Senior / Lead Security Engineer – Red Team & Offensive Security (IGT1 Lanka: Sitecore)

About the role:

Sitecore is seeking a proactive and technically skilled Security Engineer with a focus on Red Team and offensive security operations. This role will support security testing and hardening efforts across Sitecores cloudnative and SaaS products by leading and managing penetration testing vulnerability management bug bounty coordination and code security initiatives.

The engineer will work closely with product engineering teams security stakeholders and external partners to identify assess and drive the remediation of vulnerabilities. The ideal candidate should be deeply familiar with threat actors modern attack vectors and best practices for secure application and infrastructure design.
 

Key Responsibilities

Penetration Testing & Red Team Operations

• Own and manage the penetration testing calendar across products and infrastructure.
• Coordinate with external partners for scheduled and adhoc security testing.
• Analyze and triage findings produce detailed test reports and follow up on remediation efforts.

Vulnerability Management (Wiz)

• Perform regular scanning and analysis using Wiz for cloud and infrastructure vulnerabilities.
• Prioritize findings based on risk exploitability and business impact.
• Track and report on remediation progress across teams and ensure compliance with internal SLAs.
• Ensure that the configuration is up to date and deploy integrations to facilitate seamless scanning across Sitecores environment.

Code Security (Wiz Code)

• Work with development teams to integrate secure coding practices and manage static analysis via Wiz Code.
• Review and triage security findings in application code guiding engineering teams on remediations.

Bug Bounty Program (HackerOne)

• Coordinate Sitecores Bug Bounty Program with HackerOne reviewing reports validating findings and managing triage workflows.
• Collaborate with researchers and internal stakeholders to assess and resolve reported vulnerabilities.
• Ongoing enhancement and expansion of our Bug bounty program in alignment with Sitecores strategic priorities.

Attack Surface Management

• Continuously monitor Sitecores external and internal attack surface.
• Proactively identify exposed assets misconfigurations or gaps that may lead to exploitation.

Threat Intelligence & Security Research

• Stay current with evolving threat landscapes vulnerabilities (CVEs) and TTPs (Tactics Techniques and Procedures).
• Share intelligence and recommendations with internal teams to strengthen defenses and design.

CrossTeam Collaboration & Reporting

• Work closely with Engineering Cloud and Product Security teams to share findings improve visibility and reduce exposure.
• Maintain detailed documentation dashboards and status reports on open vulnerabilities tracking remediation timelines and SLAs.

Qualifications :

Preferred Skills and Experience: 

• 36 years of experience in application security penetration testing or red team operations.
• Handson experience with tools like Wiz Wiz Code Burp Suite Metasploit and scripting for automation.
• Familiarity with OWASP Top 10 cloudnative security (Azure AWS) and container security best practices.
• Strong understanding of vulnerability management lifecycle secure SDLC and offensive security techniques.
• Experience managing or participating in bug bounty programs is a strong plus.
• Security certifications such as OSCP GPEN OSCE CRTOP GRT CRTA RTO are a plus.
• Excellent written and verbal communication skills with the ability to present technical concepts to nontechnical audiences.

Work Conditions:

• Working hours aligned to U.S. Central or Eastern time zones.
• Occasional afterhours availability may be required for coordinating tests or responding to timesensitive findings.
• Requires close collaboration with globally distributed engineering and security teams.

Remote Work :

No

Employment Type :

Fulltime