Jobs · Information Technology · Texas

Director of Offensive Security

NorthMark Compute & Cloud · Dallas, TX · 2 wk ago
Information TechnologyFull-time

Responsibilities

  • Build and run a continuous red team program against the production NMC² environment: HPC clusters, multi-tenant Kubernetes, bare-metal provisioning infrastructure, customer network fabric, identity plane, and the internal control surface itself (SIEM, EDR, IAM, PAM)
  • Execute adversary emulation campaigns aligned to MITRE ATT&CK v15 TTPs relevant to our threat model: financially motivated access brokers, APT groups with demonstrated interest in research computing and scientific workloads, and insider threat scenarios covering privileged operator abuse
  • Independently validate detection and response efficacy: every red team operation produces a detection coverage report measured against the SOC and IR functions, including time-to-detect, time-to-contain, and detection gap inventory by ATT&CK technique
  • Own the purple team feedback loop: every undetected TTP becomes a tracked detection engineering deliverable with owner and SLA, every detected-but-unresponded TTP becomes a tracked IR playbook deliverable
  • Run continuous attack surface validation against production, not just pre-production, with a documented rules-of-engagement framework, blast radius controls, and CISO-level authorization gates for destructive or high-risk techniques
  • Lead threat-led penetration testing of the HPC-specific attack surface: Slurm and workload manager abuse, GPU driver and firmware attack paths, InfiniBand and RDMA fabric isolation, scheduler privilege escalation, cross-tenant lateral movement in shared compute, and scientific software supply chain compromise
  • Own offensive validation of cloud and Kubernetes controls: IAM boundary testing, cross-account and cross-tenant escape attempts, container breakout chains, service mesh bypass, admission controller evasion, and secrets management integrity
  • Drive threat modeling at design stage for new platform capabilities and major architecture changes, producing adversarial design reviews that the CISO signs off on before build
  • Manage the external pentest and red team vendor portfolio: scoping, vendor selection, quality control of deliverables, and integration of external findings into the internal remediation tracking system
  • Build and maintain the offensive tooling stack including custom implants, C2 infrastructure, and internal exploit development capability, with clear controls on tool custody, source code management, and destruction protocols
  • Define and publish offensive security KPIs to CISO and board level: coverage against MITRE ATT&CK technique inventory, mean time to compromise from assumed-breach scenarios, control validation pass rate by control family, remediation velocity on P1 and P2 findings, and repeat finding rate
  • Issue formal assessment reports using CWE classification, CVSS v3.1 base and environmental scoring, and explicit exploitation evidence; findings are attestations, not suggestions
  • Champion an adversarial engineering culture across Platform and Security Engineering through documented attack patterns, regular internal briefings, and integration of offensive findings into developer tooling and CI/CD gates

Requirements

  • 15+ years in offensive security with demonstrated hands-on depth across at least three of: network penetration testing, red team operations, cloud penetration testing, application exploitation, hardware and firmware attack research, or advanced adversary emulation
  • 5+ years leading offensive security teams, including direct accountability for hiring specialized offensive talent, managing operational security of red team infrastructure, and operating under formal rules of engagement against production systems
  • Demonstrated red team leadership against mature target environments: environments with functioning SOC, EDR, and IR capability, not greenfield pentest targets
  • Deep operational fluency with MITRE ATT&CK v15 and ATT&CK Navigator for coverage mapping, adversary emulation planning using frameworks such as MITRE CALDERA or Atomic Red Team, and purple team execution models
  • Strong command of cloud and container offensive tradecraft: Kubernetes attack paths, cloud IAM privilege escalation chains, service mesh and sidecar abuse, and multi-tenant isolation testing
  • Penetration Testing domain (Control 18) experience: experience with CWE, CVSS v3.1 and v4.0, OWASP Top 10, SANS CWE Top 25, and the CIS Controls v8
  • Experience integrating offensive findings into engineering workflow systems (Jira or equivalent) with enforceable SLA tracking, not report-and-walk-away engagements
  • Exceptional written communication: findings must stand up to scrutiny from engineering leadership who will push back, and from auditors and customers who will consume the output
  • Preferred OSCP, OSEP, OSED, GXPN, GPEN, or CRTO certifications; CISSP alone is not sufficient evidence of hands-on offensive capability
  • Prior experience building an offensive security function from scratch, not inheriting an existing one
  • HPC, bare-metal, or hyperscale data center offensive assessment experience
  • Background in threat intelligence consumption for adversary emulation planning (CTI-led red teaming)
  • Experience with sovereign cloud, export-controlled, or financial services customer environments

Similar jobs

Director of Security

Columbia Grammar and Preparatory SchoolNew York, NY· 1 wk ago
Information Technology

Director of Security

Orlando MagicOrlando, FL· 1 wk ago
Information Technologyapply on recruiting.ultipro.com

Director of Security

Sheppard PrattTowson, MD· 1 wk ago
Information Technologyapply on recruiting.ultipro.com