Offensive Security Senior Manager

Overview

Job Title: Offensive Security Senior Manager

Business Function: Cyber Security

Location: Kingston Head Office / Bangalore

Unilever is a global leader in Food, Home and Personal Care products with sales in over 190 countries and 3.4 billion consumers daily. Unilever’s purpose is to make sustainable living commonplace. The Cyber Security team is a global, product-led function aligned to the NIST Cyber Security Framework, delivering capabilities across governance, protection, detection, response, and recovery.

We are looking for a technically exceptional and visionary Senior Manager to lead our Offensive Security function. This role is strategic and hands-on, responsible for delivering high-impact penetration testing, attack surface management, and a mature bug bounty program. The ideal candidate will be a transformation leader with deep technical expertise in offensive security and a passion for building purple team capabilities that proactively identify and close control gaps across the enterprise.

The Senior Manager – Offensive Security will lead the evolution of our offensive security capabilities, delivering penetration testing, managing attack surface, and overseeing a global bug bounty program. The role requires identifying control gaps, advancing purple team maturity, and leading high-performing teams in a threat-informed environment.

• Technical Leadership & Execution
  • Personally lead and execute advanced penetration tests, red/purple team exercises, and adversary emulation campaigns across cloud, application, and infrastructure layers.
  • Identify and exploit vulnerabilities to simulate real-world attack scenarios, validate detection and response capabilities, and uncover control gaps.
  • Develop and maintain a Purple Team playbook tailored to business-specific technologies and threat models.
  • Integrate offensive findings into SOC tuning, detection engineering, and control validation workflows.

• Program Ownership
  • Own and evolve the offensive security roadmap, including internal testing services, external bug bounty operations, and attack surface management.
  • Establish and lead a Purple Team Steering Committee with cross-functional stakeholders from Cyber, OT, R&D, and Business Units.
  • Drive quarterly purple team exercises and ensure findings are embedded into the broader Cyber Transformation roadmap.

• Team Building & Transformation
  • Build and mentor a global team of offensive security engineers and red teamers.
  • Lead the transformation from traditional pen testing to intelligence-driven, continuous offensive security.
  • Foster a culture of innovation, experimentation, and continuous learning.

• Collaboration & Influence
  • Partner with Threat Intelligence, SOC, and Engineering teams to contextualize findings and drive remediation.
  • Communicate technical findings clearly to both technical and executive audiences.
  • Influence security architecture and product design through early engagement and threat modeling.

• Advanced Penetration Testing:
  Deep experience conducting and leading penetration tests across web applications, APIs, cloud environments (Azure, AWS, GCP), and enterprise infrastructure.
• Red and Purple Teaming:
  Expertise in adversary emulation, threat-informed defense, and purple team exercises that validate detection and response capabilities.
• Attack Surface Management:
  Familiarity with ASM platforms and methodologies to continuously identify, assess, and reduce external exposure.
• Bug Bounty Program Management:
  Experience managing or collaborating with external bug bounty platforms (e.g., Hacker One, Bugcrowd), including triage and remediation workflows.
• Exploit Development & Vulnerability Research:
  Ability to identify and exploit zero-day and known vulnerabilities, and develop custom proof-of-concept exploits.
• Tool Proficiency
• Offensive tools:
  Cobalt Strike, Metasploit, Burp Suite, Nmap, Blood Hound, Covenant, Sliver
• Scripting:
  Python, Power Shell, Bash
• Automation: CI/CD integration for security testing, custom tooling for red team automation
• Detection Engineering
  
  Collaboration:
  
  Translate offensive findings into detection logic and partner with SOC teams to improve alerting and response.
• Threat Modelling & MITRE ATT&CK:
  Strong understanding of attacker TTPs and ability to map findings to frameworks like MITRE ATT&CK and the Cyber Kill Chain.
• Cloud Security Testing:
  Hands-on experience with offensive techniques in cloud-native environments, including IAM misconfigurations, container escape, and serverless exploitation.
• Security Control Validation:
  Experience assessing the effectiveness of EDR, WAF, IAM, and other security controls through offensive testing.

• 15+ years in cybersecurity, with 5+ years in offensive security and team leadership.
• Hands-on experience with red/purple teaming, adversary emulation, and vulnerability exploitation.
• Proficiency with tools such as Cobalt Strike, Metasploit, Burp Suite, Blood Hound, and custom scripting.
• Strong understanding of MITRE ATT&CK, cyber kill chain, and…