The Senior Manager – Cyber Security Offensive Engineer is responsible for conducting advanced penetration testing, vulnerability assessments, and red teaming exercises to identify security weaknesses. This role involves executing simulated cyber-attacks, analyzing security risks, and developing countermeasures to enhance the organization’s security posture. The Senior Manager will collaborate closely with security teams to improve threat detection and defense mechanisms.
Key Responsibilities:
- Perform advanced penetration testing on networks, applications, cloud environments, and IT infrastructure.
- Conduct vulnerability assessments and security audits to identify and mitigate risks.
- Develop and execute simulated cyber-attacks to test security defenses.
- Research and utilize latest attack methodologies to assess resilience against real-world cyber threats.
- Perform threat modeling to anticipate potential attack vectors and weaknesses.
- Develop custom security tools and scripts for automation and testing purposes.
- Provide detailed reports on security vulnerabilities, risks, and recommended mitigations.
- Work with the Blue Team to enhance cybersecurity strategies and improve defensive measures.
- Keep up-to-date with emerging security threats, vulnerabilities, and exploits.
- Educate internal teams on offensive security techniques and best practices.
Requirements
- Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field.
- Strong experience in penetration testing, red teaming, and vulnerability assessments.
- Strong expertise in network security, ethical hacking, and security frameworks.
- Hands-on experience with penetration testing tools (Metasploit, Burp Suite, Kali Linux, etc.).
- Proficiency in scripting and automation (Python, Bash, PowerShell, etc.).
- Excellent problem-solving and analytical skills with a hacker mindset.
- Good communication skills for stakeholder engagement and risk reporting.
- Knowledge of international security frameworks (NIST, PCI-DSS, OWASP, MITRE ATT&CK).
- Preferred certifications: OSCP, GPEN, CISSP, CEH, or equivalent.
- Fluent in Thai and English (written and spoken).