Director, Threat Operations & Penetration Testing

Department Overview

The Director, Threat Operations & Offensive Security is responsible for defining, leading, and scaling a global cybersecurity program spanning two critical pillars:

• Threat Operations — Insider Risk, Threat Hunting, and Cyber Threat Exposure Management (CTEM)
• Offensive Security — Red Teaming, Penetration Testing, and Adversary Simulation

This role leads a geographically distributed team across the United States and United Kingdom, sets strategic direction, and ensures all activities translate into measurable risk reduction and enhanced detection/response capabilities for the enterprise. You will partner closely with Incident Response, Detection Engineering, Security Operations (GSOC), Engineering, and Technology Risk stakeholders to drive cross‑functional outcomes.

This role balances strategic program leadership, deep technical expertise, and executive communication—reporting to the Sr. Director, Cyber Defense within Global Cyber Security (GCS).

• Define and execute the global strategy and multi‑year roadmap for Threat Operations and Offensive Security programs
• Establish measurable goals, KPIs, and OKRs aligned to enterprise cyber risk reduction
• Drive integration between CTEM, threat hunting, insider risk, detection engineering, and offensive testing to create a unified threat‑informed defense model
• Provide executive‑level reporting on program outcomes, risk posture, and operational metrics to GCS and Global Technology leadership

• Insider Risk — Lead the insider threat program to detect, investigate, and mitigate internal threats through behavioral analytics, policy enforcement, and cross‑functional partnerships (HR, Legal, Compliance)
• Threat Hunting — Mature proactive threat hunting capabilities to identify advanced persistent threats, anomalous activity, and gaps in detection coverage across the global enterprise
• Cyber Threat Exposure Management (CTEM) — Own the CTEM lifecycle including attack surface visibility, exposure prioritization, vulnerability validation, and remediation tracking in partnership with GRC/TPRM and engineering teams
• Develop playbooks, automation, and operational processes to scale threat operations capabilities

• Lead penetration testing programs across application, cloud, network, infrastructure, mobile, and SaaS environments
• Plan and execute Red Team and Purple Team operations, breach & attack simulations (BAS), and adversary emulation exercises informed by real‑world threat intelligence
• Oversee the Vulnerability Disclosure Program (VDP) and External Attack Surface Management (EASM) validation activities
• Translate offensive findings into prioritized, risk‑ranked remediation actions and validate effectiveness of security controls and detection capabilities
• Lead targeted risk assessments and custom exercises (e.g., tabletop simulations, physical security testing, social engineering campaigns)

• Lead, mentor, and scale a high‑performing global team of managers, senior analysts, and technical leads across the US and UK
• Foster a culture of innovation, accountability, continuous improvement, and technical excellence
• Manage capacity planning, headcount budgeting, and resource allocation across multiple towers and regions
• Drive continuous improvement through automation, process maturity, and threat‑informed testing

• 10+ years of progressive cybersecurity experience across offensive and defensive domains
• 5+ years of direct leadership experience managing cybersecurity teams, including people managers
• Deep expertise in penetration testing, red teaming, threat hunting, insider risk, and/or CTEM
• Expert‑level understanding of adversarial tactics, techniques, and procedures (TTPs), the cyber kill chain, and MITRE ATT&CK framework
• Extensive experience leading teams that emulate threat activities and understanding the stages of a cyber‑attack (reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
• Experience leading global, geographically distributed teams and managing large‑scale security programs in…