Apply on Employer Site

Celestica · 1 day ago

11 - Senior Manager, Information Security

Richardson, TX

Full-time

Onsite

Senior Level, Lead/Staff

8+ years exp

Celestica is a leader in design and manufacturing solutions, partnering with top companies across various sectors. They are seeking a Senior Manager, Information Security, who will proactively identify and mitigate security gaps within the organization’s digital estate, focusing on offensive security and architecture. The role involves reviewing security policies, conducting threat hunts, and mentoring junior analysts to ensure robust cybersecurity defenses.

ElectronicsManufacturingProduct DesignSupply Chain Management

No H1B

U.S. Citizen Only

Responsibilities

Review organizational security policies, standards, and procedures and analyze the existing cybersecurity architecture (network, cloud, endpoint, and application) to identify design flaws, misconfigurations, or logic gaps that could be exploited by insiders or external attackers

Collaborate with security architects and engineering teams to recommend structural improvements that reduce the attack surface

Design and execute continuous control validation programs to test the efficacy of security tools (e.g., EDR, SIEM, Firewalls, DLP)

Perform proactive "purple team" exercises and threat hunts to identify silent failures in detection logic or blocking mechanisms

Simulate real-world attack scenarios (e.g., lateral movement, data exfiltration, privilege escalation) to validate if existing controls trigger appropriate alerts and blocks

Translate findings from architecture reviews and validation tests into actionable remediation plans

Work cross-functionally with IT, DevOps, and GRC teams to close identified security gaps, ensuring that "quick fixes" do not introduce new risks

Track and report on the "Time to Detect" and "Time to Remediate" metrics to demonstrate continuous improvement in the organization’s defensive posture

Serve as the internal subject matter expert on offensive security techniques, tactics, and procedures (TTPs)

Stay ahead of the latest threat intelligence and vulnerability disclosures to predict how they might impact the organization’s specific architecture

Mentor junior analysts on threat hunting methodologies and offensive security mindset

Qualification

Penetration TestingThreat HuntingSecurity ArchitectureBreachAttack SimulationMITRE ATT&CK FrameworkScripting LanguagesOperating System InternalsSecurity Control PlatformsOffensive Security CertificationCloud Security CertificationAnalytical ThinkingCommunicationIntegrity

Required

8–10 years of hands-on experience in cybersecurity, with a specific focus on penetration testing, threat hunting, or security architecture

Proven experience in reviewing and auditing security policies and technical architectures for enterprise environments

Experience with Breach and Attack Simulation (BAS) tools (e.g., AttackIQ, Cymulate) or manual emulation frameworks (e.g., Atomic Red Team, MITRE CALDERA)

Deep understanding of the MITRE ATT&CK framework and how to map specific controls to adversary tactics

Proficiency in scripting languages (Python, PowerShell, Bash) for automating hunts and validation tests

Strong knowledge of operating system internals (Windows, Linux) and network protocols (TCP/IP, DNS, HTTP/S)

Familiarity with security control platforms (SIEM, EDR, IDS/IPS, Firewalls) and how to bypass or test them

Analytical Thinking: Ability to look at a complex system and identify the weakest link

Communication: Ability to explain complex technical exploitation paths to non-technical stakeholders (e.g., explaining why a policy gap matters)

Integrity: Unwavering ethical standards when conducting offensive operations against internal live systems

Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or equivalent experience

Mandatory Offensive Security Certification: Must hold at least one advanced certification such as OSCP (Offensive Security Certified Professional), GPEN (GIAC Penetration Tester), CEH (Certified Ethical Hacker) Practical, or CompTIA PenTest+