Offensive Security Senior Manager

Please Note: The deadline for applying is 23.59 the day before the job posting end date.

Job Title: Offensive Security Senior Manager

Business Function: Cyber Security

Location: Kingston Head Office

Unilever is one of the world’s leading suppliers of Food, Home, and Personal Care products with sales in over 190 countries and reaching 3.4 billion consumers a day. Unilever has more than 400 brands around the world, including Persil, Dove, Knorr, Domestos, Hellmann’s, Wall’s, Ben & Jerry’s, Marmite, Magnum, and Lynx. Our purpose is to make sustainable living commonplace.

Unilever is committed to equity, diversity, and inclusion. We strive to eliminate bias and discrimination, accelerate diverse representation in leadership, remove barriers for people with disabilities, and increase representation in advertising. Find out more about our commitment on our website.

Unilever’s Cyber Security team is a global, product-led function aligned to the NIST Cyber Security Framework. We deliver capabilities across governance, protection, detection, response, and recovery to safeguard our people, operations, and digital assets. Our structure is built around product families and risk-based priorities, with teams embedded across regions and business units.

JOB PURPOSE

We are looking for a technically exceptional and visionary Senior Manager to lead our Offensive Security function. This role is both strategic and hands-on, responsible for delivering high-impact penetration testing, attack surface management, and a mature bug bounty program. The ideal candidate will be a transformation leader with deep technical expertise in offensive security and a passion for building purple team capabilities that proactively identify and close control gaps across the enterprise.

The Senior Manager - Offensive Security will serve as both a strategic leader and hands-on technical expert, driving the evolution of our offensive security capabilities. This role is accountable for delivering high-impact penetration testing, managing our attack surface, and overseeing a global bug bounty program. With a strong focus on identifying control gaps and advancing purple team maturity, the ideal candidate will bring deep technical acumen, a transformation mindset, and a proven ability to lead and inspire high-performing teams in a dynamic, threat-informed environment.

RESPONSIBILITIES

Technical Leadership & Execution

• Personally lead and execute advanced penetration tests, red/purple team exercises, and adversary emulation campaigns across cloud, application, and infrastructure layers.
• Identify and exploit vulnerabilities to simulate real-world attack scenarios, validate detection and response capabilities, and uncover control gaps.
• Develop and maintain a Purple Team playbook tailored to business-specific technologies and threat models.
• Integrate offensive findings into SOC tuning, detection engineering, and control validation workflows.

Program Ownership

• Own and evolve the offensive security roadmap, including internal testing services, external bug bounty operations, and attack surface management.
• Establish and lead a Purple Team Steering Committee with cross-functional stakeholders from Cyber, OT, R&D, and Business Units.
• Drive quarterly purple team exercises and ensure findings are embedded into the broader Cyber Transformation roadmap.

Team Building & Transformation

• Build and mentor a high-performing global team of offensive security engineers and red teamers.
• Lead the transformation from traditional pentesting to intelligence-driven, continuous offensive security.
• Foster a culture of innovation, experimentation, and continuous learning.

Collaboration & Influence

• Partner with Threat Intelligence, SOC, and Engineering teams to contextualize findings and drive remediation.
• Communicate technical findings clearly to both technical and executive audiences.
• Influence security architecture and product design through early engagement and threat modeling.

Requirements

• Advanced Penetration Testing: Deep experience conducting and leading penetration tests across web applications, APIs, cloud environments (Azure, AWS, GCP), and enterprise infrastructure.
• Red and Purple Teaming: Expertise in adversary emulation, threat-informed defense, and purple team exercises that validate detection and response capabilities.
• Attack Surface Management: Familiarity with ASM platforms and methodologies to continuously identify, assess, and reduce external exposure.
• Bug Bounty Program Management: Experience managing or collaborating with external bug bounty platforms (e.g., HackerOne, Bugcrowd), including triage and remediation workflows.
• Exploit Development & Vulnerability Research: Ability to identify and exploit zero-day and known vulnerabilities, and develop custom proof-of-concept exploits.
• Tool Proficiency:
  • Offensive tools: Cobalt Strike, Metasploit, Burp Suite, Nmap, BloodHound, Covenant, Sliver
  • Scripting: Python, PowerShell, Bash
  • Automation: CI/CD integration for security testing, custom tooling for red team automation
• Detection Engineering Collaboration: Ability to translate offensive findings into detection logic and partner with SOC teams to improve alerting and response.
• Threat Modelling & MITRE ATT&CK: Strong understanding of attacker TTPs and ability to map findings to frameworks like MITRE ATT&CK and the Cyber Kill Chain.
• Cloud Security Testing: Hands-on experience with offensive techniques in cloud-native environments, including IAM misconfigurations, container escape, and serverless exploitation.
• Security Control Validation: Experience assessing the effectiveness of EDR, WAF, IAM, and other security controls through offensive testing.

Experience

• 15+ years in cybersecurity, with 5+ years in offensive security and team leadership.
• Deep hands-on experience with red/purple teaming, adversary emulation, and vulnerability exploitation.
• Proficiency with tools such as Cobalt Strike, Metasploit, Burp Suite, BloodHound, and custom scripting.
• Strong understanding of MITRE ATT&CK, cyber kill chain, and threat-informed defense.
• Experience integrating offensive security into CI/CD pipelines and cloud-native environments.
• Relevant certifications (e.g., OSCP, OSCE, CRTO, GXPN) strongly preferred.

Behaviours

• Agility - Flexes leadership style and plans to meet changing situations with urgency. Learns from the past, envisions the future, has a healthy dissatisfaction with the status quo.
• Personal Mastery - Actively builds wellbeing and resilience in themselves and their team. Has emotional intelligence to take feedback, manage mood and motivations, and build empathy for others. Sets high standards for themselves and always brings their best self.
• Passion for High Performance - Inspires the energy needed to win, generating intensity and focus to motivate people to deliver results at speed.

Notes

About Unilever

Unilever is one of the world’s leading suppliers of Food, Home and Personal Care products with sales in over 190 countries and reaching 2 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Dove, Tresemme, Lynx, Lifebuoy, Shea Moisture, Persil, Domestos, Ben & Jerry’s, Magnum, Marmite, The Vegetarian Butcher, Graze and Pot Noodle. Our purpose is to make sustainable living commonplace.

What We Offer

We offer a competitive salary and pension, an annual bonus, subsidised gym membership, a discounted staff shop, and shares. You’ll have the opportunity to work with our brands in a flexible and hybrid working environment. We are open to flexible working options and are committed to wellbeing, with hubs, programmes, and development opportunities. We strive for a family-friendly and inclusive workplace.

To view full job details, click apply.