Search by job, company or skills

nopalcyber

Senior Manager, Attack Surface Reduction

Save
  • Posted a month ago
  • Be among the first 10 applicants
Early Applicant

Job Description

As a Senior Manager of the Attack Surface Reduction (ASR) Team, you will lead an elite squad of highly technical security researchers and penetration testers. In the high-stakes environment of a Managed Security Service Provider (MSSP), this team is the frontline of defence and offense for our global clients.

You will be responsible for the end-to-end delivery of advanced security assessments, ranging from automated attack surface discovery to manual Red Team operations. This is a leadership role that requires technical depth, as you will guide experts in breaking into some of the most complex environments in the world to ensure they are unshakeable.

Key Responsibilities

  • Team Leadership: Lead, mentor, and scale a high-performance team of technical specialists. Foster a culture of continuous research, curiosity, and ethical hacking excellence.
  • Full-Spectrum Assessments: Oversee the execution of comprehensive security evaluations, both internally and externally for our client portfolio:
    • Application Security: DAST, SAST, SCA, both Black Box and Grey Box and deep-dive API security testing.
    • Offensive Operations: Red Teaming, Adversarial Simulations, and Breach & Attack Simulation (BAS).
    • Vulnerability Management: Advanced VAPT (Vulnerability Assessment & Penetration Testing)
    • Defensive Validation & Resiliency Testing: Ransomware Resiliency testing to ensure clients can withstand and recover from modern extortion tactics.
  • Attack Surface Discovery: Direct the continuous mapping of known and unknown digital assets to identify shadow IT and exposed entry points.
  • Service Innovation: Develop and refine the MSSP service catalogue. Identify emerging threats and translate them into new testing methodologies and cybersecurity services.
  • Stakeholder Management: Act as the technical authority during high-level client briefings, translating complex technical findings into actionable executive risk reports.

Requirements

Technical Requirements

  • Experience: 10+ years in Offensive Security, with at least 3–5 years in a formal leadership/management role.
  • Expertise: Deep technical mastery of the Attacker Mindset. You should be comfortable discussing advanced exploitation techniques, CI/CD pipeline vulnerabilities, and hybrid or cloud-native lateral movement in the same breath.
  • Tooling & Frameworks: Proficiency in modern toolkits (Burp Suite, Metasploit, Cobalt Strike, etc.).
  • Expertise in BAS platforms and Attack Surface Management (ASM) tools.
  • Experience with Cloud Security (AWS/Azure/GCP) and container security (Docker/K8s).
  • Firm grasp of the MITRE ATT&CK framework.
  • Certifications: Preferred: OSCE, OSEP, GXPN, or CISSP/CCSP/CISM.

Required Development & Automation Skills

  • Security Tooling Development: Proficiency in Python or Go (Golang) to build custom scanners, exploit wrappers, and automation scripts.
  • Infrastructure as Code (IaC): Solid understanding of Terraform or Ansible to rapidly spin up (and tear down) complex range environments for Red Team simulations and Ransomware Resiliency testing.
  • Dev-Sec-Ops & CI/CD Integration: Deep knowledge of how to integrate SAST/DAST/SCA tools directly into GitLab, GitHub Actions, or Jenkins pipelines without breaking the developer workflow.
  • API Mastery: Advanced ability to interact with, test, and develop against RESTful and Graph-QL APIs. This includes writing custom scripts to automate mass API vulnerability discovery.
  • Cloud-Native Development: Familiarity with Serverless (AWS Lambda/Azure Functions) and Containerization (Docker/Kubernetes) to identify and exploit misconfigurations in modern microservices architectures.
  • Exploit Development Basics: Understanding of low-level languages like C/C++ or Rust to oversee the team when they are performing deep-dive binary analysis or bypass research.
  • Data Engineering for Security: Ability to work with SQL/NoSQL and ELK stacks (Elasticsearch, Logstash, Kibana) to aggregate and analyse the massive amounts of data generated during Attack Surface Discovery.

Soft Skills & Leadership

  • Candor & Clarity: The ability to give direct, constructive feedback to a highly technical team while maintaining high morale.
  • Strategic Vision: Moving beyond finding bugs to helping clients build long-term Resilience Frameworks.

· Technical Depth: You must be able to speak the language of highly technical researchers to earn their respect and provide valid guidance.

· Pressure Management: Thriving in the fast-paced, 24/7 nature of an MSSP.

Benefits

Why Join Us

You aren't just managing a team; you are architecting the future of offensive security. You will have access to diverse environments, cutting-edge Advanced Technologies, and you'll drive red-team strategies and emulate real-world adversaries to ensure clients stay ahead of the global threat landscape.



More Info

Job Type:
Industry:
Employment Type:

About Company

Job ID: 145058917

Similar Jobs

Hyderabad, India

Skills:

red teaming MetasploitCloud SecurityElk StackNosqlDockerApplication SecurityTerraformGitlabPythonVulnerability AssessmentSqlPenetration TestingJenkinsBurp SuiteAnsibleKubernetesAttack Surface DiscoveryGraph-QL APIsGoGitHub ActionsCobalt StrikeOffensive SecurityRansomware Resiliency Testing

Hyderabad, India

Skills:

data engineering containerization JavaMlApisData ModelingSqlSdlcDevopsDockerAgileAzureKubernetesPythonAWSNoSQL databasessoftware architecturesAicloud platforms

Hyderabad, India

Skills:

smartsheet Data ManagementSAPUipathSASVeevaTableauData CleansingC3PythonData AnalyticsPower BiPower AutomateWorkdaySqlDatabricksdata lakesReporting SolutionsOptroAlteryx DesignerAuditBoardaudit automationMicrosoft FormsConcurenterprise data warehouses

Hyderabad, India

Skills:

Databasesbusiness intelligence and reporting toolsReport AutomationJIRAShellConfluencePythonmetrics tracking systemsAI agentic tools and frameworksModel Context ProtocolsMS ProjectMCPs

Hyderabad, India

Skills:

Artificial Intelligence and ML?based threat detection and automation toolsData interpretation and feature?analysis capabilities for threat?analytics modelsProgramming or scripting PHP Python JavascriptData enrichment pipelinesDigital forensics tools and techniquesIncident response including major incident response leadershipTechnical writing and communicationCyber defense frameworks NIST ISO CISAutomation platforms SOARSIEM tools Splunk SentinelUnderstanding of ML model behavior