Head of Offensive Security Testing

Head of Offensive Security Testing

We, at Enterprise IT Security, are on a mission to secure the IT journey for the Volvo Group. We work closely together with stakeholders across several Truck Divisions (TDs), Business Areas (BAs), and Group Functions (GFs). While the BAs are responsible for driving the business, the TDs provide research, development, purchasing, manufacturing, and assembly. Within Volvo Group, the GFs own the Group agenda, provide strategic direction, and have global responsibility in group-wide functions such as IT, legal, compliance, and security.

With Enterprise IT Security, you will be part of Group Digital & IT (Group Function). A global and diverse team of highly skilled professionals who work with passion, trust each other, and embrace change to stay ahead. Enterprise IT Security works in close collaboration with both Group Security function and security functions within TDs, BAs, and GFs. Together we work to build a security posture that is best in class.


Role Description:
The Head of Offensive Security Testing reports directly to the Head of Enterprise IT Security and supports the organization by assuring the Volvo Group’s IT and OT resilience by mimicking the tactics, techniques, and procedures of advanced threat actors.
• Develop, implement, and operationalize a group-wide framework for intelligence-led red team and penetration tests
• Build, train, and lead a team of specialized ethical hackers
• Direct, lead and oversee red teams during formal tests and exercises
• Report, assess, and categorize findings from tests and red team exercises
• Support the improvement of central detection and response capabilities (e.g. through quarterly purple team exercises)
• Develop and prioritize complex test scenarios based on threat intelligence and known IT/OT security incidents to simulate sophisticated cyber attacks.
• Build and maintain quality assurance and training standards for internal and external penetration tests
• Manage vendors and other external partners (e.g. penetration test providers) to ensure continuous improvement of the applied methods and to build scalable flexibility
• Cooperate with specialized providers to establish a crowdsourced vulnerability identification program (bug bounty)
• Cooperate with internal and external threat intelligence specialists to secure a realistic and up-to-date understanding of tactics, techniques, and procedures used by advanced threat actors
• Provide input to a group-wide attack surface reduction resilience strategy
• Support the development of attack path models and the prioritization of derived measures
• Close interaction with other operational teams (e.g. Cyber Defense Center, Active Cyber Defense, Enterprise IT/OT Security Architecture & Engineering) and IT/OT security risk managers to support a holistic understanding of potential protection or detection gaps within Volvo Group.


Critical Competencies:
• Ability to develop and apply a strict security testing governance based on CBEST/TIBER principles
• Track record of hands-on experience with coordinating and executing complex penetration tests
• Very good communication and presentation skills
• Process design, KPI development and risk management
• Ability to analyze detailed technical data to abstract relevant business information
• Ability to establish and maintain good relations and trust with your internal and external partners/stakeholders
• Must be able to identify and resolve complex problems in a structured way
• Willingness to learn, know and understand Volvo Group security policies, directives and requirements


Minimum Education and Experience:
• Bachelor or Masters Degree in Information Technology, Information Systems, Engineering, a related field or equivalent work experience.
• 10+ years experience in IT Operations, Security & Development
• Domain specific certifications (e.g. ethical hacking, forensic investigations, ITIL) would be an advantage


Kindly note that due to GDPR, we will not accept applications via mail. Please use our career site.