Director of Offensive Security

The Company   NorthMark   Compute & Cloud (NMC²) is backed by dedicated leadership and investment, with a clear mission as it   operates   at the bleeding edge of technology. Its goal is to scale and enhance the high-performance computing (HPC) and cloud infrastructure that supports its clients’ research, production, and delivery, enabling breakthroughs that shape the industries of tomorrow. Its engineers build critical infrastructure to   eliminate   friction in scientific research, simulations, analysis, and decision-making, acc elerating discovery and driving faster innovation.   The Position   The Director of Offensive Security reports directly to the CISO and owns continuous adversarial validation of the NMC² production environment. This is not a scheduled   pentest   function or a compliance-checkbox red team. You will build and run a standing offensive capability that   operates   against production with authorization, emulates named threat actors relevant to our customer base and infrastructure class, and produces independent, evidence-backed assessments of whether our controls work under realistic attack conditions.   This function   operates   as an independent line of assurance within the Security organization, with a direct reporting relationship to the CISO. To preserve objectivity, assessment findings are delivered to the CISO without editorial review by the teams whose controls or systems are under evaluation. Security Engineering, Platform Engineering, and Security Architecture receive findings as remediation owners.   Responsibilities:   Build and run a continuous red team program against the production NMC² environment: HPC clusters, multi-tenant Kubernetes, bare-metal provisioning infrastructure, customer network fabric, identity plane, and the internal control surface itself (SIEM, EDR, IAM, PAM)   Execute adversary emulation campaigns aligned to MITRE ATT&CK v15 TTPs relevant to our threat model: financially motivated access brokers (e.g., TTP sets associated with   initial   access brokers targeting financial services customers), APT groups with   demonstrated   interest in research computing and scientific workloads, and insider threat scenarios covering privileged operator abuse   Independently   validate   detection and response efficacy: every red team operation produces a detection coverage report measured against the SOC and IR functions, including time-to-detect, time-to-contain, and detection gap inventory by ATT&CK technique ID   Own the purple team feedback loop: every undetected TTP becomes a tracked detection engineering deliverable with owner and SLA, every detected-but- unresponded   TTP becomes a tracked IR playbook deliverable   Run continuous attack surface validation against production, not just pre-production, with a documented rules-of-engagement framework, blast radius controls, and CISO-level authorization gates for destructive or high-risk techniques   Lead threat-led penetration testing of the HPC-specific attack surface:   Slurm   and workload manager abuse, GPU driver and firmware attack paths, InfiniBand and RDMA   fabric isolation, scheduler privilege escalation, cross-tenant lateral movement in shared compute, and scientific software supply chain compromise   Own offensive validation of cloud and Kubernetes controls: IAM boundary testing, cross-account and cross-tenant escape attempts, container breakout chains, service mesh bypass, admission controller evasion, and secrets management integrity   Drive threat modeling at design stage for new platform capabilities and major architecture changes, producing adversarial design reviews that the CISO signs off on before build   Manage the external   pentest   and red team vendor portfolio: scoping, vendor selection, quality control of deliverables, and integration of external findings into the internal remediation tracking system   Build and   maintain   the offensive tooling stack including custom implants, C2 infrastructure, and internal exploit development capability, with clear controls on tool custody, source code management, and destruction protocols   Define and publish offensive security KPIs to CISO and board level: coverage against MITRE ATT&CK technique inventory, mean time to compromise from assumed-breach scenarios, control validation pass rate by control family, remediation velocity on P1 and P2 findings, and repeat finding rate   Issue formal assessment reports using CWE classification, CVSS v3.1 base and environmental scoring, and explicit exploitation evidence; findings are attestations, not suggestions   Champion an adversarial engineering culture across Platform and Security Engineering through documented attack patterns, regular internal briefings, and integration of offensive findings into developer tooling and CI/CD gates   R equirements:   1 5 + years in offensive security with   demonstrated   hands-on depth across at least three of: network penetration testing, red team operations, cloud penetration testing, application exploitation, hardware and firmware attack research, or advanced adversary emulation   5+ years leading offensive security teams, including direct accountability for hiring specialized offensive talent, managing operational security of red team infrastructure, and   operating   under formal rules of engagement against production systems   Demonstrated red team leadership against mature target environments: environments with functioning SOC, EDR, and IR capability, not greenfield   pentest   targets   Deep operational fluency with MITRE ATT&CK v15 and ATT&CK Navigator for coverage mapping, adversary emulation planning using frameworks such as MITRE CALDERA or Atomic Red Team, and purple team execution models   Hands-on capability with production-grade offensive tooling: C2 frameworks (Cobalt Strike, Mythic, Sliver, or equivalent), exploitation frameworks, custom tool development, and oper