Threat Emulation and Intelligence MD

About The Position

Requirements

• 15+ years in cybersecurity with deep experience in cyber threat intelligence and offensive security (red/purple teaming, adversary simulation) within complex, regulated environments.
• Demonstrated success leading multi‑disciplinary teams and programs at enterprise scale; proven ability to manage budgets and vendor ecosystems.
• Expert knowledge of threat‑led testing frameworks and financial‑sector regulatory programs (e.g., CBEST, iCAST, DORA/TIBER‑EU).
• Exceptional written and verbal communication skills, with a track record of concise executive reporting and board engagement.

Nice To Haves

• Advanced degree in cybersecurity, computer science, intelligence studies, or related field; industry certifications such as CISSP/CISM, GIAC GCTI, OSCP/OSCE or equivalent.
• Experience standing up fusion models that integrate CTI, hunt, detection engineering, and emulation under one operating framework.
• Exceptional communication and executive influence skills.

Responsibilities

• Build an enterprise threat emulation program with safe‑testing standards, scoping, rules of engagement, and executive approvals for production‑adjacent tests.
• Design and execute red team exercises, adversary emulation, and tabletop simulations mapped to MITRE ATT&CK and regulatory frameworks (CBEST, iCAST, DORA/TIBER‑EU).
• Run the full intelligence cycle to deliver strategic, operational, and tactical insights; maintain adversary profiles and campaign analysis.
• Develop intelligence programs focused on third‑party and customer ecosystems to identify emerging risks and supply‑chain threats.
• Oversee secure testing of critical applications, APIs, and customer‑facing platforms; ensure findings feed into SDLC and DevSecOps pipelines.
• Govern testing of core infrastructure, networks, and cloud environments; validate hardening and detection controls.
• Ensure readiness and execution of regulator‑mandated threat‑led testing programs; manage evidence, remediation, and audit alignment.
• Implement continuous discovery and monitoring of external and internal attack surfaces; prioritize exposures and drive remediation.
• Act as the primary liaison for government cybersecurity partners and industry information‑sharing groups (e.g., FS‑ISAC), representing the broader cyber organization in collaborative threat intelligence and resilience initiatives.
• Produce strategic, operational, and tactical intelligence products (daily briefs, campaign analysis, threat actor profiles, and executive summaries).

Benefits

• Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.
• For a full overview, visit https://hrportal.ehr.com/statestreet/Home.