IT Security Manager

Key Responsibilities

• Design and implement a comprehensive Red Teaming framework, including Rules of Engagement (ROE), deconfliction protocols, and safety standards for adversarial simulations.
• Execute advanced post-exploitation activities such as lateral movement, privilege escalation, and persistent data exfiltration to demonstrate real business impact.
• Partner with Blue Teams to convert complex attack paths into actionable detection use cases and security architecture improvements.
• Conduct deep-tier research to identify unknown vulnerabilities (zero-days) within custom applications and internal platforms.
• Lead advanced manual penetration testing across web applications, APIs, mobile platforms (iOS/Android), and thick client environments beyond compliance-driven assessments.
• Develop custom exploit scripts (Python/C) through manual code review, assembly analysis, and logic flaw identification to validate critical vulnerabilities.
• Perform business logic testing using manual request manipulation and adversarial thinking to uncover high-impact flaws missed by automated tools.
• Reverse engineer proprietary systems, protocols, and legacy applications to ensure full security coverage.
• Bypass defensive controls by simulating real-world adversary techniques, including evasion of EDR, WAF, and identity-based protections.
• Drive AI/LLM Security Testing, including prompt injection, data leakage, model abuse, and secure agent validation.
• Enable Autonomous Pentesting capabilities by leveraging AI-driven tooling and adversarial automation frameworks.
• Perform DSAT (Data Security & Exposure Assessment Testing) to simulate sensitive data discovery, access misuse, and exfiltration scenarios.
• Support Application Security (AppSec) by collaborating with development teams on SAST/DAST improvements and secure design validation.
• Ensure alignment with regulatory frameworks such as FedRAMP and StateRAMP, working closely with US stakeholders and external assessors.

Our Interview Practices