Senior Manager - Offensive Security

Nopal Cyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal
360° platform, our Nopal Go mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client’s needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes.

Nopal Cyber lowers the barrier to entry while raising the bar for security and service.

Job responsibilities:

Own and scale the Offensive Security Practice , including strategy, capability development, revenue growth, and market positioning.
Provide executive oversight for  Attack Surface Management, Penetration Testing, Red Teaming, and Cloud VAPT engagements , ensuring delivery excellence, quality control, and consistency across client portfolios.
Lead the  end-to-end lifecycle of complex offensive security programs  (Application Security, API, Mobile, IoT, Infrastructure, Cloud), aligning delivery with client risk posture and business objectives.
Establish and mature  standardized methodologies, frameworks, and quality assurance processes  across penetration testing, red teaming, source code review, and DAST/SAST initiatives.
Drive the evolution of the  Red Team and Adversary Simulation capabilities , incorporating threat intelligence, emerging attack vectors, and advanced tradecraft.
Build, mentor, and retain a high-performing team of security consultants, team leads, and architects; define competency frameworks and certification roadmaps.
Act as the  executive escalation point  for high-risk engagements, ensuring technical depth, stakeholder confidence, and actionable remediation strategies.
Partner with Sales and Account teams to support  solutioning, proposal development, RFP responses, and client presentations , contributing to revenue expansion and practice growth.
Define engagement scope, success metrics, and governance standards; track utilization, margins, and delivery KPIs for sustained practice profitability.
Provide strategic oversight for  Application Security programs , integrating threat modeling, secure code review, and Dev Sec Ops  practices into client environments.
Lead innovation initiatives by researching emerging technologies and evolving threat landscapes, translating insights into new service offerings and differentiators.
Present executive-level security briefings to CXOs and senior stakeholders, translating complex technical findings into business risk narratives.
Ensure all security deliverables — technical reports, risk assessments, and executive summaries — meet high standards of clarity, depth, and business relevance.

Job specifications:

Qualification:

• Bachelor’s degree in Engineering or closely related coursework in technology
development disciplines

• Certifications like OSCP, CEH, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN are desirable

Experience:

• Total Experience – 15+ years

Desired Skills & Experience
OSCP and/or OSCE certified (preferred).
Strong understanding of  Secure SDLC  and modern application security practices.
Deep knowledge of  OWASP Top 10 , common attack vectors, and offensive testing methodologies.
Hands-on expertise with leading security tools (e.g., Nmap, Metasploit, Burp Suite, Kali, Cobalt Strike).
Proven experience in  Cloud Security Testing  (AWS, GCP, Azure) and  Mobile Penetration Testing  (iOS/Android).
Experience in  Microservices and Kubernetes security testing .
Ability to identify and exploit vulnerabilities across modern tech stacks (C++, Java, JavaScript, Go, Python) and cloud-native environments.
Strong scripting/coding capability (Python, Go, Java, C/C++ preferred).
Passion for offensive security research and capability development.
Personal Attributes
Self-driven, proactive, and capable of operating with minimal supervision.
Strong analytical and problem-solving skills.
Excellent written and verbal communication skills, with the ability to engage cross-functionally and at leadership levels.
Comfortable working in fast-paced, high-pressure environments while maintaining attention to detail.