Offensive Security Manager (Financial Sector

Lead and manage offensive security initiatives including penetration testing, red teaming, and adversary emulation exercises.
Design and execute attack simulations to assess the effectiveness of security controls and incident response capabilities.
Collaborate with blue team and SOC to improve detection, response, and mitigation strategies based on offensive findings.
Develop and maintain a threat-informed testing framework aligned with MITRE ATT&CK and other industry standards.
Oversee vulnerability assessments and exploit development to uncover weaknesses in applications, infrastructure, and cloud environments.
Produce detailed reports and executive summaries outlining findings, risk levels, and remediation recommendations.
Stay current with emerging threats, attack techniques, and offensive security tools to continuously evolve testing methodologies.
Mentor junior team members and promote a culture of ethical hacking and continuous improvement.

Bachelor's degree in Cybersecurity, Computer Science, or a related field.
Minimum 8 years of experience in offensive security, with at least 3 years in a leadership or managerial role.
Strong hands-on experience in penetration testing, red teaming, and exploit development.
Proficiency in tools such as Metasploit, Burp Suite, Cobalt Strike, Kali Linux, Nmap, and custom scripting (Python, PowerShell).
Familiarity with cloud environments (AWS, Azure) and container security.
Certifications such as OSCP, OSCE, CRTP, or similar are highly preferred.
Excellent communication skills with the ability to present technical findings to both technical and non-technical stakeholders.
Fluent in English; Cantonese or Mandarin is a plus.

Offensive Security Manager (Financial Sector Client)