Offensive Security Engagement Coordinator

The Offensive Security Engagement Coordinator is a senior individual contributor role acting as the program and engagement manager for our Offensive Security & Fraud Testing (OSFT) team. This professional ensures seamless coordination and delivery of offensive security operations – including red team engagements, penetration tests, GenAI-augmented offensive security projects, Purple Team exercises, and fraud simulations. The role’s mission is to enable the offensive security team to run more effectively at scale by managing logistics, stakeholder communications, and risk tracking, thereby freeing technical operators to focus on execution. This role reports to the Senior Manager, Offensive Security & Fraud Testing and requires deep understanding of offensive security processes, excellent program management skills, and the ability to coordinate across technical and business stakeholders. Success in this role is measured by predictable engagement execution, timely remediation of identified risks, and high stakeholder satisfaction.

Key Responsibilities:

• Engagement Planning & Scheduling: Own end-to-end planning and scheduling of multiple concurrent engagements (red team operations, pentests, purple team exercises, etc.) based on priority and risk. Manage intake of new engagement requests, prioritizing and sequencing operations in alignment with enterprise risk priorities. Assign appropriate offensive security operators to each project based on skills and availability, ensuring balanced workloads and on-time delivery.

• Coordination & Execution Support: Serve as the central coordination point for offensive engagements. Facilitate all key engagement meetings – from initial scoping/kickoff to peer reviews and wrap-up sessions. Keep engagements on track by monitoring timelines, deliverables, and dependencies, proactively resolving scheduling or logistical issues so that technical teams can maintain focus. Provide regular status updates to stakeholders (security leadership, asset owners, Risk Advisors) on engagement progress and roadblocks.

• Stakeholder Communication & Readouts: Act as the primary liaison between the offensive team and stakeholders (security leadership, risk management, IT owners, fraud teams). Coordinate stakeholder readouts and debriefs – scheduling and facilitating post-operation briefings and executive summaries to discuss findings, business impacts, and recommended actions. Ensure that stakeholders, including risk and technology partners, are informed and engaged throughout engagements.

• Findings Management & Risk Tracking: Manage the output of offensive security operations by overseeing the identification, documentation, and closure of findings. Record and track all discovered vulnerabilities and risks in the enterprise risk register or issue tracking system, with accurate severity ratings and ownership assignments. Coordinate remediation and retesting efforts – work with system owners and risk teams to ensure timely remediation of findings, and schedule re-tests to validate that fixes are effective. Facilitate formal risk acceptance processes for any residual risks that cannot be fully mitigated, ensuring that all findings are resolved or appropriately dispositioned.

• Process Governance & Continuous Improvement: Maintain and improve engagement processes to ensure consistency and quality across operations. Oversee weekly team huddles and quarterly backlog reviews to track progress, adjust priorities, and groom upcoming engagements. Ensure consistent use of project tracking tools (e.g., Jira) and templates for engagement planning and reporting. Enforce documentation standards for deliverables, including peer-reviewed reports, and capture attack tactics & techniques (TTPs) in the team’s knowledge repository for metrics and future reference. Identify opportunities to streamline workflows (e.g., automation of recurring tasks, improved reporting dashboards) and work with the team to implement improvements.

• Cross-Team Collaboration & Alignment: Bridge the gap between offense, defense, and risk management. Liaise with security operations, fraud, and risk management colleagues to align offensive testing plans with top threats and risk scenarios. Ensure that each offensive engagement has clear objectives linked to enterprise risk priorities and that the results directly inform risk registers and defensive improvements. Collaborate on Purple Team exercises, coordinating efforts between red team operators and blue team defenders for joint simulations and knowledge exchange.

Required Qualifications:

• Program/Project Management Expertise: 3+ years of experience in security program management or technical project management, preferably in an offensive security, penetration testing, or similar cybersecurity domain. Demonstrated ability to coordinate complex, concurrent projects across multiple stakeholders, ensuring timely delivery and risk management. Strong organizational skills, attention to detail, and experience with project management methodologies (e.g., Agile, Kanban) and tools (e.g., JIRA or similar).

• Security & Risk Knowledge: Familiarity with offensive security operations (red teaming, penetration testing, vulnerability management) and a solid understanding of the risk management lifecycle. Experience translating technical findings into business risk terms and managing a risk register or similar tracking system. Ideally, knowledgeable about frameworks like MITRE ATT&CK and risk assessment standards to contextually prioritize threats.

• Communication & Stakeholder Management: Exceptional written and verbal communication skills. Proven ability to interface with technical teams and business leadership alike, convening meetings and delivering clear updates and readouts. Strong influence and relationship-building skills to manage expectations, negotiate schedules, and drive remediation efforts across cross-functional teams (engineering, security operations, risk, fraud). A track record of building trust through organized, reliable program execution.

• Education & Certifications: Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent experience. Project management training or certification (e.g., PMP, Agile/Scrum certification) is highly valued. Relevant security certifications (e.g., CISSP, CISM, or technical certs like OSCP) are a plus, demonstrating a mix of security domain knowledge and program management proficiency.

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.