Senior Manager - Offensive Security

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360 platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a clients needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service.

Job responsibilities:

• Own and scale the Offensive Security Practice, including strategy, capability development, revenue growth, and market positioning.
• Provide executive oversight for Attack Surface Management, Penetration Testing, Red Teaming, and Cloud VAPT engagements, ensuring delivery excellence, quality control, and consistency across client portfolios.
• Lead the end-to-end lifecycle of complex offensive security programs (Application Security, API, Mobile, IoT, Infrastructure, Cloud), aligning delivery with client risk posture and business objectives.
• Establish and mature standardized methodologies, frameworks, and quality assurance processes across penetration testing, red teaming, source code review, and DAST/SAST initiatives.
• Drive the evolution of the Red Team and Adversary Simulation capabilities, incorporating threat intelligence, emerging attack vectors, and advanced tradecraft.
• Build, mentor, and retain a high-performing team of security consultants, team leads, and architects; define competency frameworks and certification roadmaps.
• Act as the executive escalation point for high-risk engagements, ensuring technical depth, stakeholder confidence, and actionable remediation strategies.
• Partner with Sales and Account teams to support solutioning, proposal development, RFP responses, and client presentations, contributing to revenue expansion and practice growth.
• Define engagement scope, success metrics, and governance standards; track utilization, margins, and delivery KPIs for sustained practice profitability.
• Provide strategic oversight for Application Security programs, integrating threat modeling, secure code review, and DevSecOps practices into client environments.
• Lead innovation initiatives by researching emerging technologies and evolving threat landscapes, translating insights into new service offerings and differentiators.
• Present executive-level security briefings to CXOs and senior stakeholders, translating complex technical findings into business risk narratives.
• Ensure all security deliverables technical reports, risk assessments, and executive summaries meet high standards of clarity, depth, and business relevance.

Job specifications:

Qualification:

Bachelors degree in Engineering or closely related coursework in technology

development disciplines

Certifications like OSCP, CEH, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN are desirable

Experience:

Total Experience 15+ years

Desired Skills & Experience

• OSCP and/or OSCE certified (preferred).
• Strong understanding of Secure SDLC and modern application security practices.
• Deep knowledge of OWASP Top 10, common attack vectors, and offensive testing methodologies.
• Hands-on expertise with leading security tools (e.g., Nmap, Metasploit, Burp Suite, Kali, Cobalt Strike).
• Proven experience in Cloud Security Testing (AWS, GCP, Azure) and Mobile Penetration Testing (iOS/Android).
• Experience in Microservices and Kubernetes security testing.
• Ability to identify and exploit vulnerabilities across modern tech stacks (C++, Java, JavaScript, Go, Python) and cloud-native environments.
• Strong scripting/coding capability (Python, Go, Java, C/C++ preferred).
• Passion for offensive security research and capability development.

Personal Attributes

• Self-driven, proactive, and capable of operating with minimal supervision.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills, with the ability to engage cross-functionally and at leadership levels.
• Comfortable working in fast-paced, high-pressure environments while maintaining attention to detail.