Director- Offensive Security
Job Description
Summary This role leads a team that delivers traditional web application penetration testing, Defense-in-Depth assessments extending beyond the web layer, and Red Team engagements ranging from focused control validations to long-term adversary emulation exercises, including both stealth and overt operations.The Director will shape an automation-first and intelligence-driven offensive security program, leveraging AI-enabled operations, testing orchestration, attack simulation, data-driven prioritization, and continuous validation techniques to improve scale, speed, consistency, and measurable risk reduction. This role will ensure offensive security services evolve from point-in-time testing toward a continuous assurance model that validates security posture across enterprise, product, and emerging technology environments.
Job Description
Roles and Responsibilities People leadership & talent development: Hire, lead, coach, and retain an expert team; establish goals, role clarity, performance expectations, and development plans; build succession and continuity. Strategic oversight: Define and execute the offensive security strategy, including an automation-first and AI-enabled operating model that scales penetration testing, adversary emulation, and continuous security validation across IT, cloud, product, OT, and AI/ML environments. Drive roadmap priorities across talent, tooling, process standardization, service maturity, and measurable risk reduction. Service ownership & delivery oversight: Own end-to-end engagement delivery for web application penetration testing, Defense-in-Depth assessments, and Red Team operations, including intake, scope definition, scheduling, quality review, and executive/stakeholder communications. Red Team program leadership: Direct stealth and overt engagements; establish rules of engagement, testing safety controls, deconfliction, and coordination with detection and incident response teams. Defense-in-Depth coverage across environments: Ensure assessments address application, infrastructure, identity, cloud, product/software, and OT considerations (as applicable), balancing thoroughness with operational reliability. Vendor management: Manage vendor relationship(s) supporting Red Team activities, including SOW/SLAs, onboarding/offboarding, service quality, and cost management. Tooling & contract ownership: Own the offensive security tool portfolio and contracts (for example, Nessus, AttackForge), including renewals, license management, usage optimization, secure operations, and capability roadmap. Partnership & remediation outcomes: Partner with vulnerability management, product security, engineering, and infrastructure teams to ensure findings are actionable, prioritized, tracked, and re-tested as appropriate. Standards, governance, and reporting: Define and maintain assessment methodologies, reporting standards, and measurable KPIs (coverage, cycle time, remediation progress, repeat findings, and detection/control validation). Basic Qualifications Bachelor’s degree from accredited university or college with minimum of 8 years of professional experience OR Associates degree with minimum of 11 years of professional experience OR High School Diploma with minimum of 13 years of professional experience Minimum of 5 years of specific experience in offensive security, penetration testing, and/or Red Team operations Demonstrated people leadership experience leading and developing technical teams (including performance management and talent development). Demonstrated experience overseeing penetration testing services, including web application testing and broader multi-layer (Defense-in-Depth) assessments. Demonstrated experience leading Red Team engagements, including safe execution, stakeholder alignment, and high-quality reporting. Experience managing third-party vendors/consultants supporting security delivery.
Preferred Qualifications
Experience assessing or leading engagements in OT and/or embedded/on-product environments, including uptime- and safety-sensitive contexts. Experience maturing an offensive security program using repeatable playbooks, automation, governance, and metrics. Experience owning or administering offensive security tooling and engagement management platforms (for example, AttackForge, Nessus), including budget/contract accountability. Purple-team experience partnering with detection engineering/SOC to validate telemetry, tune detections, and demonstrate defensive improvements. Relevant certifications (desired, not required): OSCP/OSWE/OSCE, GPEN/GXPN, GCIH, CISSP, or equivalent demonstrated expertise. Additional Information: The base pay range for this position is $152,000 - $220,000 annually. The specific pay offered may be influenced by a variety of factors, including the candidate’s experience, education, and skill set. This position is also eligible for an annual discretionary bonus based on a percentage of your base salary/ commission based on the plan. This posting is expected to close on March 26th, 2026. GE Aerospace offers comprehensive benefits and programs to support your health and, along with programs like HealthAhead, your physical, emotional, financial and social wellbeing. Healthcare benefits include medical, dental, vision, and prescription drug coverage; access to a Health Coach from GE Aerospace; and the Employee Assistance Program, which provides 24/7 confidential assessment, counseling and referral services. Retirement benefits include the GE Aerospace Retirement Savings Plan, a 401(k) savings plan with company matching contributions and company retirement contributions, as well as access to Fidelity resources and planning consultants. Other benefits include tuition assistance, adoption assistance, paid parental leave, disability insurance, life insurance, and paid time-off for vacation or illness. GE Aerospace (General Electric Company or the Company) and its affiliates each sponsor certain employee benefit plans or programs (i.e., is a “Sponsor”). Each Sponsor reserves the right to terminate, amend, suspend, replace or modify its benefit plans and programs at any time and for any reason, in its sole discretion. No individual has a vested right to any benefit under a Sponsor’s welfare benefit plan or program. This document does not create a contract of employment with any individual. This role requires access to U.S. export-controlled information. Therefore, employment will be contingent upon the ability to prove that you meet the status of a U.S. Person as one of the following: U.S. lawful permanent resident, U.S. Citizen, have been granted asylee or refugee status (i.e., a protected individual under the Immigration and Naturalization Act, 8 U.S.C. 1324b(a)(3)). Additional Information GE Aerospace offers a great work environment, professional development, challenging careers, and competitive compensation. GE Aerospace is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. GE Aerospace will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable). Relocation Assistance Provided: No #LI-Remote - This is a remote position Apply To This Job