Responsibilities
- Develop and execute a roadmap integrating Secure SDLC with continuous adversary simulation.
- Translate technical metrics into business risk narratives for executive leadership and Board of Directors.
- Recruit, mentor, and retain top-tier talent in Offensive Security and AppSec.
- Lead Offensive Security team for Threat-Led Defense operations simulating realistic APT campaigns.
- Own Incident Response capability driving continuous improvement through drilling and automation.
- Implement automated systems to measure and remediate Configuration Drift and Detection Drift.
- Institutionalize collaboration among Offensive Security Analysts, CSIRT analysts, and other teams to validate and tune detection logic.
- Direct security architecture for cloud-native environment (AWS and Azure) ensuring immutable infrastructure and strict IAM governance.
- Oversee risk-based Vulnerability Management prioritizing remediation by exploitability and asset criticality.
- Ensure product architecture supports SOC 2 and regulatory requirements in partnership with Governance team.
- Champion automated security testing (SAST/DAST/SCA) within engineering pipelines.
Requirements
- Minimum 10+ years progressive Information Security experience, with 5+ years senior leadership managing multi-disciplinary teams.
- Experience developing and executing multi-year security roadmap aligning controls with business objectives and risk tolerance.
- Ability to communicate complex technical risks to executive leadership and Board of Directors in business terms.
- Hands-on leadership of Offensive Security (Red Team) including adversary simulation and threat-led defense.
- Expertise in Cloud-Native Security Architecture (AWS and/or Azure).
- Experience designing and managing risk-based Vulnerability Management at scale.
- Knowledge of Secure Software Development Lifecycle (SSDLC) and automated security testing tools integration.
- Expertise in Incident Response and CSIRT operations including process ownership and continuous improvement.
- Experience with Purple Teaming methodologies for enhancing detection and response collaboration.
- Talent acquisition, development, and retention skills focused on specialized security professionals.
- Ability to build positive, high-trust team culture emphasizing psychological safety and collaboration.
- Experience aligning security practices with regulatory and compliance frameworks such as SOC 2, ISO 27001.