About the Role:

We are seeking a highly skilled and hands-on individual with 7+ years of relevant experience to join our dynamic cybersecurity team as a Lead Offensive Security Consultant. In this role, you will be responsible for leading offensive security initiatives, conducting penetration testing, vulnerability assessments, and evaluating mobile apps, cloud infrastructure. This position requires strong people management skills along with deep technical expertise in product security and a proactive approach to solving security challenges. You will also be tasked with planning, leading, and executing projects, including team management.

Responsibilities:

• Actively participate in security testing of web and mobile applications.
• Conduct thorough penetration tests on applications, systems, and networks to identify vulnerabilities.
• Support the internal and/or customer development team in the preparation, formalization, implementation and verification of security requirements following a “Security by Design” principle.
• Develop and execute hands-on DevSecOps programs, including penetration testing, automation, static/dynamic code analysis, threat modeling, and developer training.
• Ability to think like an attacker. Conduct secure design reviews and contribute to threat modeling exercises.
• Preparing reports at both technical and executive level, providing recommendations to an heterogeneous public.
• Plan, lead and execute projects, including team management.
• Stay up-to-date with the latest security trends, vulnerabilities, and industry best practices.
• Engage in continuous learning and research to improve your skills and contribute to the team's knowledge base.

Requirements:

• Minimum 5 years of consulting experience in Red Teaming/Pentesting and possesses industry recognised certifications (e.g. CISSP, OSCP, CRT, CREST, CRTP)
• Experienced and well versed in security testing domains. For example, red teaming, web/network/mobile/cloud/thick client vulnerability assessments and penetration testing.
• Proven experience in implementing proactive security solutions and integrating security into the software development lifecycle (SDLC).
• Ability to explain vulnerabilities and weaknesses in OWASP Top 10 and SANS Top 25 to any audience and discuss effective defensive techniques
• Familiarity with programming languages (e.g., Python, Bash, C#, or JavaScript).
• Hands-on experience securing cloud infrastructure and familiarity with containerization technologies (Kubernetes, Docker).