Senior Manager, Offensive Security

ROLE SUMMARY

 

Our Global Cyber Defense team is responsible for safeguarding Pfizer’s digital assets and infrastructure through proactive threat detection, response, and risk mitigation across on-premises, cloud, and hybrid environments.

 

The Senior Manager, Offensive Security is responsible for leading enterprise offensive security capabilities that proactively identify, validate, and prioritize security weaknesses across the digital environment. Reporting to the Director of Threat & Exposure Management, this role oversees activities such as penetration testing, red and purple team exercises, and adversary simulation to continuously assess the organization’s exposure to real‑world threats. Operating within a highly regulated pharmaceutical environment, the role partners closely with detection, remediation, engineering, and risk teams to translate offensive findings into measurable risk reduction and improved defensive outcomes.
 

ROLE RESPONSIBILITIES

• Lead the offensive security capability, including strategy, roadmap, and execution of enterprise penetration testing, red teaming, and adversary simulation activities.

• Plan and oversee offensive testing across applications, cloud platforms, networks, and endpoints to identify exploitable weaknesses and control gaps.

• Design and execute threat‑informed testing scenarios aligned to real‑world adversary tactics, techniques, and procedures.

• Partner with Threat Detection, Vulnerability Management, and Remediation teams to validate findings, prioritize exposures, and drive effective risk reduction.

• Partner with Threat Detection team to validate and improve logging, alerting, and response effectiveness.

• Ensure offensive security activities are safely executed, well‑governed, and aligned with legal, regulatory, and operational constraints.

• Lead third‑party penetration testing and red team vendor engagements as needed.

• Develop reporting and metrics that clearly communicate exposure, attack paths, and defensive effectiveness to Cyber Defense leadership.

• Continuously evolve offensive security techniques, tooling, and methodologies to reflect the changing threat landscape.

• Stay current on emerging attacker techniques, tools, and threat actor behaviors relevant to pharma and life sciences.

BASIC QUALIFICATIONS

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related technical discipline, or equivalent hands‑on experience.

• 7+ years of experience in cybersecurity, with significant hands‑on experience in offensive security, penetration testing, or red team operations.

• Strong hands‑on knowledge of:

  • Red team and adversary emulation methodologies (MITRE ATT&CK–aligned)

  • Application, cloud, network, and identity penetration testing

  • Social engineering and phishing simulations (where appropriate)

  • Tooling and frameworks commonly used in offensive security

• Solid understanding of modern enterprise environments (cloud, SaaS, hybrid).

• Proven ability to communicate complex technical findings to both technical and executive audiences.

• Experience in leadership and mentoring.

• Experience operating in highly regulated, global environments.

• Demonstrated experience in an agile work environment possessing qualities such as a collaborative mindset, adaptability to change, and a proactive problem-solving approach.

PREFERRED QUALIFICATIONS

• Experience in pharmaceutical, biotech, life sciences, or similarly regulated industries.

• Experience with cloud-native red teaming (AWS, Azure, GCP) and identity-centric attack paths.

• Familiarity with detection engineering, SIEM/SOAR, and threat intelligence workflows.

• Professional certifications such as OSCP, OSEP, CRTO, CISSP, GIAC, or similar offensive security‑focused credentials.

• Strong communication skills, with the ability to clearly articulate technical risk, attack feasibility, and business impact to senior technical and non‑technical stakeholders.

Please apply by sending your CV in English.

Work Location Assignment: Hybrid

Information & Business Tech