Senior Red Team Operator

Job Description

: Position Summary:

The primary objectives for the Information Security team are to protect confidential and sensitive information and to maintain operational stability resulting from cyber-attacks. Offensive Security (Red Team) members contribute to these objectives by performing assessments that proactively identify security exposures within the Sun Life environment that go beyond the realm of traditional penetration testing. A successful senior red team operator, specializing in offensive security, must possess a diverse set of competencies to effectively simulate cyberattacks and identify vulnerabilities within an organization's systems. Firstly, a deep understanding of various attack vectors and techniques is essential, including knowledge of malware, social engineering, and exploit development. Additionally, proficiency in network and application penetration testing is crucial for identifying weaknesses in infrastructure and software. Strong analytical skills are necessary to assess risks and prioritize targets accurately. Effective communication skills are vital for conveying findings and recommendations to stakeholders. Finally, adaptability and creativity are indispensable traits for devising innovative attack strategies and staying ahead of evolving threats in the cybersecurity landscape.

What you will do

The essential functions and responsibilities of this position include but are not limited to the following:

Offensive Security Program Ownership

- Own the end‑to‑end offensive security lifecycle, including planning, scoping, scheduling, execution oversight, reporting, remediation tracking, and closure

- Define and continuously improve offensive security processes, playbooks, standards, and engagement models

- Ensure offensive security activities align with enterprise risk priorities, threat intelligence, and regulatory expectations

Planning, Scheduling & Coordination

- Lead annual and quarterly offensive security planning, ensuring coverage across critical assets, applications, and business services

- Coordinate schedules for Red Team exercises, adversary emulation, purple team activities, and third‑party engagements

- Act as the single point of orchestration between Red Team operators, detection/defensive teams, engineering partners, and external vendors

Delivery Oversight (Red & Purple Team)

- Provide delivery oversight for Red Team assessments, adversary emulation exercises, and detection validation activities

- Ensure engagements are executed in accordance with approved rules of engagement, legal, operational, and risk constraints

- Support Purple Team exercises by ensuring findings are actionable and mapped to detection and response improvements (e.g., MITRE ATT&CK)

Remediation Tracking & Issue Management

- Own the lifecycle tracking of offensive security findings from identification through remediation and validation

- Partner with technology and engineering teams to ensure clear ownership, prioritization, and timelines for remediation

- Track exceptions, compensating controls, and deferred risks in line with enterprise risk processes

- Validate closure of issues through retesting or evidence‑based assurance

Audit & Assurance Facilitation

- Act as the primary point of contact for audit, regulatory, and assurance activities related to offensive security

- Prepare evidence, artifacts, walkthroughs, and responses for internal audit, external audit, and regulatory reviews

- Ensure offensive security activities are defensible, repeatable, and well‑documented

Advisory & Stakeholder Engagement

- Provide advisory support to application, infrastructure, and platform teams on secure design and threat exposure

- Influence upstream risk reduction by advising on patterns observed through offensive testing

- Build strong working relationships across security, engineering, IT operations, and risk teams

Program Maturity & Continuous Improvement

- Identify opportunities to improve efficiency, coverage, and impact of offensive security activities

- Incorporate lessons learned, emerging threats, and control gaps into future plans

- Support capability uplift across offensive security, detection engineering, and vulnerability management

Position Requirements and Qualifications:

- 5-7 years’ experience in operational Cyber Security roles

- University degree in computer science, computer engineering or computer security.

- A strong understanding of information security concepts and security trends and practices

- Problem solving with creative solutions.

- Maintain high technical knowledge of systems and solutions.

- Industry certifications (SANS/CEH/CISSP) are a strong asset.

- Strong communication and presentation skills

Preferred knowledge or qualifications in the following:

- Defense in depth security concepts including CISA, MITRE, NIST, TIBAS, CREST, I-CRT, TIBER-EU frameworks.

- Service Now

- Confluence

Job Category:

IT - Technology Services Posting End Date:

10/07/2026