This Security Testing Operations (STO) Senior Associate role is crucial for the offensive testing programme across the group, protecting the business from sophisticated cyber threats. The role holder will plan and complete offensive security simulations, provide technical support for bug bounty and perimeter asset monitoring programmes, and support the development of tools or processes for high impact risk mitigation through automation. The applicant will be a domain authority on vulnerability exploitation and will work in a technical team with external partners, BISOs, the GSOC, and other entities. Role Responsibilities & Key Accountabilities: Plan, lead and carry out red teams / purple teams and penetration tests where you assume the role of a threat actor to meet specified objectives Co-ordinate with external 3rd party vendors to enable vulnerability discovery Provide constructive feedback to teams responsible for incident response and product development on their successes, failures and potential areas of improvement Study and replicate tactics, techniques and procedures used by modern attackers to improve the security of products and the corporate environment Efficiently report analysis and findings in the most accessible way (written reports, Jira, tickets, presentations, etc.) Develop, modify and extend tools/exploits that assist with execution of security assessments, including custom tools and automation. Experience Technology related Bachelor's Degree or equivalent experience and certifications in cyber security One or more of the following security certifications: OSCP, OSCE, OSEE, OSWE, CREST, GXPEN preferred Demonstrable experience in Red Teaming and Penetration Testing Minimum 3 years of deep, hands-on, technical security experience with technologies such as Firewalls, IDS/IPS, Web Proxies, DLP, Web Applications, Cryptography, Social Engineering, OSINT, Mobile platforms, Software Security, malware reverse engineering Deep technical understanding of enterprise operating system environments, Active Directory, and networking Validated understanding of security vulnerabilities and common software engineering flaws Familiarity with red teaming related regulations and frameworks (DORA/CBEST/TIBER) is nice to have Familiarity with Network Defence analytical models (Kill Chain, ATT&CK, etc.) Familiarity with popular scripting languages and ability to automate simple tasks. Experience working with Financial Services and Critical Infrastructure is a plus Strong verbal & written communication skills & presentation skills Ability to work in a fast-paced environment Problem solver and barrier breaker with initiative If you have a background in penetration testing or red teaming and are looking for your next career step, this is a superb opportunity for a high impact role in the industry