Director- Offensive Security

Requirements

• Bachelor's degree from accredited university or college with minimum of 8 years of professional experience OR Associates degree with minimum of 11 years of professional experience OR High School Diploma with minimum of 13 years of professional experience
• Minimum of 5 years of specific experience in offensive security, penetration testing, and/or Red Team operations
• Demonstrated people leadership experience leading and developing technical teams (including performance management and talent development).
• Demonstrated experience overseeing penetration testing services, including web application testing and broader multi-layer (Defense-in-Depth) assessments.
• Demonstrated experience leading Red Team engagements, including safe execution, stakeholder alignment, and high-quality reporting.
• Experience managing third-party vendors/consultants supporting security delivery.
• Experience assessing or leading engagements in OT and/or embedded/on-product environments, including uptime- and safety-sensitive contexts.
• Experience maturing an offensive security program using repeatable playbooks, automation, governance, and metrics.
• Experience owning or administering offensive security tooling and engagement management platforms (for example, AttackForge, Nessus), including budget/contract accountability.
• Purple-team experience partnering with detection engineering/SOC to validate telemetry, tune detections, and demonstrate defensive improvements.
• Relevant certifications (desired, not required): OSCP/OSWE/OSCE, GPEN/GXPN, GCIH, CISSP, or equivalent demonstrated expertise.
• Additional Information:

Benefits

Additional Information

Job Description Summary This role leads a team that delivers traditional web application penetration testing, Defense-in-Depth assessments extending beyond the web layer, and Red Team engagements ranging from focused control validations to long-term adversary emulation exercises, including both stealth and overt operations.The Director will shape an automation-first and intelligence-driven offensive security program, leveraging AI-enabled operations, testing orchestration, attack simulation, data-driven prioritization, and continuous validation techniques to improve scale, speed, consistency, and measurable risk reduction. This role will ensure offensive security services evolve from point-in-time testing toward a continuous assurance model that validates security posture across enterprise, product, and emerging technology environments. Job Description Roles and Responsibilities People leadership & talent development : Hire, lead, coach, and retain an expert team; establish goals, role clarity, performance expectations, and development plans; build succession and continuity. Strategic oversight: Define and execute the offensive security strategy, including an automation-first and AI-enabled operating model that scales penetration testing, adversary emulation, and continuous security validation across IT, cloud, product, OT, and AI/ML environments. Drive roadmap priorities across talent, tooling, process standardization, service maturity, and measurable risk reduction. Service ownership & delivery oversight : Own end-to-end engagement delivery for web application penetration testing, Defense-in-Depth assessments, and Red Team operations, including intake, scope definition, scheduling, quality review, and executive/stakeholder communications. Red Team program leadership : Direct stealth and overt engagements; establish rules of engagement, testing safety controls, deconfliction, and coordination with detection and incident response teams. Defense-in-Depth coverage across environments : Ensure assessments address application, infrastructure, identity, cloud, product/software, and OT considerations (as applicable), balancing thoroughness with operational reliability. Vendor management : Manage vendor relationship(s) supporting Red Team activities, including SOW/SLAs, onboarding/offboarding, service quality, and cost management. Tooling & contract ownership : Own the offensive security tool portfolio and contracts (for example, Nessus, AttackForge), including renewals, license management, usage optimization, secure operations, and capability roadmap. Partnership & remediation outcomes : Partner with vulnerability management, product security, engineering, and infrastructure teams to ensure findings are actionable, prioritized, tracked, and re-tested as appropriate. Standards, governance, and reporting : Define and maintain assessment methodologies, reporting standards, and measurable KPIs (coverage, cycle time, remediation progress, repeat findings, and detection/control validation).

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at GE Aerospace? Share your experience