Sr. Offensive Cyber Security Analyst

Role Summary

As a member of our Red Team, you will play a critical role in challenging assumptions and identifying unknown cyber and security vulnerabilities within our organization. Collaborating closely with our Incident Response and Cyber Threat Intelligence teams, you will use adversarial and cyber techniques to rigorously assess the resilience of our people, processes, and technologies against evolving security threats. When gaps in our cyber defenses are identified, you’ll work with peers and leadership to communicate findings and help guide effective security remediation strategies. Your work will include conducting penetration tests, designing and executing Red Team/Purple Team cyber exercises, and enhancing our security detection and response capabilities.

Responsibilities

• Conduct cyber penetration testing across enterprise networks, systems, and technology environments.
• Design, coordinate, and participate in Red Team and Purple Team security exercises.
• Support ongoing security attack simulation and validation programs.
• Identify, recommend, and implement security controls and detection measures in response to emerging cyber threats, collaborating with Incident Response and Cyber Threat Intelligence teams.
• Drive improvements to cybersecurity best practices, standards, and policies within the group.
• Collaborate with team members to enhance cyber and security processes and standards.

Business Knowledge:

• Translate cyber and security vulnerabilities into actionable solutions for technology teams.
• Demonstrate comprehensive understanding of cyber program objectives and security strategies.
• Maintain awareness of prevalent cyber threats and historical attacks targeting the Financial Services industry.

Qualifications

Required:

• Bachelor’s degree in IT, Cybersecurity, or a related technical discipline (or equivalent experience), plus 5+ years supporting a 24x7 global enterprise.
• Familiarity with Windows domain concepts in hybrid cloud security environments.
• Experience operating in cloud environments with a focus on cyber risk and security.
• Proven ability to identify cyber vulnerabilities in networks, systems, and applications using established penetration testing frameworks, security tools, and manual techniques.
• Strong understanding of web technologies (HTML, JavaScript, etc.) and related security vulnerabilities (OWASP Top 10, XSS, SQL Injection, filter bypassing).
• Deep knowledge of Windows operating systems, with familiarity in Unix, Linux, and macOS security.
• Ability to leverage the MITRE ATT&CK framework, Cyber Threat Intelligence, and Cybersecurity Awareness concepts.
• Understanding of security infrastructure such as firewalls, Intrusion Prevention Systems, Proxy Servers, Security Event Managers, and VPNs.
• Basic scripting/coding skills (Python or PowerShell preferred).
• Commitment to quality and meticulous attention to security detail.
• Leadership in work reviews and constructive feedback.
• Subject matter expertise in one or more cyber security programs.
• Strong written and verbal communication abilities.

Preferred:

• Information security certifications such as Offensive Security (OSCP/OSCE), SANS GIAC (GPEN, GWAPT, GXPN), or similar.
• Experience with Active Directory concepts and security vulnerabilities.
• Background in Financial Services cyber risk and security.
• System administration experience.