Information Security Red Team Engineer

The Red Team Engineer is responsible for simulating real-world cyberattacks to identify vulnerabilities and improve the organization’s security posture. This role involves penetration testing, exploit development, and vulnerability discovery to assess defenses across networks, applications, and physical environments. It requires the ability to design solutions for vulnerabilities identified and collaboration with Blue Team to enhance detection and response capabilities.

• Manage vulnerability scanning tools including recasting criticality based on the compensating controls and determining priority of remediation to meet SLAs.
• Conduct full‑scope red team engagements, including reconnaissance, exploitation, and post‑engagement reporting.
• Perform advanced penetration testing on networks, applications, cloud environments, and physical security systems.
• Develop and execute custom exploits and payloads to simulate sophisticated adversary tactics.
• Execute social engineering campaigns (phishing, vishing, physical intrusion) to test human security resilience.
• Assess and bypass security controls such as firewalls, IDS/IPS, and endpoint protection.
• Utilize OSINT techniques for reconnaissance and attack planning.
• Document findings and provide actionable remediation recommendations to stakeholders.
• Collaborate with Blue team to improve detection, response, and overall security posture.
• Stay current with emerging threats, zero‑day vulnerabilities, and advanced attack techniques.
• Continuously improve detection, protection, and response processes to address evolving threats.
• Ensure compliance with regulatory requirements, maintain audit logs, and provide security reporting to leadership.
• Works a regular and predictable schedule.

• Successful execution of red team engagements within defined scope and timelines.
• Quality and accuracy of vulnerability findings and recommendations.
• Reduction in exploitable vulnerabilities over time.
• Collaboration effectiveness with Blue and Purple Teams.
• Continuous improvement of attack simulation techniques and methodologies.

• Education / Certification: Bachelor’s degree in Cybersecurity or related field or equivalent experience.
• Certifications: OSCP, CEH, GIAC, CISSP, Security+.
• Required Knowledge: Deep understanding of attack frameworks (e.g., MITRE ATT&CK), penetration testing methodologies, and exploit development; knowledge of network protocols, operating systems, and application security; familiarity with NIST CSF 2.0 or other cybersecurity frameworks; understanding of financial institution risk and operations; familiarity with regulatory and compliance requirements.
• Experience: Minimum three years of experience in offensive security, penetration testing, or a related field; hands‑on experience with tools such as Metasploit, Cobalt Strike, Burp Suite, and custom scripting; demonstrated ability to work collaboratively with a broad range of constituencies.
• Skills / Abilities: Strong problem‑solving and critical‑thinking skills; ability to work under pressure and adapt to evolving attack scenarios; excellent written and verbal communication for technical reporting and executive briefings.

TALKING: Especially where one must frequently convey detailed or important instructions or ideas accurately, loudly, or quickly.

AVERAGE HEARING: Able to hear average or normal conversations and receive ordinary information.

REPETITIVE MOTION: Movements frequently and regularly required using the wrists, hands, and/or fingers.

AVERAGE VISUAL ABILITIES: Average, ordinary, visual acuity necessary to prepare or inspect documents or computer screen.

PHYSICAL STRENGTH: Sedentary work; sitting most of the time. Exerts up to 10 lbs. of force occasionally. (Almost all office jobs.)

NONE: No hazardous or significantly unpleasant conditions (such as in a typical office).

Probabilistic reasoning: Estimates likelihood of attack success, scenario weighting, and Bayesian.

Reasoning Ability: Adversarial and abductive thinking: Anticipates attacker goals and constructs plausible attack paths; chooses TTPs that align to objectives and engagement scope.

Systems thinking: Connects people, process, and technology; maps findings to frameworks (e.g., MITRE ATT&CK) to identify systemic control gaps.

Hypothesis‑driven testing: Formulates test hypotheses, defines success/failure criteria, and iteratively refines approach based on observed defender responses.

Decision‑making under uncertainty: Prioritizes actions and de‑escalation paths with incomplete information while maintaining Rules of Engagement (RoE).

Root‑cause analysis: Distills complex behaviors into clear, reproducible issues using structured techniques.

Signal correlation: Integrates outputs from logs, packet captures, EDR telemetry, and cloud audit trails to infer lateral movement and privilege escalation.

Risk‑based prioritization: Weighs exploitability and business impact to recommend remediation that maximizes risk reduction.

Operational security (OPSEC) judgment: Balances stealth vs. learning value, minimizing production impact while meeting engagement objectives.

Mathematics ability: updates as new evidence emerges.

Quantitative risk scoring: Applies CVSS and custom scoring models; translates severity, exposure, and impact into prioritized remediation.

Time‑series & trend analysis: Identifies anomalous patterns in telemetry; performs basic correlation/regression to surface control drift or emerging risks.

Performance & effort estimation: Produces defensible estimates for brute‑force feasibility, password‑cracking time, data‑exfiltration throughput, and engagement effort.

Ratios & benchmarking: Computes coverage, precision/recall for detections, control efficacy deltas pre/post‑engagement, and patch SLA adherence.

Language ability: Technical writing excellence: Produces precise test plans, daily status and final reports with reproducible steps, evidence, and remediation guidance.

Executive communication: Distills complex technical findings into clear business risk statements, options, and recommendations for senior leadership.

Cross‑functional collaboration: Communicates effectively with Blue Team and non‑technical parties; leads debriefs.

Standards & policy comprehension: Reads/interprets security policies, contracts, and regulatory requirements; ensures testing remains within authorized scope.

Instruction & coaching: Delivers briefings and training (e.g., phishing debriefs, attack path walk‑throughs) tailored to technical and non‑technical audiences.

Clarity and concision: Uses unambiguous language, consistent terminology, and audience‑appropriate visuals (attack trees, data‑flows, kill‑chains).

Feedback fluency: Incorporates and provides actionable feedback during purple‑team iterations; adjusts communication tone and depth to the audience.

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.