Offensive Security Senior Manager

Overview

Job Title: Offensive Security Senior Manager

Business Function: Cyber Security

Location: Kingston Head Office / Bangalore

Unilever is a global leader in Food, Home and Personal Care products with sales in over 190 countries and 3.4 billion consumers daily. Unilever’s purpose is to make sustainable living commonplace. The Cyber Security team is a global, product-led function aligned to the NIST Cyber Security Framework, delivering capabilities across governance, protection, detection, response, and recovery.

Job Purpose

We are looking for a technically exceptional and visionary Senior Manager to lead our Offensive Security function. This role is strategic and hands-on, responsible for delivering high-impact penetration testing, attack surface management, and a mature bug bounty program. The ideal candidate will be a transformation leader with deep technical expertise in offensive security and a passion for building purple team capabilities that proactively identify and close control gaps across the enterprise.

The Senior Manager – Offensive Security will lead the evolution of our offensive security capabilities, delivering penetration testing, managing attack surface, and overseeing a global bug bounty program. The role requires identifying control gaps, advancing purple team maturity, and leading high-performing teams in a threat-informed environment.

Responsibilities

• Technical Leadership & Execution
  • Personally lead and execute advanced penetration tests, red/purple team exercises, and adversary emulation campaigns across cloud, application, and infrastructure layers.
  • Identify and exploit vulnerabilities to simulate real-world attack scenarios, validate detection and response capabilities, and uncover control gaps.
  • Develop and maintain a Purple Team playbook tailored to business-specific technologies and threat models.
  • Integrate offensive findings into SOC tuning, detection engineering, and control validation workflows.
• Program Ownership
  • Own and evolve the offensive security roadmap, including internal testing services, external bug bounty operations, and attack surface management.
  • Establish and lead a Purple Team Steering Committee with cross-functional stakeholders from Cyber, OT, R&D, and Business Units.
  • Drive quarterly purple team exercises and ensure findings are embedded into the broader Cyber Transformation roadmap.
• Team Building & Transformation
  • Build and mentor a global team of offensive security engineers and red teamers.
  • Lead the transformation from traditional pentesting to intelligence-driven, continuous offensive security.
  • Foster a culture of innovation, experimentation, and continuous learning.
• Collaboration & Influence
  • Partner with Threat Intelligence, SOC, and Engineering teams to contextualize findings and drive remediation.
  • Communicate technical findings clearly to both technical and executive audiences.
  • Influence security architecture and product design through early engagement and threat modeling.

Requirements

• Advanced Penetration Testing: Deep experience conducting and leading penetration tests across web applications, APIs, cloud environments (Azure, AWS, GCP), and enterprise infrastructure.
• Red and Purple Teaming: Expertise in adversary emulation, threat-informed defense, and purple team exercises that validate detection and response capabilities.
• Attack Surface Management: Familiarity with ASM platforms and methodologies to continuously identify, assess, and reduce external exposure.
• Bug Bounty Program Management: Experience managing or collaborating with external bug bounty platforms (e.g., HackerOne, Bugcrowd), including triage and remediation workflows.
• Exploit Development & Vulnerability Research: Ability to identify and exploit zero-day and known vulnerabilities, and develop custom proof-of-concept exploits.
• Tool Proficiency
• Offensive tools: Cobalt Strike, Metasploit, Burp Suite, Nmap, BloodHound, Covenant, Sliver
• Scripting: Python, PowerShell, Bash
• Automation: CI/CD integration for security testing, custom tooling for red team automation
• Detection Engineering Collaboration: Translate offensive findings into detection logic and partner with SOC teams to improve alerting and response.
• Threat Modelling & MITRE ATT&CK: Strong understanding of attacker TTPs and ability to map findings to frameworks like MITRE ATT&CK and the Cyber Kill Chain.
• Cloud Security Testing: Hands-on experience with offensive techniques in cloud-native environments, including IAM misconfigurations, container escape, and serverless exploitation.
• Security Control Validation: Experience assessing the effectiveness of EDR, WAF, IAM, and other security controls through offensive testing.

Experience

• 15+ years in cybersecurity, with 5+ years in offensive security and team leadership.
• Hands-on experience with red/purple teaming, adversary emulation, and vulnerability exploitation.
• Proficiency with tools such as Cobalt Strike, Metasploit, Burp Suite, BloodHound, and custom scripting.
• Strong understanding of MITRE ATT&CK, cyber kill chain, and threat-informed defense.
• Experience integrating offensive security into CI/CD pipelines and cloud-native environments.
• Relevant certifications (e.g., OSCP, OSCE, CRTO, GXPN) strongly preferred.

Behaviours

Candidates would be required to demonstrate the Unilever Standards of Leadership & Values through the following behaviours:

• Agility – Flexes leadership style and plans to meet changing situations with urgency. Learns from the past, envisions the future, and challenges the status quo.
• Personal Mastery – Builds wellbeing and resilience; demonstrates emotional intelligence and openness to feedback.
• Passion for High Performance – Inspires energy and focus to deliver results at speed.

Notes

About Unilever: Unilever is a leading global supplier with brands including Dove, Persil, Ben & Jerry’s, Marmite, and more. We are committed to equity, diversity, and inclusion and strive for a welcoming, inclusive workplace. We offer flexible working options where possible and provide wellbeing support.

Recruitment Fraud: Be vigilant for recruitment fraud. Unilever does not ask for payment or background checks up-front. If you encounter suspected fraud, report via Una Live Chat. We do not accept responsibility for candidates financially impacted by fraud.

#J-18808-Ljbffr