Senior Manager -CyberSecurity(Offensive Security in AI & Continuous Validation)

Job Description

Company: TAT IT Technolgies

Location: AE

We have an urgent requirement for Senior Manager -Cyber Security(Offensive Security in AI & Continuous Validation) with experience in banking domain is required for our banking clients in Abu Dhabi ,UAE

Candidate experience in operate Continuous Security Validation — running AWS Security Agent (cloud/infra), (AI-specific) and (model supply-chain) on every significant deployment, mapped to a 2LoD-approved threat coverage matrix.–MustOwn the 7-day threat-intel SLA — ingesting MITRE ATLAS / OWASP LLM feeds–MustAggregate, deduplicate, and SLA-manage all findings via DefectDojo through to Attestation–MustHands-on with autonomous pentest tools: AWS Security Agent, Horizon3, or equivalent.—MustStrong experience with AI red-teaming tools: Garik, PyRIT, Claude Security, Opus 4.x, Codex–MustExperience working within 1LoD/2LoD/3LoD models in regulated environments, in banking or financial services—Must

Job Summary

We are seeking an Offensive Security Engineer to own continuous security validation across cloud, AI/ML, and model supply-chain environments. This role drives automated red teaming and adversarial testing against all significant deployments, ensuring threat coverage aligns with 2LoD-approved matrices and remediation is tracked to strict SLAs. You will operationalize threat intelligence, run autonomous pentest tooling, and validate controls against real-world attack techniques within defined LoD boundaries.

Key Responsibilities Continuous Security ValidationOperate and scale Continuous Security Validation using AWS Security Agent or equivalent across cloud infrastructure, AI-specific workloads, and model supply-chain components for every significant deployment. Map coverage to 2LoD-approved threat matrices.

Threat Intelligence to Automation

Own the 7-day threat-intel SLA. Ingest MITRE ATLAS and OWASP LLM Top 10 feeds via Jira automation and operationalize new attack techniques into test suites within 7 days of release.

Findings Management & Remediation Governance

Aggregate, deduplicate, and SLA-manage all findings via DefectDojo through to Attestation. Enforce severity-based MTTR remediation gates before re-deployment approval. Feed metrics into Power BI dashboards: Open Findings, MTTR, Pipeline Gate Pass Rate, Prompt Injection Block Rate.Autonomous & AI Red Teaming

Execute offensive security and blue-team validation with continuous control validation. Lead adversarial testing using autonomous pentest tooling such as AWS Security Agent, Horizon3 or equivalent. Perform AI red-teaming using Garik, PyRIT, Claude Security, Opus 4.x, Codex, and test against OWASP LLM Top 10 + MITRE ATLAS.

LoD Boundary & Control Validation

Maintain clear understanding of 1LoD/2LoD boundary. Run control validation against 2LoD-approved threat scenarios in blue team capacity, while leaving independent unknown-scenario red teaming to 2LoD.

Shift to Automation

Drive proven shift from periodic manual pentest to automated, continuous control validation integrated into CI/CD pipelines.

Required Qualifications & Skills Experience: 8+ years in offensive security, red teaming, or penetration testing with 4+ years focused on cloud and AI/ML environments.Tools & Platforms: Hands-on with autonomous pentest tools: AWS Security Agent, Horizon3, or equivalent. Strong experience with AI red-teaming tools: Garik, PyRIT, Claude Security, Opus 4.x, CodexFrameworks: Deep knowledge of MITRE ATLAS, OWASP LLM Top 10, and cloud attack paths. Experience mapping tests to enterprise threat matrices.Automation & Integration: Proficiency integrating security testing into CI/CD, Jira automation, DefectDojo, and Power BI reportingCloud & AI Security: Strong understanding of AWS cloud security, LLM deployment risks, model supply-chain threats, and prompt injection defenses.Governance: Experience working within 1LoD/2LoD/3LoD models in regulated environments, preferably banking or financial servicesCertifications Preferred: OSCP or OSCE (mandatory)

• GIAC GPEN or GXPN
• GIAC GMLE (Machine Learning Engineer) or equivalent AI-security credential
• Anthropic Cyber Verification Program enrolment (for offensive use of Opus 4.x)
• CREST CCT desirable for regulated-bank contexts. Skills: security,ai,cybersecurity

Source: LinkedIn