Manager, Offensive Security & Penetration Testing

If you

• are excited to work in an international, fast-paced, multi-faceted media company.
• are comfortable ensuring timely escalation, responsiveness and follow through to meet deadlines.
• are knowledgeable of, and understand, the risk-based business impact approach to cybersecurity.
• are actively questioning and influencing actions needed to attain goals and targets.
• are comfortable driving strategic initiatives forward.
• Then help us create the future with one of the worlds largest media & entertainment companies.
• Deliver high quality security assessment reports to stakeholders and drive change to improve the security posture of the organization.
• Advancing strategic initiatives by influencing leadership, key stakeholders, and partnering with teams throughout WBD.
• Influence team strategy, direction, and priorities.
• Leading effective teamwork, communication, collaboration and commitment across multiple disparate groups with competing priorities
• Create detailed security assessment plans for penetration team engineers to execute.
• Assess current team capabilities and create a roadmap for future state capabilities that in line with the industry leaders in Security assessments.
• Execute and Lead penetration testing engagements against a variety of web applications/services and software.
• Develop and execute attack strategies to simulate real-world attacks by threat actors.
• Ability to identify and exploit vulnerabilities in computer systems, networks,and applications to simulate attacks by threat actors.
• Analyze and report on the results of security assessments and make recommendations to improve the security posture of the organization.
• Advise management about noncompliance with defined standards in applications tested.
• Partner with developers to drive improvement in application security as a result of security assessment engagements.
• Provide clear communication on the issue to developers and verify the efficacy of the fix .
• Provide actionable remediation feedback for findings and/or long-term risk mitigation guidance.
• Provide guidance and recommendations to other teams to improve the security of products.
• Demonstrate deep understanding of computer networks, operating systems, databases, web applications, and mobile applications.
• Experience with Secure software development lifecycle, distributed systems and security protocols.
• Create custom tools and scripts to automate testing and make the process more efficient.
• Support and maintain tools used for penetration testing and security assessments.
• Develop and mentor other security engineers.
• Must be based in the WBDs office, minimum three days/week.

Qualifications & Experiences

• A Bachelor's degree in Computer Science , Cybersecurity, or other related fields, from an accredited university or an equivalent professional experience may suffice in lieu of a Bachelors degree.
• Minimum of 7 or more years of professional experience with 3 or more years of management experience with security engineering practices such as in web application security, network security, authN / authZ protocols, cryptography, automation, and other software security.
• Minimum of 5 years of experience in penetration testing, code review, bug bounty hunting, or red teaming/capture the flag experience.
• Experience in scripting in Python or other languages to build automation tools.
• Team player with strong communication skills.
• Experience briefing senior leaders.