Associate Director - Cyber Security Offensive Engineer

The Associate Director – Cyber Security Offensive Engineer leads the organization’s offensive security initiatives, managing red teaming, adversary simulation, and ethical hacking programs. This role is responsible for defining offensive security strategies, enhancing attack simulation frameworks, and working closely with executives and IT leadership to improve the organization’s overall security resilience. The Associate Director will also play a key role in security awareness, training, and leadership within the cybersecurity team.

Key Responsibilities:

• Develop and implement the organization’s offensive security strategy.
• Lead red teaming and advanced persistent threat (APT) simulations to assess security defenses.
• Oversee enterprise-wide penetration testing programs and provide risk-based recommendations.
• Manage a team of offensive security professionals and oversee security assessments.
• Perform threat modeling and attack simulations against critical IT assets.
• Collaborate with executive leadership to align offensive security with business objectives.
• Evaluate and integrate advanced security tools and technologies for attack simulation.
• Provide technical leadership in security research, vulnerability analysis, and adversary tactics.
• Deliver strategic insights and reports to C-level executives and security committees.
• Drive internal cybersecurity awareness and training initiatives.
• Keep up with global cybersecurity trends, new attack techniques, and regulatory changes.

Requirements

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.
• Experience in offensive security, penetration testing, and ethical hacking.
• Proven leadership experience in managing red teaming and adversarial security programs.
• Expertise in attack simulation, risk analysis, and security strategy development.
• Advanced knowledge of network security, malware analysis, exploit development.
• Hands-on experience with penetration testing frameworks and security automation tools.
• Strong stakeholder management and executive communication skills.
• Deep understanding of regulatory frameworks (ISO 27001, PCI-DSS, NIST, GDPR).
• Preferred certifications: OSWE, OSCP, CISSP, GXPN, or equivalent.
• Bilingual proficiency in Thai and English is a strong advantage.