Full-Time
Manager – Offensive Security
Posted on 1/12/2026
Ivanti
1,001-5,000 employees
IT asset management and security solutions
No salary listed
Remote in USA
Remote
 Engineering Management (1) |
|---|
- Ten+ years of hands-on offensive security experience including penetration testing, vulnerability assessment, and ethical hacking.
- Leadership experience with the ability to influence without direct authority.
- Strong verbal and written communication skills for communicating with both engineering and business stakeholders.
- A solid understanding of common technology such as Active Directory, Office 365, cloud platforms (Amazon Web Services and Microsoft Azure), Windows, macOS and Linux operating systems, mobile operating systems, networking, and related technologies.
- Design, implement, and manage comprehensive offensive security programs including penetration testing, red team exercises, and security assessments.
- Lead internal and external penetration testing initiatives across web applications, mobile applications, network infrastructure, and cloud environments.
- Develop and maintain offensive security methodologies, frameworks, and testing procedures.
- Conduct advanced threat modelling and attack simulation exercises.
- Collaborate with development teams to integrate security testing into Software Development Life Cycle processes.
- Background in security research or academic security work.
- Solid understanding of application security standards (Open Web Application Security Project, Application Security Verification Standard, etc.).
- Experience leading a red team against a large, complex target is strongly preferred.
Ivanti provides IT asset management and security solutions for ITSM and IT operations, helping organizations manage devices, apps, and security across networks. Its Neurons platform unifies automation and security across cloud, on-premises, or hybrid deployments, while Ivanti Neurons for ITSM handles incidents, requests, and changes within workflows. The company differentiates itself by combining ITAM, ITSM, and security automation on one flexible platform, reducing IT complexity across multi-device environments. Its goal is to improve productivity and security in modern workplaces by simplifying operations and turning data into actionable guidance.
Company Size
1,001-5,000
Company Stage
Debt Financing
Total Funding
$390.6M
Headquarters
South Jordan, Utah
Founded
1985
Simplify's Take
What believers are saying
- Agentic AI self-service agent, released April 21, 2026, reduces IT workloads via autonomous resolutions.
- Jai Sahney's APJ SVP appointment accelerates growth leveraging 30 years at VMware and Omnissa.
- Maxtec partnership expands distribution across SADC and East Africa for digital transformation.
What critics are saying
- CVE-2026-1281 and CVE-2026-1340 enable unauthenticated RCE in EPMM, exploited since January 29, 2026.
- RPM patches fail post-upgrade, exposing 30% of EPMM instances to exploits by Q3 2026.
- ServiceNow's superior agentic AI captures Ivanti ITSM share within 6-12 months per Forrester.
What makes Ivanti unique
- Ivanti Neurons platform delivers agentic AI for autonomous ITSM ticket deflection with policy guardrails.
- Continuous Compliance in Patch Management auto-deploys out-of-band patches for regulatory adherence.
- Sovereign Cloud MDM edition ensures EU verifiable control for public tenders and regulated sectors.
Help us improve and share your feedback! Did you find this helpful?
Benefits
Flexible Work Hours
Professional Development Budget
Company News
Ivanti, a global enterprise IT and security software company, has appointed Jai Sahney as Senior Vice President for Asia Pacific and Japan. Sahney will focus on accelerating growth across the region, strengthening customer and partner engagement, and building a high-performance team aligned with Ivanti's strategy. Sahney brings nearly 30 years of experience in enterprise software and SaaS, most recently leading APAC business at Omnissa. He previously held senior positions at VMware, Dell Technologies and Cisco Systems, where he led SaaS transitions and built partner ecosystems whilst delivering regional growth. The appointment reinforces Ivanti's commitment to the APJ region as customers work to unify IT and security operations and move from AI experimentation to measurable outcomes.
Fortinet, Ivanti, Intel patch high-severity vulnerabilities. The bugs could lead to arbitrary code execution, privilege escalation, or authentication rate-limit bypass. | March 11, 2026 (8:10 AM ET) Fortinet, Ivanti, and Intel on Tuesday rolled out security fixes for dozens of vulnerabilities, including high-severity bugs that could be exploited for arbitrary code execution, privilege escalation, or security protection bypasses. Fortinet announced patches for 22 security defects across its products, including high-severity flaws in FortiWeb, FortiSwitchAXFixed, FortiManager, and FortiClientLinux. The FortiWeb, FortiSwitchAXFixed, and FortiManager issues could be exploited by remote, unauthenticated attackers to bypass the authentication rate limit or execute unauthorized code or commands. The FortiClientLinux weakness, described as a Symlink following vulnerability, could allow local attackers to escalate their privileges to root. On Tuesday, Fortinet also addressed medium- and low-severity flaws that could lead to data tampering, security protection bypasses, arbitrary code execution, information disclosure, denial-of-service (DoS), arbitrary command execution, privilege escalation, or social engineering attacks. Fortinet made no mention of any of these vulnerabilities being exploited in the wild. Ivanti rolled out fixes for a high-severity security defect in Desktop and Server Management (DSM) before version 2026.1.1 that could allow attackers to elevate their privileges, noting that it is not aware of the flaw being exploited. Intel published an advisory describing nine vulnerabilities in the UEFI for some Intel reference platforms, including five high-severity bugs that could lead to local code execution, privilege escalation, and information disclosure. UEFI firmware updates were released for over 45 Intel processor models affected by these security defects. None of these appears to have been exploited in the wild. Ionut Arghire is an international correspondent for SecurityWeek.
