AVP-Cybersecurity-Offensive lead

AVP Cybersecurity on the Offensive Security lead is focused on assessing and challenging the security posture across a comprehensive portfolio of products, services and infrastructure. The individual will utilize a variety of tools developed and act as a key team member and leader in testing engagements. They will advocate for cybersecurity best practices and will provide strong recommendations in this domain.

Major Deliverables:

• Conduct red team operations by serving either the red team lead or the secondary operator on engagements. As an engagement red team lead, you'll strategically plan scenario execution, orchestrate team resources and timelines, and make critical technical decisions that drive successful outcomes in complex, high-stakes environments.
• Conduct offensive security engagements, including Red Team operations, threat-based evaluations, and vulnerability research and exploitation against both internal and external facing systems
• Design, scope, and lead complex technical assessments, Purple Team Engagements, and other security initiatives to test attack detection and prevention effectiveness
• Automate portions of assessments, scoping, or other offensive security work to inform and drive our engagements
• Incorporate Threat Intelligence research to track APT trends and help partners test their environments against new and emerging threats
• Collaborate with cross-functional teams, including Incident Response, Product Security, and other security partners, to align remediation efforts and drive fixes after testing cycles
• Develop and maintain relationships with internal customers to identify and facilitate solutions to increase the impact of the team's work
• Influence and align the team’s strategy, and collaboratively prioritize and deliver specific multi-year roadmaps and projects
• Leverage deep technical expertise in operating systems, network architecture, and infrastructure fundamentals to execute sophisticated attack chains and navigate complex enterprise environments during red team operations.
• Pioneer cutting-edge offensive security capabilities in coordination with our dedicated malware and capability developers by researching, developing, and operationalizing innovative techniques, proprietary tools, and advanced methodologies that push the boundaries of adversarial simulation and red team effectiveness.
• Offer mentorship or coaching to growing team members, while sharing knowledge externally through blogs, webinar presentations, or presenting at conferences.
• Collaborate with cross-functional teams on key activities, including scoping initiatives, providing subject matter expertise in high-stakes sales presentations, and contributing strategic technical insights to marketing campaigns that showcase our capabilities.
• Help define, document, and continuously refine internal technical processes, service methodologies, and tactical procedures (TTPs) that standardize excellence across all engagements.
• Perform administrative tasks related to day-to-day consulting activities to ensure smooth business and engagement operations.

Minimum Requirements:

• Bachelor’s degree or higher, with a focus on IT, Computer Science, Engineering or Math or equivalent experience
• 8+ years of work experience performing adversarial simulation related engagements, with overall experience of 10-15 years
• Recognized Red Team or Penetration testing specific qualifications such as CCSAS, CCSAM, CRTO, OSED, OSCE (GXPN, GPEN, OSCP, GWAPT or similar certifications may also be considered)
• Working knowledge of Windows, Linux and MacOS operating systems internals
• Extensive understanding of the MITRE ATT&CK framework, OWASP Top 10, and other security frameworks
• Expertise in Windows Active Directory exploitation and lateral movement 
• Working knowledge of “cloud” platforms (AWS/Azure/GCP and O365/Google Workspace) and container technologies (Kubernetes/Docker) 
• Able to conduct cyber risk assessments using frameworks or standards like NIST CSF, ISO 27001/2, PCI, CIS Top 20, CMMC, or other industry measurement tools
• Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weaknesses after receiving permission from client stakeholders 
• Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach
• Familiarity with offensive tools, based on applicable skillset.
• Deep technical familiarity with offensive and defensive IT concepts and protocols
• Research and evaluate emerging privacy technologies from academia and industry, contributing to open-source tools and AI privacy standards
• Act as consultant and advocate for privacy best practices as central to our mission of Responsible AI 

Preferred Qualifications:

• Strong communicator with the ability to positively influence engineers, developers, architects, and business leaders alike
• Thoughtful, pragmatic, and able to execute in a high-velocity, agile environment
• Deeply collaborative and experienced at embedding security into developer culture
• Track record of reducing risk without slowing down innovation
• Being articulate and precise to the internal stakeholders who are seeking counsel on what are the risks, why are they impactful, and options on how to resolve them
• Broad knowledge across the Security domain, as well as demonstrated focus in AI security evaluations and in one (or more) areas of Cybersecurity such as Red Teaming, Purple Teaming, Vulnerability Research, and Exploitation
• Master's degree (or foreign degree equivalent) in Information Systems Engineering, Computer Science, Engineering, Information Security, Cyber Security, Information Assurance, or related field

EXL (NASDAQ: EXLS) is a leading data analytics and digital operations and solutions company. We partner with clients using a data and AI-led approach to reinvent business models, drive better business outcomes and unlock growth with speed. EXL harnesses the power of data, analytics, AI, and deep industry knowledge to transform operations for the world’s leading corporations in industries including insurance, healthcare, banking and financial services, media and retail, among others. EXL was founded in 1999 with the core values of innovation, collaboration, excellence, integrity and respect. We are headquartered in New York and have more than 54,000 employees spanning six continents. For more information, visit www.exlservice.com. EXL never requires or asks for fees/payments or credit card or bank details during any phase of the recruitment or hiring process and has not authorized any agencies or partners to collect any fee or payment from prospective candidates. EXL will only extend a job offer after a candidate has gone through a formal interview process with members of EXL’s Human Resources team, as well as our hiring managers.