Senior Red Team Tester

Your role
We are expanding our global Red Team (Cyber Assurance Testing) and are looking for a skilled and experienced cyber security specialist to join us. This role will assist in the management of UBS's internal Cyber Assurance Testing service and play a lead role in the delivery of a growing number of regulatory red team engagements to satisfy the requirements and expectations of financial regulators across the globe.

Candidates will be expected to have some experience of engaging with red team testing and financial regulatory red team engagements (e.g. CBEST, iCAST, TIBER), ideally in a finance sector firm, regulatory or consultancy environment. We are looking for individuals with a deep interest in cyber security, and in particular the emulation of real-world offensive cyber-attacks.

The role will require strong project and stakeholder management skills, an inquisitive mind, an ability to think outside of the box, and a broad understanding of technical aspects of cyber security. Technical certifications such as CISSP, CCSP, CISM, CREST, OSCP, etc will be advantageous, but they are not a deal breaker.

Responsibilities will include:

• contributing to the management of UBS's internal Cyber Assurance Testing (CAT) service - supporting the ongoing internal testing process and delivery of output
• managing the planning, scoping, execution, and reporting of regulatory red team tests to satisfy regulatory testing frameworks such as CBEST, iCAST and TIBER
• onboarding, contracting and managing third-party red team vendors to deliver regulatory red team testing
• managing relationships with red team testing vendors, senior internal stakeholders, and regulators
• collaborating with blue teams and other cyber defense functions
• developing reports of findings, analysis, and recommendations for internal UBS stakeholders, and contributing to regulatory submissions
• delivering operational briefings and presentations to technical teams, non-technical stakeholders, and senior management
• providing technical cyber security expertise to UBS Group Compliance, Regulatory and Governance (GCRG) Cyber and Technology Risk Control

We offer a dynamic work environment with opportunities to grow and develop your technical skillset. You will be working with a talented and experienced team.

At UBS, we know that it's our people, with their diverse skills, experiences and backgrounds, who drive our ongoing success. We're dedicated to our craft and passionate about putting our people first, with new challenges, a supportive team, opportunities to grow and flexible working options when possible.

We're committed to disability inclusion and if you need reasonable accommodation/adjustments throughout our recruitment process, you can always contact us.

UBS is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills and experiences within our workforce.

You will be working as a member of the global Cyber Testing & Assurance team, which is a second line assurance testing function within Compliance & Operational Risk Control.

• a strong background and experience in cyber security related to the finance sector
• familiarity with red team testing, cyber-attack chains, and the tools, techniques and procedures used by advanced cyber threat actors
• familiarity with the major cyber security concerns of large finance sector organisations, as well as the primary defensive techniques and approaches deployed to address these
• experience of implementing or working with regulatory red team frameworks such as CBEST, iCAST and TIBER
• excellent written and spoken English, and the ability to describe highly technical and complex matters in a business-focused and risk-centric manner to a range of technical and senior stakeholders
• proven experience in managing senior stakeholders and relationships
• proven project management skills and personal organizational ability
• technical certifications such as CISSP, CCSP, CISM, CREST and OSCP would be advantageous, but are not essential