Lead, Offensive Security

Employment Type: Full-time

Position Overview

Become a part of our caring community and help us put health first. The Lead, Offensive Security, owns the strategic roadmap for the Breach and Attack Simulation (BAS) program. This role makes complex decisions across multiple service lines, influences cross-functional teams throughout the organization, and translates technical findings into business impact. You will shape the future of our BAS program while addressing problems of substantial scope and complexity.

The Bigger Picture

Join a 100% remote, highly specialized offensive security team where you will have access to Hack The Box Pro Labs, all HTB role-based training paths and certifications, discretionary certification funding, and conference/training budgets. These resources will enable you to continuously advance your expertise while working on industry-leading BAS challenges at scale. You will be part of Cyber Threat Simulation (CTS), collaborating with Red Team, Penetration Testing, and Bug Bounty professionals—highly specialized experts who identify vulnerabilities so the business can address them proactively. Fridays are dedicated to research and development, allowing the team to pursue training in emerging offensive security technologies, tools, large language models (LLMs), artificial intelligence, and other relevant topics.

Mission & Impact

Own the six-quarter roadmap to mature each BAS service line, including Threat Simulations, Pre-built Threat Simulations, Security Baselines, IOC Validation, and Synthetic Tests. Lead the expansion of our BAS platform across all cloud and on-premises segments, ensure seamless integration of reporting into our SOAR platform, and optimize the Findings-Analysis workstream to consistently deliver actionable insights with maximum efficiency.

Your week will involve collaborating with the CTI team to discuss recent threat actor campaigns, working with SRE to address requirements for deploying simulators in additional Cloud Service Provider environments, and reviewing TTP playbooks for upcoming quarterly threat simulations. You will also identify TTPs not currently included in the platform that require custom test case development, and present threat simulation results to engineering teams and their leadership. You will work directly in the console and provide mentorship to engineers as they debug issues.

Why it matters: BAS transforms security testing from point-in-time snapshots to continuous validation, ensuring that countermeasures are effective at scale before attackers have the opportunity to subvert them.

You'll Excel If

• You can manage multiple projects simultaneously.
• You enjoy programming in Python.
• You stay current with the latest TTPs and offensive security tooling.
• You can turn "we should test that" into "we already did, here's the evidence."

Key Responsibilities

Program Strategy

• Define the six-quarter plan across all BAS service lines, establishing KPIs and milestones.
• Advise CTS leadership on functional strategies.

Team Leadership

• Oversee project plans and backlogs.
• Identify budget opportunities.
• Coordinate with the Red Team, Endpoint Security Engineering, CTI, SIEM Engineering, CSOC, and various infrastructure teams.
• Mentor 1–3 BAS engineers.
• Review all campaign outputs.
• Develop custom test cases to supplement the platform’s built-in library where needed.

Platform Expansion

• Plan simulator deployments for additional network segments, Cloud Service Providers, business subsidiaries, and on-premises data centers.
• Manage technical prerequisites.
• Collaborate with systems owners to ensure the solution is operational and tests attack vectors relevant to their environment.

Operations

• Execute campaigns across all service lines.
• Prioritize threat actors (e.g., APT41, DPRK, FIN7, Scattered Spider) based on available threat intelligence and business priorities.
• Identify tests to validate the effectiveness of security countermeasures (DLP, EDR, NDR).

Application Instructions

• [Specific application instructions would be detailed here if provided.]

Company Information

• [Company-specific information would be detailed here if provided.]