Team Leader Offensive Security

We are a global company with offices in the US, Europe and Asia. In these centers, we carry out the various stages of product development, from initial concept to mass production of ready-to-sell units. We embrace a vertically integrated business model with strategic design, manufacturing, distribution, sales and support centers around the world to maximize our value to customers.

Garmin Cluj is a software engineering location within GARMIN, with over 500 colleagues working on the development of products in the aviation, automotive, fitness, outdoor, and marine sectors. We create products that are engineered on the inside for life on the outside. We do this so that our customers can make the most of the time they spend pursuing their passions.

The Team Leader for Offensive Cyber Security will lead and mentor a multidisciplinary red/pentest team delivering security testing across Garmin's web applications, APIs, mobile apps, infrastructure, hardware products etc. This role combines hands-on expertise with team leadership and program ownership to proactively identify, validate and drive remediation of vulnerabilities, improve testing methodologies, and improve our security posture.

We believe that collaboration leads to the best ideas, and we rely heavily on team interaction. As a hybrid role based in Cluj-Napoca, this position will require at least 3 days in the office each week.

Responsibilities

• Lead and develop the offensive security team: set priorities, coach, hire, and conduct regular skills assessments; establish a documented training plan and progression paths.
• Effectively communicate with stakeholders at different levels within the organization to ensure mitigation of cyber security risks in the environment. 
• Monitor progress of the team in meeting deliverables and schedule compliance.
• Pinpoint ways that attackers could exploit weaknesses in IT/security systems.
• Hands-on research and exploitation: perform vulnerability discovery and proof-of-concept validation; contribute tooling to speed repeatable testing.
• Provide relevant and accurate metrics using industry and Garmin standards of cyber threats.
• Guide, develop, document and assess pen testing in the response to incidents against the NIST framework to provide repeatable and measurable workflow.
• Assess technical skillset of the cyber security team and develop/execute a training plain in accordance with industry and Garmin standards.
• Measure feasibility of various approaches and makes recommendations.
• Understand and avoid potential threats and recommend counter measures for IT managed systems.
• Ensure that all security testing requirements are met or exceeded.
• After conducting thorough research and testing, document findings, write security reports, and discuss solutions with IT teams and management. Provide feedback and validation after security fixes are issued.
• Provide significant contributions to defining team roadmap and priorities.
• Recommend improvements to security policies, hardening guides, and baseline configurations; track emerging threats relevant to Garmin's ecosystem.
• Ensure testing follows legal/ethical boundaries, safe-harbor, data handling, and export controls; manage third-party/vendor assessments as needed.

Requirements

• Bachelor of Science Degree in Computer Science, Information Technology, Management Information Systems, Business or another relevant field AND a minimum of 5 years relevant experience OR equivalent combination of education and relevant years of experience.
• Demonstrated expertise in at least two of: web/API testing (OWASP Top 10, API Top 10), mobile app testing (MASVS), cloud/service-side security, embedded/IoT firmware and hardware interfaces, wireless protocols (BLE, Wi‑Fi).
• Excellent team leadership, prioritization, and project management, experience running multiple concurrent engagements.
• Consistently demonstrates quality and effectiveness in work documentation and organization.

Would be a plus

• Offensive certifications: OSCP, OSWE/OSWA, GXPN, GPEN, GWAPT, GMOB, OSCE3, OSED/OSEP etc.
• Management certs (CISSP, CISM).
• Experience with hardware hacking / reverse engineering.
• Contributions to CVEs, security research, or open-source security tooling; responsible disclosure track record.
• Community involvement (conferences, local security groups); ability to travel 1-2 times per year for 1-2 weeks.

Benefits

Benefits to enhance your experience:

• 24 days off each year plus extra vacation days based on years at Garmin and compensation for legal holidays.
• Health package subscription and yearly budget for glasses.
• Monthly budget for sports and wellbeing activities.
• Local and global career development programs (training, mentorship, technical and leadership development, and more).
• Access to e-learning platforms and support for technical conferences attendance.
• Loyalty bonus within the company, plus other special bonuses (for holidays and personal life events).
• Meal tickets.

Yours exclusively when part of our team:

• Significant discount for Garmin products.
• Employee stock purchase plan.
• Contribution to the retirement plan (Pillar 3).
• Garmin products available for testing and borrowing.
• A comprehensive event series championing wellbeing, sports, and community tailored to foster holistic health (featuring sports events, classes, hackathons, parties, and more).
• Other benefits which we invite you to discover along the recruitment process.

Garmin Cluj is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, religion, national origin, sex, age or disability.