Senior Manager, Attack Surface Reduction

As a Senior Manager of the Attack Surface Reduction (ASR) Team, you will lead an elite squad of highly technical security researchers and penetration testers. In the high-stakes environment of a Managed Security Service Provider (MSSP), this team is the frontline of defence and offense for our global clients.

You will be responsible for the end-to-end delivery of advanced security assessments, ranging from automated attack surface discovery to manual Red Team operations. This is a leadership role that requires technical depth, as you will guide experts in breaking into some of the most complex environments in the world to ensure they are unshakeable.

Key Responsibilities

• Team Leadership: Lead, mentor, and scale a high-performance team of technical specialists. Foster a culture of continuous research, curiosity, and ethical hacking excellence.
  
• Full-Spectrum Assessments: Oversee the execution of comprehensive security evaluations, both internally and externally for our client portfolio:
  
• Application Security: DAST, SAST, SCA, both Black Box and Grey Box and deep-dive API security testing.
  
• Offensive Operations: Red Teaming, Adversarial Simulations, and Breach & Attack Simulation (BAS).
  
• Vulnerability Management: Advanced VAPT (Vulnerability Assessment & Penetration Testing)
  
• Defensive Validation & Resiliency Testing: Ransomware Resiliency testing to ensure clients can withstand and recover from modern extortion tactics.
  
• Attack Surface Discovery: Direct the continuous mapping of known and unknown digital assets to identify shadow IT and exposed entry points.
  
• Service Innovation: Develop and refine the MSSP service catalogue. Identify emerging threats and translate them into new testing methodologies and cybersecurity services.
  
• Stakeholder Management: Act as the technical authority during high-level client briefings, translating complex technical findings into actionable executive risk reports.
  
  

Technical Requirements

• Experience: 10+ years in Offensive Security, with at least 35 years in a formal leadership/management role.
  
• Expertise: Deep technical mastery of the Attacker Mindset. You should be comfortable discussing advanced exploitation techniques, CI/CD pipeline vulnerabilities, and hybrid or cloud-native lateral movement in the same breath.
  
• Tooling & Frameworks: Proficiency in modern toolkits (Burp Suite, Metasploit, Cobalt Strike, etc.).
  
• Expertise in BAS platforms and Attack Surface Management (ASM) tools.
  
• Experience with Cloud Security (AWS/Azure/GCP) and container security (Docker/K8s).
  
• Firm grasp of the MITRE ATT&CK framework.
  
• Certifications: Preferred: OSCE, OSEP, GXPN, or CISSP/CCSP/CISM.
  
  

Required Development & Automation Skills

• Security Tooling Development: Proficiency in Python or Go (Golang) to build custom scanners, exploit wrappers, and automation scripts.
  
• Infrastructure as Code (IaC): Solid understanding of Terraform or Ansible to rapidly spin up (and tear down) complex range environments for Red Team simulations and Ransomware Resiliency testing.
  
• Dev-Sec-Ops & CI/CD Integration: Deep knowledge of how to integrate SAST/DAST/SCA tools directly into GitLab, GitHub Actions, or Jenkins pipelines without breaking the developer workflow.
  
• API Mastery: Advanced ability to interact with, test, and develop against RESTful and Graph-QL APIs. This includes writing custom scripts to automate mass API vulnerability discovery.
  
• Cloud-Native Development: Familiarity with Serverless (AWS Lambda/Azure Functions) and Containerization (Docker/Kubernetes) to identify and exploit misconfigurations in modern microservices architectures.
  
• Exploit Development Basics: Understanding of low-level languages like C/C++ or Rust to oversee the team when they are performing deep-dive binary analysis or bypass research.
  
• Data Engineering for Security: Ability to work with SQL/NoSQL and ELK stacks (Elasticsearch, Logstash, Kibana) to aggregate and analyse the massive amounts of data generated during Attack Surface Discovery.
  
  

Soft Skills & Leadership

• Candor & Clarity: The ability to give direct, constructive feedback to a highly technical team while maintaining high morale.
  
• Strategic Vision: Moving beyond finding bugs to helping clients build long-term Resilience Frameworks.
  

Technical Depth: You must be able to speak the language of highly technical researchers to earn their respect and provide valid guidance.

Pressure Management: Thriving in the fast-paced, 24/7 nature of an MSSP.

Why Join Us

You aren't just managing a team; you are architecting the future of offensive security. You will have access to diverse environments, cutting-edge Advanced Technologies, and you'll drive red-team strategies and emulate real-world adversaries to ensure clients stay ahead of the global threat landscape.