Offensive Security Senior Manager

Please Note: The deadline for applying is 23.59 the day before the job posting end date.

Job Title: Offensive Security Senior Manager 

Business Function: Cyber Security

Location: Kingston Head Office

Unilever is one of the world’s leading suppliers of Food, Home, and Personal Care products with sales in over 190 countries and reaching 3.4 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Persil, Dove, Knorr, Domestos, Hellmann’s, Wall’s, Ben & Jerry’s, Marmite, Magnum, and Lynx. Faced with the challenge of climate change and the need for human development, we want to move towards a world where everyone can live well and within the natural limits of the planet. That’s why our purpose as Unilever is ‘to make sustainable living commonplace’.

At Unilever, we’re determined to achieve a culture where everyone can thrive, a culture where all individuals are treated fairly and respectfully, and where their uniqueness is celebrated. We’re taking a holistic approach that focuses on how we can use the scale and reach of our business to have the greatest impact in our own workplace and beyond. We’ve set clear goals to eliminate any bias and discrimination in our policies and practices, accelerate diverse representation in our leadership, and remove barriers for people with disabilities. At the same time, we’re setting out to spend more with diverse businesses and increasing representation of diverse groups in our advertising. Find out more about our commitment to equity, diversity, and inclusion on our website.

Unilever’s Cyber Security team is a global, product-led function aligned to the NIST Cyber Security Framework. We deliver capabilities across governance, protection, detection, response, and recovery to safeguard our people, operations, and digital assets. Operating alongside our Technology and Data teams, Cyber Security enables secure innovation and resilience across our global business. Our structure is built around product families and risk-based priorities, with teams embedded across regions and business units.

JOB PURPOSE

We are looking for a technically exceptional and visionary Senior Manager to lead our Offensive Security function. This role is both strategic and hands-on, responsible for delivering high-impact penetration testing, attack surface management, and a mature bug bounty program. The ideal candidate will be a transformation leader with deep technical expertise in offensive security and a passion for building purple team capabilities that proactively identify and close control gaps across the enterprise.

The Senior Manager – Offensive Security will serve as both a strategic leader and hands-on technical expert, driving the evolution of our offensive security capabilities. This role is accountable for delivering high-impact penetration testing, managing our attack surface, and overseeing a global bug bounty program. With a strong focus on identifying control gaps and advancing purple team maturity, the ideal candidate will bring deep technical acumen, a transformation mindset, and a proven ability to lead and inspire high-performing teams in a dynamic, threat-informed environment.

RESPONSIBILITIES

Technical Leadership & Execution

- Personally lead and execute advanced penetration tests, red/purple team exercises, and adversary emulation campaigns across cloud, application, and infrastructure layers.
- Identify and exploit vulnerabilities to simulate real-world attack scenarios, validate detection and response capabilities, and uncover control gaps.
- Develop and maintain a Purple Team playbook tailored to business-specific technologies and threat models.
- Integrate offensive findings into SOC tuning, detection engineering, and control validation workflows.

Program Ownership

- Own and evolve the offensive security roadmap, including internal testing services, external bug bounty operations, and attack surface management.
- Establish and lead a Purple Team Steering Committee with cross-functional stakeholders from Cyber, OT, R&D, and Business Units.
- Drive quarterly purple team exercises and ensure findings are embedded into the broader Cyber Transformation roadmap.

Team Building & Transformation

- Build and mentor a high-performing global team of offensive security engineers and red teamers.
- Lead the transformation from traditional pentesting to intelligence-driven, continuous offensive security.
- Foster a culture of innovation, experimentation, and continuous learning.

Collaboration & Influence

- Partner with Threat Intelligence, SOC, and Engineering teams to contextualize findings and drive remediation.
- Communicate technical findings clearly to both technical and executive audiences.
- Influence security architecture and product design through early engagement and threat modeling.

