Offensive Security | Manager

Job Requisition ID: 40960

• Be part of market-leading projects with global scale and complexity

• Mentoring, coaching and leadership programs to help you make an impact that matters

• Reimbursements for professional development and subsidised qualifications

What will your typical day look like?

From scoping new opportunities through to delivery and client close-out, you'll lead penetration testing engagements across web applications, APIs, infrastructure, cloud, mobile and adversary simulation. You'll help shape the testing approach, oversee quality, review findings and make sure recommendations are clear, practical and tailored to each client's environment.

Just as important is the role you'll play inside the team. You'll coach and mentor testers across multiple engagements, support capability uplift through knowledge sharing and QA, and help strengthen our methodologies, reporting standards and service offerings as the threat landscape keeps evolving.

About the team

Deloitte's Offensive Security team sits within our broader Cyber practice, helping organisations understand how resilient they really are against real-world threats. The team works across penetration testing, application and API security, cloud and infrastructure testing, red teaming and adversary simulation to uncover vulnerabilities before they can be exploited. It's a team for people who enjoy technical depth, variety and working closely with clients to turn findings into meaningful security outcomes.

Enough about us, let's talk about you

You may have all or some of the following skills/experiences:

- Experience leading penetration testing engagements and teams, ideally in a consulting or client-facing environment

- Strong hands-on capability in web application and API testing, with broader exposure across infrastructure, cloud, mobile, wireless or red team engagements

- Confidence managing client relationships, including scoping, planning, status updates, budgeting and presenting findings to technical and non-technical stakeholders

- The ability to coach, mentor and develop others while maintaining high standards across delivery and reporting

- Recognised certifications such as OSCP, CRT, OSCE, OSWE, OSEP, CISSP or similar

- Strong written communication skills, including report writing, proposal support and clear remediation advice linked to business risk

- Experience with common offensive security tools, testing frameworks and methodologies such as OWASP, NIST, OSSTMM, Burp Suite, Kali Linux or similar

- Nice to have - experience contributing to service development, business development or complex multi-phase engagements