Senior Security Consultant

Position Summary:

We are seeking a Senior Offensive Security Consultant with a strong knowledge of offensive

security practices and a proven ability to work independently. This role focuses on managing and

integrating security tools across the software development lifecycle, particularly within CI/CD

environments and containerized infrastructures. While hands-on offensive testing experience is not

mandatory, the candidate must demonstrate a deep understanding of offensive security

methodologies and tooling.

The ideal candidate will possess an awareness of the latest AI-driven security tooling and use cases

for the software development lifecycle for the purpose of implementing scalable technical solutions. In

addition, the candidate will be a self-starter who can operate autonomously, communicate effectively

across technical and business teams, and drive security initiatives with minimal oversight.

Key Responsibilities:

Security Tool Management & Integration

 Own the deployment, configuration, and maintenance of:

o Static Application Security Testing (SAST) tools

o Dynamic Application Security Testing (DAST) tools

o Breach and Attack Simulation (BAS) tools

o Container Security Solutions (e.g., image scanning, runtime protection)

 Integrate security tools into CI/CD pipelines to enable automated and continuous security

validation.

 Monitor tool performance, ensure scalability, and optimize configurations for accuracy and

efficiency.

Security Strategy & Enablement

 Provide strategic guidance on offensive security practices including:

o Vulnerability identification

o Exploitation techniques

 Support red team and penetration testing efforts by enabling tooling and providing technical

insights.

 Collaborate with development, DevOps, and cloud teams to embed security early in the SDLC.

Container & Cloud Security

JD- Senior Offensive Cybersecurity

Specialist

 Evaluate and enhance the security posture of containerized environments (e.g., Docker,

Kubernetes).

 Implement container image scanning, runtime protection, and orchestration security best

practices.

 Work with cloud-native security tools and configurations across AWS, Azure, or GCP.

Autonomous Execution & Ownership

 Take full ownership of assigned projects and deliverables with minimal supervision.

 Proactively identify gaps in security tooling, processes, or coverage and propose solutions.

 Maintain documentation, dashboards, and reporting mechanisms for tool usage and

effectiveness.

Communication & Collaboration

 Translate technical findings into clear, actionable insights for both technical and non-technical

stakeholders.

 Present risk assessments, tool evaluations, and remediation strategies to leadership.

 Mentor junior team members and contribute to internal knowledge sharing and training

initiatives.

Required Qualifications and Experience:

 University graduate in Computer Science subject

 Strong understanding of offensive security concepts and frameworks, including MITRE

ATT&CK, vulnerability exploitation, DevSecOps and OWASP top ten projects.

 Experience managing or integrating SAST, DAST, attack simulation, and container

security tools into CI/CD platforms (e.g., Jenkins, GitLab CI, Azure DevOps)

 Awareness of current breach and attack simulation platforms and AI-driven CI/CD pen testing

solutions and their use cases (e.g., Cytix, SafeBreach, AttackIQ, Cymulate).

 Strong knowledge of container and kubernetes security

 Ability to work independently and manage multiple priorities in a fast-paced environment.

 Excellent verbal and written communication skills.

Preferred Qualifications and Experience:

 Certifications such as OSCP, CRTO, OSCE, or equivalent.

 Experience of streamlining SDLC processes and workflows using AI techniques and

approaches

 Experience with cloud platforms (AWS, Azure, GCP) and their native security services.

JD- Senior Offensive Cybersecurity

Specialist

Framework & Boundaries:

 Group’s overall strategic plan.

 Applicable policies and procedures.

 Delegated authorities as per the delegation of authority structure.

 Instructions of the Head of Cyber Risk Assessments and Group Chief Information Security

Officer

Communications & Working Relationships:

 Divisional/departmental personnel and all other related divisional/departmental personnel

across the Group.

What We Offer:

 A dynamic and autonomous work environment.

 Opportunities to influence security strategy and tooling across the organization.

 Access to cutting-edge technologies and security platforms.

 A collaborative team culture focused on innovation and continuous improvement.