Role Overview
Grant Thornton is seeking experienced and highly skilled Offensive Security and Compromise Assessment Senior Manager to lead proactive security testing and compromise assessment initiatives across our global enterprise environment. This leadership role is focused on identifying security weaknesses before adversaries can exploit them and determining whether any active compromise already exists within the organization.
You will lead penetration testing, red team exercises, and compromise assessments designed to simulate real-world attack scenarios. In parallel, you will direct environment-wide threat hunts and forensic analysis to identify indicators of compromise (IOCs), unauthorized access, persistence mechanisms, and attacker activity.
This is a hands-on leadership role requiring strong technical expertise in offensive security, threat hunting, forensic investigation, and compromise assessment. You will work closely with Security Operations, Incident Response, Security Engineering, and Leadership teams to validate defenses, identify gaps, and ensure rapid remediation of vulnerabilities and threats.
Your mission is to proactively find and eliminate security risks, validate detection capabilities, and ensure attackers have no place to hide within the organization.
Primary Responsibilities
Offensive Security Leadership (Proactive Testing)
Lead and oversee penetration testing across enterprise infrastructure, cloud environments, applications, identity systems, and network environments.
Design and execute red team exercises simulating real-world adversary tactics, techniques, and procedures (TTPs).
Identify vulnerabilities in endpoints, networks, identity systems, cloud environments, and business applications.
Validate effectiveness of security controls including EDR, SIEM, email security, and network defenses.
Test detection and response capabilities of existing security tools and SOC processes.
Develop attack simulations to evaluate detection gaps and improve defensive posture.
Work closely with engineering and security teams to remediate identified vulnerabilities.
Provide actionable remediation guidance to improve enterprise security posture.
Compromise Assessment & Threat Hunting
Lead enterprise-wide compromise assessments to determine if unauthorized access or attacker persistence exists.
Analyze logs, endpoint telemetry, network traffic, authentication events, and system activity for indicators of compromise.
Identify attacker persistence mechanisms, privilege escalation, lateral movement, and command-and-control activity.
Investigate suspicious behavior across endpoints, identity systems, and cloud environments.
Validate security s and determine whether malicious activity has occurred.
Incident Investigation Support (When required)
Support Incident Response teams during active security incidents.
Assist in determining attack scope, root cause, attacker methods, and impact.
Develop incident investigation reports with clear technical findings and executive summaries.
Provide recommendations to strengthen security controls and prevent recurrence.
Leadership & Program Management
Lead and mentor offensive security and compromise assessment team members.
Develop offensive security testing strategies aligned with business priorities.
Establish compromise assessment methodologies, procedures, and best practices.
Prioritize offensive testing based on business risk and threat landscape.
Coordinate testing efforts across infrastructure, cloud, and application environments.
Provide regular updates to leadership on vulnerabilities, compromise risks, and remediation progress.
Translate technical findings into clear business impact and risk language.
Security Improvement & Control Validation
Validate effectiveness of endpoint detection tools such as CrowdStrike EDR/MDR.
Evaluate identity security controls including MFA, authentication systems, and privileged access.
Test email security defenses and phishing detection capabilities.
Validate network security controls including firewalls, segmentation, and access controls.
Identify detection gaps and recommend improvements.
Required Qualifications
Experience
Senior Manager:
Minimum 12–15+ years of cybersecurity experience
Minimum 7+ years in offensive security leadership, red teaming, or compromise assessment
Experience must include hands-on:
Penetration testing and red team operations.
Threat hunting and compromise assessment.
Incident investigation and forensic analysis.
Technical Skills
Strong hands-on experience with:
Offensive Security Tools
Metasploit, Cobalt Strike, BloodHound, Nmap, Burp Suite, Mimikatz
Adversary‑emulation and attack‑simulation tools
Security Platforms
CrowdStrike EDR/MDR
SIEM platforms
Identity platforms (Active Directory, Azure AD)
Network security monitoring tools
Technical Knowledge
MITRE ATT&CK framework
Threat actor tactics and attack techniques
Windows, Linux, and Cloud environments
Authentication, identity, and privilege escalation techniques
Persistence mechanisms and attacker evasion techniques
Certifications (Required or Strongly Preferred)
One or more of the following:
OSCP – Offensive Security Certified Professional
OSEP – Offensive Security Experienced Penetration Tester
OSCE / OSCE3 – Offensive Security Certified Expert
CRTO / CRTO II – Certified Red Team Operator
GXPN – GIAC Exploit Researcher & Advanced Penetration Tester
GPEN – GIAC Penetration Tester
GCTI – GIAC Cyber Threat Intelligence
GOSI – GIAC Open-Source Intelligence
GREM – GIAC Reverse Engineering Malware
GCIH – GIAC Certified Incident Handler
GCDA – GIAC Cyber Defense Analyst
CISM, GCFA, CEH, CISSP
Leadership & Communication Skills
Strong leadership and team management capabilities
Ability to lead compromise assessments and red team engagements
Ability to translate technical findings into executive-level business risk summaries
Excellent incident reporting and documentation skills
Strong analytical and investigative mindset
Ability to lead high-impact technical investigations
Key Expectations
Lead proactive offensive security and compromise assessment programs
Identify vulnerabilities before attackers exploit them
Detect and investigate hidden attacker activity
Provide forensic analysis when compromise occurs
Deliver clear technical and executive-level reporting
Strengthening organizational security posture through proactive testing
