Job Description
We're looking for a hands-on security doer — someone who scopes, executes, and evaluates security tests end-to-end, both manually and through automation. You will operate across Red, Blue, and Defense functions under the CISO.
Ideal profile
Self-driven, thinks like an attacker, communicates like a consultant. Comfortable owning security engagements independently while thriving in a collaborative Red+Blue team dynamic within a regulated financial institution.
Responsibilities:
- Execute penetration tests — network, web/mobile apps, APIs, cloud, AD — manually and via automated tooling
- Run vulnerability assessments and adversary simulations (MITRE ATT&CK / TIBER-ID aligned)
- Validate and tune defensive controls — SIEM, EDR, WAF, IDS/IPS — in collaboration with Blue Team
- Produce clear pentest reports: risk-rated findings with actionable remediation for both tech and exec audiences