Sr. Security Engineer - Red Team - NY

About The Position

Requirements

• 5+ years’ experience wielding industry-standard penetration testing and adversary emulation tools (e.g., Cobalt Strike, Sliver, Mythic, Bloodhound, Burp Suite).
• Expert understanding of the MITRE ATT&CK Framework and advanced evasion techniques used to bypass modern security controls.
• Strong comprehension of the cyber kill chain and the full lifecycle of an Advanced Persistent Threat (APT) targeting financial institutions.
• Proficiency in at least one scripting language (e.g., Python, PowerShell) and experience with a compiled language (e.g., Go, C#) for tool development.
• Deep experience attacking and securing complex cloud, on-prem, and hybrid environments, from initial access through actions on objective.
• Solid knowledge of Windows and Linux system hardening concepts, Purple Team automation strategies, and vulnerability rating methodologies.
• Proven experience with security within at least one major cloud provider (e.g., AWS, Azure, GCP).

Nice To Haves

• Previous hands-on experience performing sophisticated adversary emulations/simulations specifically within the financial services sector.
• A recognized offensive security industry certification (e.g., OSCP, GPEN, GXPN, OSWE, eCPTX) demonstrating specialized, high-impact skills.
• Familiarity with modern enterprise security standards and frameworks (e.g., TIBER-EU, CBEST, NIST CSF).
• Experience conducting offensive security exercises against emerging technologies, such as AI/ML systems or macOS.

Responsibilities

• Execute high-impact Red Team exercises against our complex hybrid cloud environments, driven by real-world threat intelligence and the MITRE ATT&CK Framework.
• Engineer and maintain robust Red and Purple Team infrastructure, continuously automating processes for efficiency and scale.
• Co-design and lead joint Purple Team exercises, directly partnering with cyber defense to improve detection and response capabilities.
• Innovate through continuous research into new offensive security TTPs (Tactics, Techniques, and Procedures) and drive knowledge transfer across the security organization.
• Conduct specialized, ad-hoc offensive security tests utilizing industry-leading and internally developed tooling to uncover subtle security gaps.
• Author comprehensive post-exercise reports, including detailed technical findings, compromise narratives, and strategic, risk-rated recommendations for remediation.
• Mentor cyber defense teams during incident investigations, providing critical subject matter expertise on attacker tradecraft and mindset.
• Champion security awareness and technical knowledge-sharing by collaborating with information security, technology, and business stakeholders.

Benefits

• competitive salary
• comprehensive benefits package
• annual target bonus opportunity
• opportunity to become an owner in the company through our broad-based equity program
• comprehensive health coverage
• retirement package that includes both a 401(k) and an active pension plan
• highly competitive education reimbursement provisions
• paid time off
• mental health benefit