment
- Work with service providers to conduct the penetration/red team testing activities on time & budget.
- Manage the quality-of-service provider output, and work with them to ensure the business receives a reliable and efficient service.
- Provide clear, concise and easily consumable communication with key technical and non-technical stakeholders so that findings are understood and appropriately addressed.
- Measure and report the maturity, effectiveness and efficiency of Security Testing services
- Ensure accurate and clear communication with all stakeholders.
- Provide appropriate MI to key stakeholders.
- Ethical Approach: Conducting all testing and assessment activities within a legal and ethical framework, ensuring that the organization's systems and data are not compromised or harmed during the process.
- Continuous Improvement: Engaging in professional development activities, such as attending conferences, participating in training programs, and obtaining relevant certifications, to enhance knowledge and skills in cyber security.
Qualifications
The Requirements:
- Demonstrable track record of:
- Leading security services within a large organization
- Scoping and managing penetration testing activities
- Building and leading effective security teams
- Excellent technical expertise in:
- Application and infrastructure security principles
- Frameworks & methodologies such as CVSS, CIS Benchmarking, OWASP
- Beneficial qualifications include:
- CISSP
- CISA
At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.