Senior Manager, Offensive Security

ROLE SUMMARY

Our Global Cyber Defense team is responsible for safeguarding Pfizers digital assets and infrastructure through proactive threat detection response and risk mitigation across on-premises cloud and hybrid environments.

The Senior Manager Offensive Security is responsible for leading enterprise offensive security capabilities that proactively identify validate and prioritize security weaknesses across the digital environment. Reporting to the Director of Threat & Exposure Management this role oversees activities such as penetration testing red and purple team exercises and adversary simulation to continuously assess the organizations exposure to realworld threats. Operating within a highly regulated pharmaceutical environment the role partners closely with detection remediation engineering and risk teams to translate offensive findings into measurable risk reduction and improved defensive outcomes.

ROLE RESPONSIBILITIES

• Lead the offensive security capability including strategy roadmap and execution of enterprise penetration testing red teaming and adversary simulation activities.

• Plan and oversee offensive testing across applications cloud platforms networks and endpoints to identify exploitable weaknesses and control gaps.

• Design and execute threatinformed testing scenarios aligned to realworld adversary tactics techniques and procedures.

• Partner with Threat Detection Vulnerability Management and Remediation teams to validate findings prioritize exposures and drive effective risk reduction.

• Partner with Threat Detection team to validate and improve logging alerting and response effectiveness.

• Ensure offensive security activities are safely executed wellgoverned and aligned with legal regulatory and operational constraints.

• Lead thirdparty penetration testing and red team vendor engagements as needed.

• Develop reporting and metrics that clearly communicate exposure attack paths and defensive effectiveness to Cyber Defense leadership.

• Continuously evolve offensive security techniques tooling and methodologies to reflect the changing threat landscape.

• Stay current on emerging attacker techniques tools and threat actor behaviors relevant to pharma and life sciences.

BASIC QUALIFICATIONS

• Bachelors degree in Computer Science Information Security Engineering or a related technical discipline or equivalent handson experience.

• 7 years of experience in cybersecurity with significant handson experience in offensive security penetration testing or red team operations.

• Strong handson knowledge of:

  • Red team and adversary emulation methodologies (MITRE ATT&CKaligned)

  • Application cloud network and identity penetration testing

  • Social engineering and phishing simulations (where appropriate)

  • Tooling and frameworks commonly used in offensive security

• Solid understanding of modern enterprise environments (cloud SaaS hybrid).

• Proven ability to communicate complex technical findings to both technical and executive audiences.

• Experience in leadership and mentoring.

• Experience operating in highly regulated global environments.

• Demonstrated experience in an agile work environment possessing qualities such as a collaborative mindset adaptability to change and a proactive problem-solving approach.

PREFERRED QUALIFICATIONS

• Experience in pharmaceutical biotech life sciences or similarly regulated industries.

• Experience with cloud-native red teaming (AWS Azure GCP) and identity-centric attack paths.

• Familiarity with detection engineering SIEM/SOAR and threat intelligence workflows.

• Professional certifications such as OSCP OSEP CRTO CISSP GIAC or similar offensive securityfocused credentials.

• Strong communication skills with the ability to clearly articulate technical risk attack feasibility and business impact to senior technical and nontechnical stakeholders.

Please apply by sending your CV in English.

Work Location Assignment:Hybrid