Senior Manager - Offensive Security Engineer (Red Team)

Job Description

M3S is working exclusively with a large scale IT end user , we are looking for a Senior Manager who will be part of the cyber defence group

Role : Senior Manager for the 2nd line of defence (Red team)

Purpose of Position

As a member of the Cyber Defence Group (CDG) , the potential candidate will be responsible for carrying out proactive offensive security testing and assessment of IT assets in public healthcare, emulating potential adversary's attack or exploitation capabilities to improve security posture of public healthcare. The candidate will work in a specialised Red Team within CDG to strengthen public healthcare's cyber resilience against both internal and external threats through penetration testing and red teaming campaigns

Roles and Responsibilities:

• Plan and launch adversarial attack simulation exercises to test and validate the effectiveness of public healthcare's cyber defence and response plan against prevalent cyber threats
• Champion security research activities and team work required to carry out successful red team operations
• Possess technical expertise required to carry out unannounced internal and external ethical hacking exercises in public healthcare, across a number of environments, including web application, infrastructure and mobile platforms
• Adopt a threat actor's perspective when performing design assurance to ensure these systems are not only compliant, but offer effective security measures against advanced threats
• Develop customised attack payloads to bypass defenses and to emulate as advanced adversaries
• Review results of ethical hacking exercises conducted by the red team to determine severity of findings and provide recommended counter measures or mitigating controls to reduce risk to an acceptable and manageable level.
• Consistently research and keep up to date with the latest adversarial techniques

Requirements / Qualifications:

• Degree in Computer Science, Information Systems, Engineering or equivalent
• At least 6 years of cybersecurity experience, with strong background in orchestrating and performing adversarial attack simulation exercises
• Ability to articulate the business risk of technical vulnerabilities as well as provide sound mitigation recommendations to business users
• Knowledge about the latest cyber security tools and vulnerabilities is necessary
• Able to think like an adversary and be creative yet methodical in course of work
• Relevant certifications from CREST and/or Offensive Security strongly desired
• Ability to work well under minimal supervision and with a high degree of autonomy and responsibility.
• Excellent verbal, written communication and interpersonal skills, with the ability to communicate effectively with a broad range of people and roles, including IT, business users and senior management

EA Licence No: 11C5502
Registration No: R22105417
Smitha Karanth