PropertyGuru Group

Senior Manager - Offensive Security

PropertyGuru Group  •  Bengaluru, IN (Hybrid)  •  9 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

PropertyGuru is Southeast Asia’s leading PropTech company, and the preferred destination for over 32 million property seekers monthly to connect with over 50,000 agents monthly to find their dream home. PropertyGuru empowers property seekers with more than 2.1 million real estate listings, in-depth insights, and solutions that enable them to make confident property decisions across Singapore, Malaysia, Thailand and Vietnam.

PropertyGuru.com.sg was launched in Singapore in 2007 and since then, PropertyGuru Group has made the property journey a transparent one for property seekers in Southeast Asia. In the last 18 years, PropertyGuru has grown into a high-growth PropTech company with a robust portfolio including leading property marketplaces and award-winning mobile apps across its markets in Singapore, Malaysia, Vietnam, Thailand as well as the region’s biggest and most respected industry recognition platform – PropertyGuru Asia Property Awards, events and publications across Asia.

For more information, please visit: PropertyGuruGroup.com; PropertyGuru Group on LinkedIn

Recognised as a Top Employers Certified* organisation, we’re proud to be among the best workplaces in the region—celebrating an inclusive culture of excellence, growth, and well-being.

Leads the enterprise's adversarial security function — owning strategy, team, and outcomes for continuous offensive testing across traditional, cloud, and AI attack surfaces. A player-coachrole:sets program direction, builds the red team, andremainstechnically credible enough to leadand executecomplex engagements personally. Operates from an attacker's mindset on a continuous basis— distinct from an AppSec function thatvalidatescontrols inside the SDLC.

Key Responsibilities

Program leadership & strategy

  • Own the offensive strategy, roadmap, and plan; align engagement cadence to the threat model and regulatory obligations.

  • Build and develop a multi-disciplinary team of red teamers, AI red teamers, and offensive engineers; set tradecraft, OPSEC, and quality standards.

  • Govern rules of engagement, authorization workflows, and engagement-artifact handling as formal, auditable controls.

  • Report findings and residual risk to leadership in business-risk terms.

Continuous offensive operations

  • Move from point-in-time pen testing to continuous, attacker-mindset testing across network, identity, cloud (AWS/Azure/GCP), application, and social-engineering vectors.

  • Lead full-scope adversary emulation mapped to MITRE ATT&CK, simulating named threat actors relevant to the business and its geographies.

  • Direct custom tooling, implants, and tradecraft to evade modern EDR/XDR, DLP, SIEM, and behavioural detection.

  • Run assume-breach assessments measuring lateral movement, blast radius, segmentation, identity hygiene, and detection/containment.

  • Lead continuous cloud posture assessments — IAM/privilege-escalation paths, federation, key/secrets management, exposed services, and backup/snapshot exposure — chaining misconfigurations into real exploitation paths.

  • Build scenario libraries emulating APTs from recent, real campaigns, refreshing TTPs as the threat landscape evolves.

  • Continuously discover andvalidatethe internet-facing footprint — forgotten subdomains, exposed admin panels, leaked credentials, shadow cloud assets, and misconfigured services.

AI & agentic red teaming

  • Stand up an AI red team capability: prompt injection (direct/indirect), jailbreak and guardrail-bypass chains, tool/function-call abuse, agent memory and context poisoning, RAG/data-pipeline poisoning, model extraction, inversion, and membership inference.

  • Emulate adversaries against agentic and multi-agent deployments — cascading actions, excessive agency, MCP/tool-chain compromise, and agents as a lateral-movement and initial-access vector.

  • Operationalize AI threat frameworks (MITRE ATLAS, OWASP Top 10 for LLMs / OWASP ASI, NIST AI RMF) and feed results into detection engineering.

Purple teaming & SOC uplift

  • Run a structured purple-team programme: convert every offensive technique into a detection/response improvement,validatecoverage against ATT&CK and ATLAS, and close telemetry gaps.

  • Measure and report mean-time-to-detect / respond improvements driven by offensive findings.

Required Qualifications

  • 10+ years in cyber security, 7+ in offensive security withdemonstratedred team operations (not solely vulnerability assessment or compliance testing), and 4+ leading offensive teams.

  • Proven ability to build and run a continuous offensive / purple-team programme at enterprise scale.

  • Deepexpertisewith C2 frameworks, custom tool development, and detection evasion.

  • Strongproficiencyin at least one systems/scripting language (Python, Go, C#, C/C++, Rust).

  • Expert knowledge of Active Directory / Entra ID attack paths, identity-based attacks, and multi-cloud exploitation.

  • Demonstrated experience red teaming LLM-based or agentic AI systems; working knowledge of MITRE ATLAS and the LLM/agentic threat landscape.

  • Fluency with MITRE ATT&CK, threat-informeddefense, and purple-teammethodology

Preferred Qualifications

  • Recognized offensive certifications (OSCP, OSEP, OSCE3, CRTO, GXPN, or equivalent demonstrated capability).

  • Published research, CVEs, conference talks, or open-source tooling contributions.

  • Experience in regulated, multi-region enterprise environments (a plus).

  • Familiarity with adversarial machine learning, OWASP ASI, and AI red team / automated adversarial-testing harnesses.

Our commitment to you:

  • Hybrid flexible working that focuses on outcomes over hours.

  • Holistic rewards package covering your financial, physical & mental health.

  • Multi-directional career development across all levels.

  • Inclusive benefits like equal paternity leave, supporting all employees in work-life balance.

At PropertyGuru, you’ll be part of a Top Employers Certified* company that puts people at the heart of everything we do.

PropertyGuru Group

About PropertyGuru Group

We are Southeast Asia’s leading PropTech company, and the preferred destination for over 32million monthly property seekers to connect with over 50,000 agents monthly to find their dream home across Singapore, Malaysia, Thailand and Vietnam.

We're proud innovators, trailblazers, problem-solvers and community-builders.

Whether you talk to one of our software engineers, marketeers, or a finance Guru, you'll find that we're all passionate about leading and challenging the evolution of the PropTech industry - whether that's through promoting sustainable development in real estate, or fighting housing discrimination.

Want to make a positive difference to our people and communities? Come join us at PropertyGuru!

Be More, Be A Guru.

Industry
IT & Software
Company Size
1,001-5,000 employees
Headquarters
Singapore, SG
Year Founded
2007
Social Media