Senior Red Team Operator

Join to apply for the Senior Red Team Operator role at Sun Life

The primary objectives for the Information Security team are to protect confidential and sensitive information and to maintain operational stability from cyber-attacks. Offensive Security (Red Team) members perform assessments to proactively identify security exposures beyond traditional penetration testing. A successful senior red team operator must possess diverse competencies to simulate cyberattacks and identify vulnerabilities effectively.

• Plan, execute, and report on Red Team assessments, attack simulations, and adversary emulation exercises.
• Perform network, web, and mobile application testing, source code reviews, threat analysis, and social engineering assessments.
• Develop scripts, tools, and programs for Red Team operations.
• Manage and improve a secure cloud-based C2 environment (AWS, Azure, GCP, Digital Ocean).
• Develop security control evasion and bypass techniques.
• Collaborate on testing detection capabilities through Purple and Red Team exercises.
• Research latest threats and adhere to Red Team Framework guidelines.
• Produce regular reports on security vulnerabilities and trends.

• 5-7 years’ experience in offensive security or penetration testing.
• Degree in computer science, engineering, or security.
• Experience in offensive security programming: C, C++, ASM, C#, JavaScript, PowerShell, Rust, Nim.
• At least 2 years mentoring junior operators.
• At least 4 years delivering technical red team reports and briefings.
• Understanding of security concepts, trends, and practices.
• Creative problem-solving skills.
• Industry certifications such as OSCP, SANS, CEH, CISSP, CPTS are a plus.
• Knowledge of operating systems, network protocols, and configuration.
• Strong communication and report-writing skills.

• Experience leading grey/black hat engagements.
• Penetration testing in network, application, or mobile platforms.
• Reverse engineering skills, including x86.
• Experience with offensive security tools: Cobalt Strike, EDR Evasion, Malware techniques, Custom tooling.
• Proficiency in Active Directory exploitation (On-Prem and Cloud).
• Knowledge of OSINT, social engineering, and defense-in-depth concepts.
• Experience with cloud environments (AWS, Azure, Digital Ocean).
• Programming in interpreted (Ruby, Python, PHP) and compiled languages (Java, C, C++, Assembly).
• Understanding of Windows/Linux/UNIX/OSX internals.

The salary range is $84,000 to $138,000, dependent on location and experience. Sun Life values diversity and inclusion and welcomes applicants from all backgrounds. Accommodation requests can be made via email. We offer flexible work options and thank all applicants; only those selected for interviews will be contacted.