Reports to: Cyberdefense Lead of North-Asia, South-Asia Pacific, Middle-East, and North Africa.

Introduction:

For over 110 years, L’Oréal has been a leading global beauty company dedicated to fulfilling the diverse beauty desires of women and men around the world. With an expansive portfolio of over 48 brands across four divisions—Professional Products, Consumer Products, L’Oréal Luxe, and Active Cosmetics—our influence spans the breadth of the beauty industry.

A trailblazer in sustainability, L’Oréal incorporates eco-friendly practices into every facet of our operations, from innovation to production, demonstrating our unwavering commitment to the environment. Upholding the principles of integrity, respect, courage, and transparency, we prioritize ethical considerations in every business decision we make.

At the heart of L’Oréal's strength and innovation is our diverse workforce, comprising over 150 nationalities. We cherish the varied experiences and perspectives our employees bring, empowering them to challenge conventions and create transformative beauty experiences for our global customers.

We embrace advanced technologies, including Cloud Computing, Containers, Big Data, E-Commerce, and Web 3.0, as vital tools in serving our customers effectively. Operating in multiple domains, such as Digital, Retail, B2B, Operations, Finance, and Research & Innovation, L’Oréal offers a dynamic and rich environment for learning and long-term career growth. Join us in our mission to create the beauty that moves the World.

We are looking for a skilled Offensive Security Manager to oversee our offensive security and ethical hacking operations within the APAC and MENA regions. The ideal candidate will have extensive experience with penetration testing and red teaming, and will be responsible for developing and improving these aspects of our cybersecurity posture. This role involves managing related vendors, evaluating the criticality of vulnerabilities, and conducting ad-hoc penetration testing.

Responsibilities:

1. Develop and implement a comprehensive offensive security strategy across the APAC and MENA regions, to ensure our systems are robustly defended against cyber threats.
2. Conduct ad-hoc penetration testing on our IT infrastructure to identify and document vulnerabilities and risks.
3. Oversee and improve the company's bug bounty program, liaising with external researchers, assessing reported vulnerabilities, and ensuring timely and effective remediation.
4. Lead and coordinate red teaming exercises to simulate real-world cyberattacks and assess our defensive capabilities.
5. Manage relationships with offensive security vendors, including leading RFP processes, managing contracts, and overseeing the work delivered.
6. Provide technical expertise to evaluate the criticality of vulnerabilities discovered during testing or reported through the bug bounty program.
7. Work closely with internal teams and stakeholders to remediate identified vulnerabilities effectively and efficiently.
8. Create reports and communicate findings and strategies to stakeholders and senior management.
9. Stay abreast of the latest offensive security techniques and technologies, ensuring our approaches remain current and effective.

Qualifications:

1. Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field.
2. Minimum of 5 years of experience in offensive security roles.
3. Relevant certifications from Offensive Security (OSCP, OSCE) or CREST (CRT, CCT) or similar.
4. In-depth knowledge of penetration testing methodologies, tools, and techniques.
5. Familiarity with bug bounty programs and red teaming exercises.
6. Strong understanding of current threats, vulnerabilities, and attack trends.
7. Excellent communication skills and ability to translate complex security issues into business impact.
8. Strong project management skills, ability to manage multiple projects and tasks simultaneously.

This role is integral to the security and integrity of our company's information technology systems. If you are passionate about cybersecurity and love the challenge of staying one step ahead of cyber threats, we would love to hear from you.

Why L’Oréal?

At L’Oréal, we provide a unique platform for long-term career development. We offer diverse opportunities for role transition and international mobility. Join us and be a part of our ethical and responsible mission to create the beauty that moves the world.