Requirements

• Advanced Penetration Testing: Deep experience conducting and leading penetration tests across web applications, APIs, cloud environments (Azure, AWS, GCP), and enterprise infrastructure.
• Red and Purple Teaming: Expertise in adversary emulation, threat-informed defense, and purple team exercises that validate detection and response capabilities.
• Attack Surface Management: Familiarity with ASM platforms and methodologies to continuously identify, assess, and reduce external exposure.
• Bug Bounty Program Management: Experience managing or collaborating with external bug bounty platforms (e.g., HackerOne, Bugcrowd), including triage and remediation workflows.
• Exploit Development & Vulnerability Research: Ability to identify and exploit zero-day and known vulnerabilities, and develop custom proof-of-concept exploits.
• Tool Proficiency:
  • Offensive tools: Cobalt Strike, Metasploit, Burp Suite, Nmap, BloodHound, Covenant, Sliver
  • Scripting: Python, PowerShell, Bash
  • Automation: CI/CD integration for security testing, custom tooling for red team automation
• Detection Engineering Collaboration: Ability to translate offensive findings into detection logic and partner with SOC teams to improve alerting and response.
• Threat Modelling & MITRE ATT&CK: Strong understanding of attacker TTPs and ability to map findings to frameworks like MITRE ATT&CK and the Cyber Kill Chain.
• Cloud Security Testing: Hands-on experience with offensive techniques in cloud-native environments, including IAM misconfigurations, container escape, and serverless exploitation.
• Security Control Validation: Experience assessing the effectiveness of EDR, WAF, IAM, and other security controls through offensive testing.

Experience

 - 15+ years in cybersecurity, with 5+ years in offensive security and team leadership.
- Deep hands-on experience with red/purple teaming, adversary emulation, and vulnerability exploitation.
- Proficiency with tools such as Cobalt Strike, Metasploit, Burp Suite, BloodHound, and custom scripting.
- Strong understanding of MITRE ATT&CK, cyber kill chain, and threat-informed defense.
- Experience integrating offensive security into CI/CD pipelines and cloud-native environments.
- Relevant certifications (e.g., OSCP, OSCE, CRTO, GXPN) strongly preferred.

Behaviours

Candidates would be required to demonstrate the Unilever Standards of Leadership & live the Values through showing the following behaviors:

• Agility – Flexes leadership style and plans to meet changing situations with urgency. Learns from the past, envisions the future, has a healthy dissatisfaction with the status quo.
• Personal Mastery – Actively builds wellbeing and resilience in themselves and their team. Has emotional intelligence to take feedback, manage mood and motivations, and build empathy for others. Sets high standards for themselves and always brings their best self.
• Passion for High Performance – Inspires the energy needed to win, generating intensity and focus to motivate people to deliver results at speed.

NOTES

About Unilever

Unilever is one of the world’s leading suppliers of Food, Home and Personal Care products with sales in over 190 countries and reaching 2 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Dove, Tresemme, Lynx, Lifebuoy, Shea Moisture, Persil, Domestos, Ben & Jerry’s, Magnum, Marmite, The Vegetarian Butcher, Graze and Pot Noodle.

Faced with the challenge of climate change and the need for human development, we want to move towards a world where everyone can live well and within the natural limits of the planet. That’s why our purpose is ‘to make sustainable living commonplace’  

What We Offer

Not only do we offer a competitive salary and pension scheme, we also offer an annual bonus, subsidised gym membership, a discounted staff shop and shares. You’ll have the opportunity to work directly with our renowned and exciting brands in a flexible and hybrid working environment.

Whilst the role is advertised on a full-time basis, we would be happy to discuss possible flexible working options and what this may look like for you. We are a key advocate of wellbeing and offer a variety of support for our people including hubs, programmes and development opportunities. We strive to achieve a family-friendly and inclusive workplace and to, above all, create possibilities for all. 

Diversity at Unilever is about inclusion, embracing differences, creating possibilities and growing together for better business performance. We embrace diversity in our workforce. This means giving full and fair consideration to all applicants and continuing development of all employees regardless of age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage and civil partnership, and pregnancy and maternity. We are also more than happy to provide reasonable adjustments during our application and interview process to enable you to be present your best self. To find out more, including about our Employee Resource Groups, please click here Equity, Diversity & Inclusion at Unilever | Unilever.

Recruitment Fraud

Cyber criminals advertise fake job adverts with prestigious employers as a way of stealing information or even defrauding individuals out of money. In the most sophisticated cases, they will set up fake websites, which have a similar address to companies like Unilever. They even conduct fake telephone interviews and then offer candidates a role with the proviso they pay a fee for background checks or to cover work visa costs.  These types of attacks are becoming more common as more people are looking for employment in the economic climate. 

How is Unilever tackling this?

Many of Unilever’s recruitment sites publish a warning to candidates about recruitment fraud. The Cyber Security team also proactively scan for signs of people setting up fake Unilever sites and act to close them down. 

What can I do?

If you become aware of potential recruitment fraud, spot fake Unilever recruitment adverts or fake LinkedIn profiles, report them via Una Live Chat. 

Unilever does not accept responsibility or liability for any candidates who are financially impacted by recruitment fraud. Your vigilance is key!