Risk Services, Manager / Assistant Manager – Offensive Security (Security Testing Delivery & Business Development)

Key Responsibilities 

A. End-to-End Security Testing Project Management & Delivery 

• Own and manage Security Testing engagements end-to-end from scoping, scheduling, resource allocation, execution, quality review, reporting, and closure within strict, time-sensitive deadlines. 

• Manage multiple concurrent projects simultaneously, ensuring adherence to SLAs, timelines, and quality benchmarks. 

• Develop and maintain project plans, trackers, and status dashboards for all active engagements. 

• Coordinate with internal teams (consultants, QA reviewers, threat intelligence) to ensure timely delivery and consistent output quality. 

• Conduct kick-off calls, weekly status reviews, and post-engagement debriefs with clients. 

• Proactively identify project risks and delays, escalate where needed, and drive resolution to keep engagements on track. 

• Ensure all deliverables (reports, presentations, remediation guidance) undergo quality review before client submission. 

• Define and continuously improve Security Testing delivery processes, templates, checklists, and methodologies for operational efficiency. 

B. Technical Delivery & Consultancy 

• Conduct vulnerability assessments and penetration testing (VAPT) across networks, web applications, mobile applications, APIs, cloud environments, and infrastructure. 

• Perform source code reviews when required. 

• Collaborate with clients and the threat intelligence team to define assessment objectives, goals, scope, and scenarios. 

• Simulate cyber-targeted attacks using adversary techniques, tactics, and procedures (TTPs) on client environments where red team engagements are required. 

• Prepare detailed reports on identified security vulnerabilities, attack paths, and actionable remediation recommendations. 

• Develop comprehensive and accurate reports and presentations for both technical and executive audiences. 

• Stay up to date on the latest cybersecurity threats, attack techniques, and industry trends. 

• Interface with clients to address concerns, issues, or escalations; track and drive to closure any issues that impact service delivery and client satisfaction. 

C. Business Development (BD) & Pre-Sales 

• Support pre-sales activities - participate in client pitches, RFP/RFI responses, and proposal development for VAPT and security assessment services. 

• Contribute to revenue targets by identifying upsell and cross-sell opportunities within existing client accounts. 

• Build and nurture long-term client relationships to drive repeat business and strategic partnerships. 

• Develop service offerings, capability decks, and case studies to support the BD pipeline. 

• Represent the organization at industry events, webinars, and conferences to build brand visibility and generate leads. 

D. People & Team Management 

• Mentor, guide, and review the work of junior consultants and analysts. 

• Support hiring, onboarding, and skill development within the offensive security team. 

• Foster a culture of quality, accountability, and continuous learning. 

Requirements & Qualifications Education 

• Bachelor’s degree in Computer Engineering/Science, Information Security, or a related technical discipline (or equivalent work experience). 

Experience 

• Minimum 5-8 years of relevant experience in offensive security / Security Testing, preferably in a consulting or professional services environment. 

• Proven track record of managing multiple Security Testing projects simultaneously with tight, time-sensitive deadlines. 

• Hands-on experience in end-to-end engagement delivery - scoping, execution, reporting, and closure. 

• Demonstrated experience in pre-sales, proposal writing, or business development in cybersecurity services. 

• Experience with effort estimation, scoping, and pricing of security assessment engagements. 

Certifications (Required – must have at minimum) 

• CREST CRT 

Certifications (Preferred / Nice-to-Have) 

• OSCP (Offensive Security Certified Professional)  

• CREST CCT 

• GPEN, GWAPT, or equivalent 

• OSWE, OSED, CRTO, CRTP 

• PMP / PRINCE2 or equivalent project management certification 

• CEH (as a baseline) 

Technical Skills & Experience 

Experience in at least four of the following: 

• Performing targeted penetration tests including vulnerability identification, exploitation, and post-exploitation across networks, web apps, APIs, mobile, and cloud. 

• Strong credentials in wireless, web application, and network security testing. 

• Setting up and operating red team / penetration testing infrastructure. 

• Shell scripting or automation of tasks using Python, Perl, Bash, Ruby, or PowerShell. 

• Thorough understanding of network protocols, data on the wire, and covert channels. 

• Strong understanding of Unix/Linux/Mac/Windows operating systems. 

• Familiarity with cloud security assessments (AWS, Azure, GCP). 

• Experience with compliance-driven VAPT aligned to frameworks such as PCI-DSS, ISO 27001, NIST, SOC 2, HIPAA, etc. 

Soft Skills & Competencies 

• Excellent stakeholder management and client-facing communication skills. 

• Ability to document and explain technical details in a concise, understandable manner to both technical and non-technical audiences. 

• Strong organizational and multitasking abilities – comfortable managing competing priorities under pressure. 

• Commercial awareness and a results-driven mindset for BD contributions. 

• Proficiency with project management. 

• Leadership qualities – ability to motivate teams and drive accountability. 

As the team experience high volume of applications, we regret to inform that only shortlisted candidates will be notified.