Offensive Security Manager - Product Security M4
BR-Remote
Brazil Careers
Req #: 15968
Type: Regular
|
Overview: Avalara's Product Security organization is looking for a Penetration Testing Senior Manager to lead our Offensive Security team. In this role you will be responsible for leading a team of highly skilled penetration testers whose mission will be to conduct offensive pen-testing activities against our microservices, applications, infrastructure, data-layer and AI-based services. You will work closely with our engineering groups to define pen-test scope, schedule, lead assessment engagements, and map assessment findings into engineering plans for remediation, ultimately guiding our product security uplift activities. This is a unique opportunity to make real impacts on our overall security posture, define the strategic direction and evolution of our assessments team, and help Engineering improve our security designs for our next generation of systems and services. This role will report to the VP of Product Security. Responsibilities: Lead, manage, and develop our geographically distributed offensive security and pen-test team. Mentor and teach junior pen-testers on TTPs Manage and organize pen-test preparation and scheduling activities for in-house and out-ofhouse white-box and grey-box assessment activities. Create written assessment reports for both engineering and IT consumers Validate, refine, and defend the offensive security team's work product Oversee Avalara's responsible disclosure programs (RDP) and bug-bounty programs Be a subject matter expert and ambassador to Avalara Engineering in the areas of secure coding practices, penetration testing, and all other aspects of application, AI, and infrastructure security Qualifications: Basic Qualifications: Hold an Offensive Security Certified Professional (OSCP) certification 3-5 years of management experience, and 12+ years overall of security assessment experience Have a formal knowledge of attack vectors, exploits and mitigations, and be able to verbalize Tactics, Techniques and Procedures (TTPs) related to carrying out security assessments Prior experience scoping and performing pen-testing of applications, and microservices based environments, from limited to full scope across a wide range of API & UI technology stacks, public cloud and infrastructure. Ability to problems solve and make complex analytical decisions with less than full information in ambiguous situations and environments Good conversation level, Strong verbal and written English communication skills Preferred Qualifications: Prior experience leading distributed assessments teams over multiple international locations, working with in-house engineering organizations Understanding of secure SDLC/CICD software lifecycle and QA processes, and software security architecture principles Familiarity with hacking applications resident in AWS, OCI and GCP public cloud providers, plus private cloud equivalent service layers Experience with performing AI assessments and OWASP AI LLM Top-10 AI-based pen-testing
Share this job:
