Red Team Engineer

State Street•Quincy, MA

About The Position

As a member of the Red Team within the Global Cyber Security group, the Red Team Engineer will serve as a core technical contributor for adversary‑emulation, threat‑informed security testing, and controlled offensive security operations. The engineer will execute activities in accordance with State Street’s standards and procedures, risk‑acceptance, and regulatory expectations, ensuring all work is conducted within approved environments, scopes, and authorization pathways. The Red Team Engineer will conduct comprehensive, intelligence‑driven assessments of enterprise applications, critical infrastructure components, and associated operational and technical security controls. These assessments evaluate not only the security posture of targeted systems but also the effectiveness of the organization’s detection, prevention, response, and governance capabilities. The Red Team Engineer will collaborate with technical experts across applications, platforms, and infrastructure, security leadership, and process stakeholders, threat intelligence and defensive analytics teams, security operations personnel, and business system owners to ensure testing scenarios reflect realistic adversary behaviors and enterprise risks. The role requires strong technical expertise and broad knowledge of core security control domains, including identity and access management, data protection, secure software development, cloud and infrastructure security, endpoint and detection technologies, network security, and enterprise vulnerability and threat management. Familiarity with security monitoring, detection engineering, and incident response processes further supports the evaluation of organizational defenses.

Requirements

Strong proficiency in offensive security techniques, including infrastructure, application, and cloud‑focused penetration testing.
Deep understanding of adversary behaviors and attack frameworks (e.g., MITRE ATT&CK) to inform realistic testing scenarios.
Familiarity with modern security tooling, assessment utilities, and red‑team‑oriented testing methodologies.
Ability to develop or adapt scripts and tools using common scripting languages.
Broad technical knowledge across networks, operating systems, identity systems, cloud services, and security controls.
Demonstrated analytical ability to identify core issues, interpret risk, and propose practical, evidence‑driven solutions.
Strong organizational, time‑management, and prioritization skills in dynamic and high‑pressure environments.
Ability to work independently while collaborating effectively with technical and non‑technical stakeholders.
Commitment to maintaining awareness of emerging threats, vulnerabilities, and offensive security trends.
High attention to detail and consistent delivery of accurate, high‑quality work.
Clear and professional communication skills, including the ability to simplify complex technical concepts.
Proven ability to handle sensitive information responsibly and operate with discretion and professionalism.

Nice To Haves

Bachelor’s degree or equivalent hands‑on security experience.
2–4 years in penetration testing or red‑team activities.
Broad experience with networks, operating systems, cloud, and security controls.
Familiarity with threat‑informed testing and attack frameworks.
Experience collaborating with defensive teams to validate detections.
Ability to script or automate tasks using common languages.
Strong reporting and communication skills across technical audiences.

Responsibilities

Execute authorized adversary‑emulation activities to assess defenses, security controls, and organizational resilience.
Perform targeted security assessments across applications, infrastructure, cloud platforms, and enterprise technologies.
Collaborate with cybersecurity, technology, and risk stakeholders to develop realistic, threat‑informed testing scenarios.
Evaluate detection and response capabilities and support improvement through coordinated purple‑team activities.
Operate within defined approval processes, scopes, authorization boundaries, and safe‑testing protocols.
Develop or adapt tools and techniques to support realistic testing, ensuring secure and compliant usage.
Produce clear, audit‑ready reporting and support remediation to reduce identified risks and strengthen defenses.

Benefits

our retirement savings plan (401K) with company match
insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages
paid-time off including vacation, sick leave, short term disability, and family care responsibilities
access to our Employee Assistance Program
incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans)
eligibility for certain tax advantaged savings plans
inclusive development opportunities
flexible work-life support
paid volunteer days
vibrant employee networks