Bread Financial
Website:
breadfinancial.com
Job details:
Job Summary:
The Manager, Cyber Security Engineering & Offensive Security will lead a dual‑focused security engineering function responsible for:
- Building & automating modern security capabilities across cloud, applications, and infrastructure, and
- Leading a continuous penetration testing team that conducts offensive security assessments across applications, APIs, servers, cloud workloads, and the entire technology landscape.
This leader must bring deep technical capability in AWS cloud security, application security, and security tooling, combined with strong experience in pentest operations, automation, and engineering-first problem solving.
The Manager will drive innovation in security automation, integrate AI/agentic capabilities to scale pen testing and detection, and mature offensive security into a proactive, engineering-led capability.
Essential Job Functions
1. Security Engineering Leadership (25%)
- Lead the architecture, engineering, and continuous improvement of security controls across AWS, applications, APIs, containers, and on‑premise systems.
- Oversee engineering of security tools including EDR/XDR, SIEM, WAF, DNS security, CASB, SASE/SWG, DLP, vulnerability tooling, and logging pipelines.
- Provide hands-on guidance in cloud security (AWS), security architectures, automation, API integrations, IaC, and secure-by-design patterns.
2. Offensive Security & Continuous Pentesting (25%)
- Lead an internal team of pentesters conducting continuous penetration testing of applications, APIs, network, servers, cloud assets, and third-party integrations.
- Oversee design and execution of offensive assessments, adversary simulations, red teaming activities, and threat-driven pentest campaigns.
- Ensure findings are triaged, prioritized, communicated clearly, and tied to measurable remediation outcomes.
3. Automation-Driven Pentesting & AI-Enhanced Security (20%)
- Drive development of automated pentest workflows, tooling, and frameworks to expand coverage, frequency, and speed of findings.
- Integrate agentic AI, LLMs, and security automation to augment testing, reconnaissance, vulnerability chaining, and exploitation simulation.
- Build reusable tooling and platforms that enable scalable, repeatable, automated offensive security.
4. Engineering Delivery, Quality & Collaboration (15%)
- Partner with Application Engineering, Platform Engineering, SOC, IAM, and Product Security to embed detection, protection, and secure design.
- Translate security requirements into engineer-friendly architectures and reusable patterns.
- Own backlog, prioritization, sprint planning, and delivery for both engineering and pentest teams.
- Drive maturity of security logging, telemetry pipelines, and cloud-native security services.
5. Leadership, People Management & Talent Growth (15%)
- Mentor and grow a team of security engineers and pentesters, creating strong capability in cloud security, application security, and offensive techniques.
- Build a learning culture that encourages certifications, deep technical mastery, and security innovation.
- Establish a high-performance environment with clear goals, coaching, and skill development.
Minimum Qualifications
- Bachelor’s degree in computer science, Engineering, Cybersecurity, or related field
- 7+ years of experience in security engineering, cloud security, application security, offensive security, or penetration testing
- Hands-on experience securing AWS: IAM, KMS, GuardDuty, Inspector, VPC, WAF, CloudTrail, Lambda, S3, API Gateway, etc.
- Experience leading pentest or red team activities (application, API, infrastructure, cloud)
- Strong understanding of modern security tools: SIEM, EDR/XDR, WAF, CASB, DLP, DNS Security, SASE/SWG
- Proficiency in Python, Go, PowerShell, Bash, or similar languages for automation
- Experience with IaC (Terraform/CloudFormation), CI/CD, and engineering pipelines
- Knowledge of NIST CSF, MITRE ATT&CK, Zero Trust, and cloud-native security models
Preferred Qualifications
- AWS Security Specialty, OSCP, OSWE, OSEP, GMOB, or similar pentest/offensive certifications
- Experience with red teaming, adversary simulation, threat modeling, and exploit development
- Strong understanding of Kubernetes, serverless security, microservices, and API security
- Experience applying AI/LLM/agentic models in cybersecurity automation or offensive security
- Prior experience building internal pentest automation platforms or tooling frameworks
Skills
- Cloud & Application Security (AWS preferred)
- Penetration Testing & Offensive Security
- Threat Modeling & Adversary Simulation
- Detection & Security Engineering
- IaC, CI/CD, Automation, API Integration
- EDR/XDR, SIEM, WAF, CASB, DLP, DNS Security
- AI/Agentic Security Applications
- Leadership & People Development
- Cross‑functional communication
Reports To: Senior Manager / Director, Cyber Security
Direct Reports: 3–8 (Security Engineers + Pentesters)
Click on Apply to know more.