11 - Senior Manager, Information Security

Req ID: 131897
Region: Americas
Country: USA
State/Province: Texas
City: Richardson

General Overview

Functional Area: Information Technology (ITM)
Career Stream: IT Risk & Compliance (RAC)
Role: Senior Manager (SMG)
Job Title: Senior Manager, Information Security
Job Code: SMG-ITM-SECR
Job Level: Level 11
Direct/Indirect Indicator: Indirect

Summary

The Senior Manager, Information Security is responsible for proactively identifying, testing, and mitigating security gaps within the organization’s digital estate. Unlike a traditional SOC analyst who reacts to alerts, this role is offensive and architectural in nature. You will rigorously review security policies and architecture, continuously test the effectiveness of cybersecurity controls through simulation and validation exercises, and drive the remediation of identified weaknesses. The ideal candidate combines the mindset of an attacker with the discipline of an auditor to ensure the organization's defenses remain resilient against evolving threats.

Detailed Description

Performs tasks such as, but not limited to, the following:

1. Security Policy & Architecture Review
   
   • Review organizational security policies, standards, and procedures and analyze the existing cybersecurity architecture (network, cloud, endpoint, and application) to identify design flaws, misconfigurations, or logic gaps that could be exploited by insiders or external attackers.
   • Collaborate with security architects and engineering teams to recommend structural improvements that reduce the attack surface.
2. Continuous Control Validation (CCV) & Threat Hunting
   
   • Design and execute continuous control validation programs to test the efficacy of security tools (e.g., EDR, SIEM, Firewalls, DLP).
   • Perform proactive "purple team" exercises and threat hunts to identify silent failures in detection logic or blocking mechanisms.
   • Simulate real-world attack scenarios (e.g., lateral movement, data exfiltration, privilege escalation) to validate if existing controls trigger appropriate alerts and blocks.
3. Gap Analysis & Mitigation
   
   • Translate findings from architecture reviews and validation tests into actionable remediation plans.
   • Work cross-functionally with IT, DevOps, and GRC teams to close identified security gaps, ensuring that "quick fixes" do not introduce new risks.
   • Track and report on the "Time to Detect" and "Time to Remediate" metrics to demonstrate continuous improvement in the organization’s defensive posture.
4. Offensive Security Leadership
   
   • Serve as the internal subject matter expert on offensive security techniques, tactics, and procedures (TTPs).
   • Stay ahead of the latest threat intelligence and vulnerability disclosures to predict how they might impact the organization’s specific architecture.
   • Mentor junior analysts on threat hunting methodologies and offensive security mindset.

Knowledge/Skills/Competencies

• 8–10 years of hands-on experience in cybersecurity, with a specific focus on penetration testing, threat hunting, or security architecture.
• Proven experience in reviewing and auditing security policies and technical architectures for enterprise environments.
• Experience with Breach and Attack Simulation (BAS) tools (e.g., AttackIQ, Cymulate) or manual emulation frameworks (e.g., Atomic Red Team, MITRE CALDERA).
• Deep understanding of the MITRE ATT&CK framework and how to map specific controls to adversary tactics.
• Proficiency in scripting languages (Python, PowerShell, Bash) for automating hunts and validation tests.
• Strong knowledge of operating system internals (Windows, Linux) and network protocols (TCP/IP, DNS,
• Familiarity with security control platforms (SIEM, EDR, IDS/IPS, Firewalls) and how to bypass or test them.
• Analytical Thinking: Ability to look at a complex system and identify the weakest link.
• Communication: Ability to explain complex technical exploitation paths to non-technical stakeholders (e.g., explaining why a policy gap matters).
• Integrity: Unwavering ethical standards when conducting offensive operations against internal live systems.

Physical Demands

• Duties of this position are performed in a normal office environment.

• Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.

Typical Experience

• 8–10 years of hands-on experience in cybersecurity, with a specific focus on penetration testing, threat hunting, or security architecture.

Typical Education

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or equivalent experience.
• Mandatory Offensive Security Certification: Must hold at least one advanced certification such as OSCP (Offensive Security Certified Professional), GPEN (GIAC Penetration Tester), CEH (Certified Ethical Hacker) Practical, or CompTIA PenTest+.
• Additional certifications in security architecture (e.g., CISSP, CISM) or cloud security (e.g., CCSP, AWS Security Specialty) are highly desirable.
• Educational requirements may vary by geography.

Notes

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Celestica's policy on equal employment opportunity prohibits discrimination based on race, color, creed, religion, national origin, gender, sexual orientation, gender identity, age, marital status, veteran or disability status, or other characteristics protected by law.
This policy applies to hiring, promotion, discharge, pay, fringe benefits, job training, classification, referral and other aspects of employment and also states that retaliation against a person who files a charge of discrimination, participates in a discrimination proceeding, or otherwise opposes an unlawful employment practice will not be tolerated. All information will be kept confidential according to EEO guidelines.

COMPANY OVERVIEW:
Celestica (NYSE, TSX: CLS) enables the world's best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development – from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.

Celestica would like to thank all applicants, however, only qualified applicants will be contacted.
Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.

This location is a US ITAR facility and these positions will involve the release of export controlled goods either directly to employees or through the employee's movement within the facility. As such, Celestica will require necessary information from all applicants upon an applicant's acceptance of employment to determine if any export control exemptions or licenses must be filed.