The Offensive Security Manager will report to the Senior Manager/Capability Area manager - Threat Management and will manage the Offensive Security team which consists of employees and contractors at our Center Of Excellence in Bucharest, Romania. The offensive security manager will help mature the Offensive Security Team’s services and deliverables by effectively supporting the following:
The Offensive Security Manager will be on the front lines with our internal stakeholders supporting them with their Product, Infrastructure and Cloud Offensive Security and Security Assurance requirements. Manage our Offensive Security team to provide cyber attack simulations and offensive security services in-house and externally facilitated services such as (but not limited to): Purple Team Exercises, Web and Infrastructure Penetration Testing , Compromise Assessments, Cloud Penetration Testing and a variety of ad-hoc custom assessments to identify threats and security weaknesses.
This role provides a hybrid way of working with an onsite presence of 2 days/week.
Key Job Responsibilities and Duties

• Drive a complete, end-to-end threat led offensive security program that includes internally and externally performed purple teams, red teams, attack path maps and full stack penetration tests.
• Define assessment scope and objectives that are aligned with the business needs and guide the team to execute realistic offensive security exercises to simulate real attacks, to test and improve our detection and response capabilities, and to identify how attackers could infiltrate and move inside our infrastructure.
• Create scenarios that advanced attackers might use to compromise our security defenses and guide the team to emulate both the techniques used by known threat actors and create new techniques that attackers might attempt in the future.
• Work closely with other security, product and infrastructure teams to design defense-in-depth controls that limit attackers' ability to move inside our network.
• Review comprehensive assessment reports and findings produced by your team and the vendor that are technical and managerial to describe the engagement, scope, risks, and remediation recommendations
• Ensure Booking.com’s compliance to regulatory requirements by delivering the services that are in offensive security scope.
• Liaisoning between technical teams and executive level professionals to relay relevant testing results and findings
• Design and develop offensive security policies, standards, and procedures
• Work with the Threat Management Capability Area manager to understand business expectations, key initiatives, and set meaningful yearly goals for the Offensive Security Team.
• Ensures that Offensive Security is actively, timely and appropriately involved to support product Go-Live, incident management, response and recovery.
• Perpetually strengthen relevant skills, knowledge, and abilities to stay at the forefront of the information security industry

People Management

• Being an offensive security tech manager but also a manager of a team of up to 6 FTEs.
• Lead a multi-disciplined, cross-functional in-house and vendor teams (consisting of penetration testers and contractors) to achieve departmental and capability objectives.
• Lead and support the delivery of offensive security assessments for new and key existing Booking.com products, systems and networks by mentoring and motivating the responsible team members and by maintaining an effective workload balance within the team.
• Drive continuous improvements and operational efficiency in the Offensive Security Team, supporting the appropriate resourcing and budgeting allocation to each area of focus and ensuring that the organization and people are set up to deliver.
• Provide technical and administrative oversight and guidance to junior members of the team while performing technical operations
• Mentor team members and support their development with personal development plans

Benefits:

• Health insurance
• Prepaid medical subscription (Regina Maria)
• Life insurance
• Meal vouchers
• Learning wallet
• Travel benefit
• Annual vacation leave of 25 business days, pro rata with the working period
• Birthday day off
• Summer break (short Fridays during summer)
• Work from Abroad program (up to 20 days/year in EU)
• Floating days off
• 2 Volunteer days/ year
• Home office one-time bonus
• Bookster
• Linkedin learning platform
• Headspace
• Employee discounts (travel, gym, dental, vision)