We're looking for a hands-on security doer — someone who scopes, executes, and evaluates security tests end-to-end, both manually and through automation. You will operate across Red, Blue, and Defense functions under the CISO.

Ideal profile

Self-driven, thinks like an attacker, communicates like a consultant. Comfortable owning security engagements independently while thriving in a collaborative Red+Blue team dynamic within a regulated financial institution.

Responsibilities:

• Execute penetration tests — network, web/mobile apps, APIs, cloud, AD — manually and via automated tooling
• Run vulnerability assessments and adversary simulations (MITRE ATT&CK / TIBER-ID aligned)
• Validate and tune defensive controls — SIEM, EDR, WAF, IDS/IPS — in collaboration with Blue Team
• Produce clear pentest reports: risk-rated findings with actionable remediation for both tech and exec audiences