Role Purpose
The Senior Manager – Cyber Security Engineering will lead the design and execution of Continuous Security Validation (CSV) capabilities across cloud, infrastructure, and AI/ML environments. The role focuses on transitioning from traditional periodic penetration testing to automated, continuous adversarial testing and control validation, ensuring security controls remain effective against evolving threats.
This position operates within the 1st Line of Defense (1LoD), validating controls against 2LoD-approved threat scenarios, while enabling continuous assurance through automation, threat intelligence integration, and measurable remediation outcomes.
Key Responsibilities
1. Continuous Security Validation (CSV) Delivery
- Operate continuous security validation pipelines across:
- Cloud and infrastructure environments (AWS Security Agent or equivalent)
- AI/ML systems and model supply chain
- Ensure validation is executed on every significant deployment
- Map validation coverage to a 2LoD-approved threat coverage matrix
- Drive shift from manual, periodic pentesting to automated, continuous control validation frameworks
2. Threat Intelligence Integration & Operationalization
- Own and enforce a 7-day Threat Intelligence SLA
- Ingest and operationalize threat data from:
- MITRE ATLAS
- OWASP LLM Top 10 / threat feeds
- Automate ingestion workflows via Jira and security tooling integrations
- Translate emerging threats into test cases and adversarial simulations within 7 days
- Continuously enhance test coverage based on new attack techniques
3. Findings Management & Remediation Governance
- Aggregate and normalize findings across tools and pipelines
- Manage vulnerability lifecycle using:
- DefectDojo → Attestation workflow
- Deduplicate findings and enforce severity-based prioritization
- Implement MTTR-based remediation SLAs and enforce deployment gating controls
- Prevent release of applications or infrastructure that do not meet defined security thresholds
4. Metrics, Dashboards & Reporting
- Build and maintain Power BI dashboards to track:
- Open vulnerabilities
- Mean Time to Remediate (MTTR)
- Pipeline Gate Pass Rate
- Prompt Injection Block Rate
- Provide actionable insights to:
- CISO
- Engineering leadership
- Risk and governance forums
- Use metrics to drive continuous security posture improvement
5. Offensive Security & Adversarial Testing
- Lead continuous adversarial testing programs, including:
- Blue-team driven validation against known threat scenarios
- AI red-teaming activities
- Utilize advanced tools such as:
- AWS Security Agent / Horizon3 (or equivalent)
- Garak, PyRIT for AI red teaming
- Claude Security (Opus 4.x), Codex (controlled offensive usage)
- Design test scenarios aligned with:
- MITRE ATLAS framework
- OWASP LLM Top 10 risks
6. Governance & 3 Lines of Defense Alignment
- Operate clearly within the 1LoD/2LoD boundary:
- Execute control validation (blue team) against known scenarios
- Support but do not replace independent 2LoD red team testing
- Ensure activities are aligned with 2LoD-approved policies and threat models
- Provide evidence and assurance outputs for audit and regulatory requirements
- Collaborate with risk and compliance teams on security validation outcomes
Qualifications & Experience
Experience
- 8–10 years of experience in:
- Cybersecurity engineering
- Offensive security / penetration testing / adversarial simulation
- Proven experience transitioning from:
- Manual pentesting → automated continuous validation models
- Experience working in banking or regulated environments is strongly preferred
Certifications
Mandatory
Preferred
- GIAC GPEN or GXPN
- GIAC GMLE (Machine Learning Engineer) or equivalent AI-security certification
- Anthropic Cyber Verification Program enrolment (for controlled offensive AI usage)
- CREST CCT (highly desirable in regulated banking environments)
Technical Skills
- Strong expertise in:
- Continuous security validation frameworks
- Offensive security tools and methodologies
- Hands-on experience with:
- Autonomous pentesting tools (e.g., Horizon3, AWS Security Agent)
- DefectDojo or similar vulnerability management platforms
- Working knowledge of:
- AI/LLM security threats and mitigation
- OWASP LLM Top 10 vulnerabilities
- MITRE ATT&CK and MITRE ATLAS frameworks
- Proficiency in:
- Automation and scripting (Python, Bash, etc.)
- CI/CD pipeline integrations and DevSecOps practices
Leadership & Soft Skills
- Strong leadership with ability to guide engineering and validation teams
- Analytical mindset with attention to risk prioritization and outcomes
- Ability to communicate complex findings to senior stakeholders
- Strong governance awareness and regulatory sensitivity
Key Competencies
- Continuous Security Validation
- Offensive Security & Adversarial Testing
- AI/LLM Security
- Threat Intelligence Operationalization
- DevSecOps Integration
- Risk & Control Validation (1LoD/2LoD Alignment)
Ideal Candidate Profile
- Deep technical expert with strong offensive and validation experience
- Proven ability to implement continuous, automated security assurance models
- Hands-on exposure to AI security testing and adversarial frameworks
- Experience operating within regulated environments and structured risk models (3LoD)
- Strong balance of technical depth, governance understanding, and leadership capability