Critical Ivanti Endpoint Manager 0-day RCE vulnerabilities actively exploited in attacks. Two critical code-injection vulnerabilities have been disclosed in the Endpoint Manager Mobile (EPMM) platform, which are currently being actively exploited in real-world attacks. The security flaws, tracked as CVE-2026-1281 and CVE-2026-1340, allow unauthenticated attackers to execute arbitrary code remotely on vulnerable systems. The vulnerabilities carry a maximum CVSS severity score of 9.8 and affect multiple versions of EPMM, including 12.5.0.0, 12.6.0.0, and 12.7.0.0. According to Ivanti's security advisory published on January 29, 2026, the company is aware of a limited number of customer environments that have already been compromised at the time of disclosure. Active exploitation confirmed. Both vulnerabilities stem from code-injection weaknesses (CWE-94) that can be exploited without authentication or user interaction. The attack vector is network-based and low-complexity, enabling threat actors to compromise vulnerable EPMM instances remotely with minimal effort. Successful exploitation grants attackers complete control over the confidentiality, integrity, and availability of affected systems. Ivanti has released version-specific RPM patches to address the security flaws. At the same time, customers await the permanent fix scheduled for version 12.8.0.0 in Q1 2026. The temporary patches require no system downtime and do not impact feature functionality. However, administrators must reapply the RPM script after version upgrades. Organizations running EPMM should immediately apply the version-specific RPM patches available through Ivanti's support portal. Customers using versions 12.5.0.x through 12.7.0.x require RPM 12.x.0.x, while those on 12.5.1.0 or 12.6.1.0 should deploy RPM 12.x.1.x. The company emphasizes that only one patch is needed based on the deployed version. Ivanti recommends security-conscious organizations consider rebuilding EPMM environments and migrating data to replacement systems as the most conservative remediation approach. The company has provided technical analysis documentation with forensic guidance, though reliable indicators of compromise remain unavailable as investigations continue. Notably, other Ivanti products including Endpoint Manager (EPM), Neurons for MDM, and Sentry appliances are not affected by these vulnerabilities. Follow Cryptika on Google News, LinkedIn, and X for daily cybersecurity updates. Contact Cryptika to feature your stories. The post critical Ivanti Endpoint Manager 0-day RCE vulnerabilities actively exploited in attacks appeared first on cyber security News. Ivanti MobileIron API Access Flaw let Attackers Access Sensitive InformationAugust 3, 2023In "Cybersecurity News - Original News Source is cybersecuritynews.com"
Ivanti, a global enterprise IT and security software company, has unveiled AI-driven enhancements to its Neurons platform, introducing agentic AI capabilities, autonomous endpoint management and advanced asset visibility features. The updates include persona-based AI agents for IT service management that provide autonomous, goal-directed support through natural language interaction. The agentic AI customer preview launches in Q1 2026, with general availability later in the year. Ivanti's Autonomous Endpoint Management combines digital employee experience, unified endpoint management and security, using AI-powered automation to manage and protect devices. The company has also enhanced asset visibility through Ivanti Neurons for Discovery, offering comprehensive asset intelligence with embedded licence management and unified risk insights. Over 34,000 customers, including 85 Fortune 100 companies, use Ivanti's solutions.
Ivanti expands Neurons platform with agentic AI and autonomous endpoint management. Ivanti announced AI advancements to the Ivanti Neurons platform, introducing solutions that transform how IT and security teams harness AI-driven intelligence to achieve impactful business outcomes. These features include agentic AI capabilities for Ivanti Neurons for IT Service Management (ITSM), powerful autonomous endpoint management (AEM), and next-generation asset visibility in Ivanti Neurons for Discovery, providing IT and security teams with greater efficiency, deeper insights, and reduced risk. "Ivanti's AI vision is about transforming how organizations... More Ivanti introduced Ivanti Neurons for App Control, which safeguards devices from unauthorized applications. In addition, Ivanti released new analytics in the Ivanti Neurons platform and new features for Ivanti Neurons for Patch Management to enhance security and ensure compliance. With Ivanti's innovations and focus on exposure management, organizations can proactively... Angreifer missbrauchen Sicherheitslücken in Ivantis Endpoint Manager Mobile. Zudem wurde eine kritische Lücke in Neurons for ITSM entdeckt. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Ivanti: Lücken in EPMM attackiert, kritisches Leck in Neurons entdeckt Ivanti announced new features for Ivanti Neurons for Patch Management to help expand patch settings configuration to allow for multiple parallel deployment tasks such as regular maintenance, priority updates and zero-day response. Given the rise of cyber threats and speed of exploits being developed by threat actors, it is crucial...