Director of Offensive Security
NorthMark Compute & Cloud · Dallas, TX · 2 wk ago
Information TechnologyFull-time
Responsibilities
- Build and run a continuous red team program against the production NMC² environment: HPC clusters, multi-tenant Kubernetes, bare-metal provisioning infrastructure, customer network fabric, identity plane, and the internal control surface itself (SIEM, EDR, IAM, PAM)
- Execute adversary emulation campaigns aligned to MITRE ATT&CK v15 TTPs relevant to our threat model: financially motivated access brokers, APT groups with demonstrated interest in research computing and scientific workloads, and insider threat scenarios covering privileged operator abuse
- Independently validate detection and response efficacy: every red team operation produces a detection coverage report measured against the SOC and IR functions, including time-to-detect, time-to-contain, and detection gap inventory by ATT&CK technique
- Own the purple team feedback loop: every undetected TTP becomes a tracked detection engineering deliverable with owner and SLA, every detected-but-unresponded TTP becomes a tracked IR playbook deliverable
- Run continuous attack surface validation against production, not just pre-production, with a documented rules-of-engagement framework, blast radius controls, and CISO-level authorization gates for destructive or high-risk techniques
- Lead threat-led penetration testing of the HPC-specific attack surface: Slurm and workload manager abuse, GPU driver and firmware attack paths, InfiniBand and RDMA fabric isolation, scheduler privilege escalation, cross-tenant lateral movement in shared compute, and scientific software supply chain compromise
- Own offensive validation of cloud and Kubernetes controls: IAM boundary testing, cross-account and cross-tenant escape attempts, container breakout chains, service mesh bypass, admission controller evasion, and secrets management integrity
- Drive threat modeling at design stage for new platform capabilities and major architecture changes, producing adversarial design reviews that the CISO signs off on before build
- Manage the external pentest and red team vendor portfolio: scoping, vendor selection, quality control of deliverables, and integration of external findings into the internal remediation tracking system
- Build and maintain the offensive tooling stack including custom implants, C2 infrastructure, and internal exploit development capability, with clear controls on tool custody, source code management, and destruction protocols
- Define and publish offensive security KPIs to CISO and board level: coverage against MITRE ATT&CK technique inventory, mean time to compromise from assumed-breach scenarios, control validation pass rate by control family, remediation velocity on P1 and P2 findings, and repeat finding rate
- Issue formal assessment reports using CWE classification, CVSS v3.1 base and environmental scoring, and explicit exploitation evidence; findings are attestations, not suggestions
- Champion an adversarial engineering culture across Platform and Security Engineering through documented attack patterns, regular internal briefings, and integration of offensive findings into developer tooling and CI/CD gates
Requirements
- 15+ years in offensive security with demonstrated hands-on depth across at least three of: network penetration testing, red team operations, cloud penetration testing, application exploitation, hardware and firmware attack research, or advanced adversary emulation
- 5+ years leading offensive security teams, including direct accountability for hiring specialized offensive talent, managing operational security of red team infrastructure, and operating under formal rules of engagement against production systems
- Demonstrated red team leadership against mature target environments: environments with functioning SOC, EDR, and IR capability, not greenfield pentest targets
- Deep operational fluency with MITRE ATT&CK v15 and ATT&CK Navigator for coverage mapping, adversary emulation planning using frameworks such as MITRE CALDERA or Atomic Red Team, and purple team execution models
- Strong command of cloud and container offensive tradecraft: Kubernetes attack paths, cloud IAM privilege escalation chains, service mesh and sidecar abuse, and multi-tenant isolation testing
- Penetration Testing domain (Control 18) experience: experience with CWE, CVSS v3.1 and v4.0, OWASP Top 10, SANS CWE Top 25, and the CIS Controls v8
- Experience integrating offensive findings into engineering workflow systems (Jira or equivalent) with enforceable SLA tracking, not report-and-walk-away engagements
- Exceptional written communication: findings must stand up to scrutiny from engineering leadership who will push back, and from auditors and customers who will consume the output
- Preferred OSCP, OSEP, OSED, GXPN, GPEN, or CRTO certifications; CISSP alone is not sufficient evidence of hands-on offensive capability
- Prior experience building an offensive security function from scratch, not inheriting an existing one
- HPC, bare-metal, or hyperscale data center offensive assessment experience
- Background in threat intelligence consumption for adversary emulation planning (CTI-led red teaming)
- Experience with sovereign cloud, export-controlled, or financial services customer environments