Vulnerability Mgmt Lead

This role will serve as the senior technical leader and subject matter expert for adversary simulation, penetration testing, and red/purple team operations across the enterprise. Responsibilities include defining the strategic direction, methodology, and standards for offensive security engagements, mentoring team members, and driving program maturity. You will lead complex adversary emulation campaigns, oversee the quality of all offensive security deliverables, and advise leadership on emerging threat landscapes and capability investments needed to advance the organization's cyber resilience posture.The successful candidate will have solid foundational cybersecurity experience with deep expertise across multiple offensive security disciplines, a proven track record of leading engagement teams, and a passion for developing people and processes. This role reports to the Manager of Offensive Security and works closely with other members of Cybersecurity and Digital Technology teams to directly contribute to the organization's ability to detect, respond to, and defend against highly sophisticated targeted attacks.

Travel: Up to 10%

• Define and maintain the adversary simulation program's methodology, playbooks, rules of engagement, and quality standards across all offensive security engagements
• Lead and oversee complex Penetration Tests, Application Security Assessments, Red Team, and Purple Team operations from scoping through final reporting
• Identify and emulate the tactics, techniques, and procedures of advanced threat actors and threat groups targeting similar organizations and industries
• Combine cyber threat intelligence with vulnerability data to simulate relevant threats, evaluate incident response capabilities, and prepare security operations teams for worst-case scenarios
• Coordinate with third-party vendors on the scoping, execution, and review of external penetration tests and similar activities, ensuring contractual and methodological alignment
• Provide technical oversight and quality assurance on all engagement deliverables, ensuring findings are accurate, actionable, and aligned with industry best practices
• Drive the strategic roadmap for offensive security capabilities, identifying gaps in tooling, processes, and skills, and recommending investments to advance program maturity
• Mentor and develop junior and mid-level team members through hands-on coaching, technical training, and guided engagement participation
• Author and publish security standards, practices, guidelines, and processes for offensive security operations
• Deliver executive-level findings, risk narratives, and strategic improvement recommendations to stakeholders at all levels across the organization
• Research and integrate new tools, processes, and techniques to advance vulnerability analysis, adversary emulation, and threat management capabilities
• Develop custom tools, scripts, and exploits to enhance the team's offensive capabilities and address gaps in commercial tooling
• Conduct advanced research, penetration testing, and vulnerability assessments on external-facing resources and internal assets to determine enterprise risk exposure
• Maintain deep and current focus on the latest industry techniques, tools, research, and threat intelligence
• Recognize and appropriately manage confidential and sensitive information

• A Bachelor of Science degree in Cybersecurity, Computer Science, or a related technical discipline and typically 6-10 years of progressive experience.
• Knowledge of advanced cyber threats, threat intelligence, and adversary methods
• Demonstrated leadership experience, including mentoring staff, leading engagement teams, and driving program-level initiatives
• Excellent written and verbal communication skills with the ability to articulate both technical and abstract concepts in a clear and concise manner
• Excellent interpersonal skills and ability to create collaborative relationships across technical and business teams

Preferred Qualifications:

• Advanced offensive security certifications such as OSCP, OSCE, OSEP, GXPN, or CRTO; multiple certifications strongly preferred
• Certified Information Systems Security Professional (CISSP), Security+, CCNA Security, or equivalent certification
• Working knowledge of the NIST Cybersecurity Framework 2.0 and ISO27001
• Deep knowledge of advanced cyber threats, nation-state TTPs, adversary methodologies, and the cyber threat intelligence lifecycle
• Proficiency developing tools and writing code in two or more programming languages (Python, C/C++, C#, Go, PowerShell, etc.)
• 7+ years of experience coordinating and executing web application, network, and system penetration tests with expert-level understanding of OWASP Top 25 and CWE classificationsExperience designing and managing red team and purple team programs, including campaign planning, C2 infrastructure setup, and operational security
• Experience configuring and using Tenable, layer 7 firewalls, and other validation and continuous control assessment tools
• Experience with Splunk, Microsoft MCAS, vulnerability scanning, and source code scanning tools
• Experience in incident response, digital forensics, threat hunting, and blue team operations
• Strong project management skills with experience leading multiple concurrent engagements and coordinating cross-functional teams
• Experience operating in OT/ICS environments or critical infrastructure sectors
• Experience implementing and maturing a vulnerability management program

LyondellBasell is proud to provide a competitive total compensation package designed to reward excellence and support the well-being of our employees. Our Total Rewards package includes equitable and market-competitive base pay as well as locally relevant incentives, fostering a culture of pay-for-performance that recognizes both individual and company achievements.

We extend the following benefits to *eligible employees:

• Workplace Flexibility: The Company's Global Remote Work Policy allows eligible employees to request to work remotely up to two full days per standard work week at an approved location other than the designated worksite or office, such as at a home office with managerial approval.
• Comprehensive Health, Welfare, Life and Retirement Programs: Our comprehensive programs are aligned with local practices.




• 6% LYB match on 401(k) contribution
• 5% LYB cash balance pension plan accrual




• Comprehensive Well-being Benefits: Programs to support your physical, mental, financial, and social health, ensuring you receive the care you need, when you need it.
• Employee Stock Purchase Plan: The LYB ESPP offers a 10% discount on LYB stock for eligible employees in Germany, Italy, Netherlands, Spain, and US.
• Educational Assistance Program: To encourage self-development by providing financial aid for approved educational activities voluntarily undertaken by employees.
• Bravo Rewards Program: Recognizing outstanding employee contributions.
• Robust Medical and Life Insurance Packages: Offering a variety of coverage options to meet individual needs.
• Professional Development: Opportunities to learn and grow through training, mentoring, work experiences, community involvement, and team building activities.
• Competitive Vacation Policies: Generous annual leave to support your work-life balance.
• Global Adoption Policy: Support for employees expanding their families.
• Matching Gifts Program: Enhance the impact of your charitable contributions to qualified organizations.

*Eligibility for certain benefits and rewards programs will vary based on your job status, work location and/or the terms of any applicable collective bargaining agreement and may be changed from time to time without notice, subject to applicable law.