Director of Offensive Security

Responsibilities

• Build and run a continuous red team program against the production NMC² environment: HPC clusters, multi-tenant Kubernetes, bare-metal provisioning infrastructure, customer network fabric, identity plane, and the internal control surface itself (SIEM, EDR, IAM, PAM)
• Independently validate detection and response efficacy: every red team operation produces a detection coverage report measured against the SOC and IR functions, including time-to-detect, time-to-contain, and detection gap inventory by ATT&CK technique ID
• Own the purple team feedback loop: every undetected TTP becomes a tracked detection engineering deliverable with owner and SLA, every detected-but- unresponded TTP becomes a tracked IR playbook deliverable
• Run continuous attack surface validation against production, not just pre-production, with a documented rules-of-engagement framework, blast radius controls, and CISO-level authorization gates for destructive or high-risk techniques
• Own offensive validation of cloud and Kubernetes controls: IAM boundary testing, cross-account and cross-tenant escape attempts, container breakout chains, service mesh bypass, admission controller evasion, and secrets management integrity
• Drive threat modeling at design stage for new platform capabilities and major architecture changes, producing adversarial design reviews that the CISO signs off on before build
• Manage the external pentest and red team vendor portfolio: scoping, vendor selection, quality control of deliverables, and integration of external findings into the internal remediation tracking system
• Build and maintain the offensive tooling stack including custom implants, C2 infrastructure, and internal exploit development capability, with clear controls on tool custody, source code management, and destruction protocols
• Define and publish offensive security KPIs to CISO and board level: coverage against MITRE ATT&CK technique inventory, mean time to compromise from assumed-breach scenarios, control validation pass rate by control family, remediation velocity on P1 and P2 findings, and repeat finding rate
• Issue formal assessment reports using CWE classification, CVSS v3.1 base and environmental scoring, and explicit exploitation evidence; findings are attestations, not suggestions
• Champion an adversarial engineering culture across Platform and Security Engineering through documented attack patterns, regular internal briefings, and integration of offensive findings into developer tooling and CI/CD gates
• R equirements:
• 1 5 + years in offensive security with demonstrated hands-on depth across at least three of: network penetration testing, red team operations, cloud penetration testing, application exploitation, hardware and firmware attac

Benefits

Additional Information

The Company NorthMark Compute & Cloud (NMC²) is backed by dedicated leadership and investment, with a clear mission as it operates at the bleeding edge of technology. Its goal is to scale and enhance the high-performance computing (HPC) and cloud infrastructure that supports its clients' research, production, and delivery, enabling breakthroughs that shape the industries of tomorrow. Its engineers build critical infrastructure to eliminate friction in scientific research, simulations, analysis, and decision-making, acc elerating discovery and driving faster innovation. The Position The Director of Offensive Security reports directly to the CISO and owns continuous adversarial validation of the NMC² production environment. This is not a scheduled pentest function or a compliance-checkbox red team. You will build and run a standing offensive capability that operates against production with authorization, emulates named threat actors relevant to our customer base and infrastructure class, and produces independent, evidence-backed assessments of whether our controls work under realistic attack conditions. This function operates as an independent line of assurance within the Security organization, with a direct reporting relationship to the CISO. To preserve objectivity, assessment findings are delivered to the CISO without editorial review by the teams whose controls or systems are under evaluation. Security Engineering, Platform Engineering, and Security Architecture receive findings as remediation owners.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at northmark? Share your experience