Senior Manager - Cyber Security Offensive Engineer

The Senior Manager – Cyber Security Offensive Engineer is responsible for conducting advanced penetration testing, vulnerability assessments, and red teaming exercises to identify security weaknesses. This role involves executing simulated cyber-attacks, analyzing security risks, and developing countermeasures to enhance the organization’s security posture. The Senior Manager will collaborate closely with security teams to improve threat detection and defense mechanisms.

Key Responsibilities:

• Perform advanced penetration testing on networks, applications, cloud environments, and IT infrastructure.
• Conduct vulnerability assessments and security audits to identify and mitigate risks.
• Develop and execute simulated cyber-attacks to test security defenses.
• Research and utilize latest attack methodologies to assess resilience against real-world cyber threats.
• Perform threat modeling to anticipate potential attack vectors and weaknesses.
• Develop custom security tools and scripts for automation and testing purposes.
• Provide detailed reports on security vulnerabilities, risks, and recommended mitigations.
• Work with the Blue Team to enhance cybersecurity strategies and improve defensive measures.
• Keep up-to-date with emerging security threats, vulnerabilities, and exploits.
• Educate internal teams on offensive security techniques and best practices.

Requirements

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field.
• Strong experience in penetration testing, red teaming, and vulnerability assessments.
• Strong expertise in network security, ethical hacking, and security frameworks.
• Hands-on experience with penetration testing tools (Metasploit, Burp Suite, Kali Linux, etc.).
• Proficiency in scripting and automation (Python, Bash, PowerShell, etc.).
• Excellent problem-solving and analytical skills with a hacker mindset.
• Good communication skills for stakeholder engagement and risk reporting.
• Knowledge of international security frameworks (NIST, PCI-DSS, OWASP, MITRE ATT&CK).
• Preferred certifications: OSCP, GPEN, CISSP, CEH, or equivalent.
• Fluent in Thai and English (written and spoken).