Senior Red Team Operator

Join to apply for the Senior Red Team Operator role at BMO .

The Senior Red Team Operator reports to the Senior Manager of Red Team and provides execution and collaboration to a team of highly skilled offensive security engineers. This role is a subject matter expert to BMO businesses and functions on threat actor simulation exercises. It is responsible for planning and executing ethical hacking and adversary emulation campaigns to identify weaknesses in security controls, platforms and infrastructure hardening, application logic and physical security. The Senior Red Team Operator executes on strategic offensive security direction that is aligned with corporate business objectives, regulatory requirements and relevant attack scenarios.

Key Functions

• Adversarial Operations Technical Execution – Plans, implements, and leads technical execution of Red Team operation phases. Leads planned Red Team activities with a high degree of trust and integrity, adhering to rules of engagement and internal standard operating procedures. Familiar with modern adversarial tradecraft and able to advise during the planning and execution of Red Team operations on tactics, techniques and procedures utilized by modern adversaries.
• Team Leadership – Leads the execution of activities by specialized staff in Red Team campaigns aimed at identifying opportunities to enhance BMO security controls including malicious event detection, protection and response. Works with management and peers to foster the development of less experienced Red Team members.
• Subject Matter Expertise – Provides technical leadership as a Red and Purple Team subject matter expert to business areas, project teams and information security practitioners to apply and execute technology solutions. Leads efforts on the execution of Red Team operations including pre-engagement, engagement and post-engagement activities. Advises on the efficacy of current processes for Red Team activities and challenges with regard to security standards and the impact of the technology.
• Secure Testing – Performs adversarial and TTP simulation testing according to a structured process, including writing test plans, test cases and test reports. May include oversight and / or execution of the configuration and deployment of security testing software and application of results to security analysis.
• Information Security Risk Management – Works with leadership to mature red team reporting and remediation guidance in alignment with local and global regulatory requirements and internal risk management policies. Identifies security gaps and deficiencies by conducting risk assessments; recommends corrective action for identified vulnerabilities and weaknesses. Executes planning, testing, tracking, and advisory of necessary risk acceptance for identified security risks.

Key Skill Requirements

• 5+ years Offensive Security experience in roles such as penetration testing, manual application / web assessments, threat hunting, etc.
• 3+ years Red Team (threat actor simulation) experience in technical roles
• Strong written and verbal communication skills; ability to present complex technical observations to non-technical audiences
• Familiarity with adversarial tradecraft, threat intelligence ingestion and differentiation between penetration testing and red team assessments
• Demonstrates leadership in working with geographically distributed teams of cybersecurity professionals

Qualifications

• Zero Point Security Certified Red Team Operator (CRTO 2025 Edition) or equivalent
• Offensive Security Experienced Penetration Tester (OSEP) or equivalent
• Typically 7+ years of relevant experience and a post-secondary degree in Information Security, Computer Science, Engineering, or related field (or equivalent)
• Certifications and knowledge aligned with NIST CSF, ISO 27001 / 27002, and related information security concepts
• Strong problem solving, analytical thinking, and ability to work across teams

Technical Knowledge

• Strong working knowledge of Windows and Linux platforms, applications and TCP / IP network security
• Knowledge of multifaceted exploits and chained attacks; ability to emulate attack scenarios without detection
• Understanding of information security concepts and components of a comprehensive security program
• Understanding of vulnerability exploitation and identifying weaknesses in controls
• Advanced knowledge of application penetration testing
• Experience with customer payload development

Work Environment

• Self-motivated, results-oriented, and able to prioritize conflicting demands
• Strong organization, initiative and ability to collaborate with diverse stakeholders

Salary and Benefits

Salary range : $103,200.00 - $192,000.00. Pay type: Salaried. The total compensation package may include bonuses and benefits, varies by location, skills, experience and qualifications.

About Us

BMO is committed to an inclusive, equitable and accessible workplace. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter. For more details on total rewards, see our site.

Note to Recruiters

BMO does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes will be considered BMO property.

J-18808-Ljbffr