Key Responsibilities and Accountabilities

• Lead and manage Red Team activities including adversarial simulations, penetration testing, and exploit development.
• Develop and maintain Red Team strategy, methodologies, and annual testing roadmap aligned with organizational risks.
• Design and execute realistic attack scenarios mapped to frameworks such as MITRE ATT&CK, tailored to Wave Money’s threat landscape.
• Conduct penetration testing across applications, APIs, mobile, cloud, and on-premise environments.
• Conduct or supervise advanced assessments such as social engineering tests, phishing campaigns, lateral movement exercises, and privilege escalation tests.
• Perform exploit validation, verify severity ratings, and work with relevant teams to prioritize remediation.
• Drive continuous improvement of vulnerability management processes and ensure tracking and closure within agreed SLAs.
• Work closely with the Blue Team to share attack insights, improve detection rules, and test monitoring effectiveness.
• Conduct red team exercises to help validate SIEM, EDR, and SOAR use cases and response workflows.
• Provide clear post-engagement reports with technical details, impact analysis, and preventive measures.
• Review infrastructure, application, and cloud security designs to identify architectural weaknesses.
• Support secure SDLC activities by reviewing code deployments, CI/CD pipelines, and change requests from an offensive security perspective.
• Evaluate third-party solutions and integrations for potential attack vectors.
• Develop and maintain security guidelines, testing standards, security checklists, and other documentations.
• Provide training, mentoring, and hands-on labs for junior team members.
• Support organization-wide security awareness programs through controlled simulations and knowledge-sharing sessions.
• Prepare reports for senior leadership on testing coverage, findings, attack simulation trends, and long-term improvements.

Key Performance and Success Indicators

• Successful execution of planned penetration testing exercises within agreed timelines
• Measurable improvement in detection coverage and reduction of undetected attack paths.
• Timely reporting and effective communication of high-risk findings to stakeholders.
• Strong collaboration outcomes with Blue Team, demonstrated by improved alert quality and lower false negatives.
• Completion of vulnerability remediation activities within SLA and reduction in repeat findings.
• Delivery of high-quality attack simulation documentation, including root-cause analysis and prevention recommendations.
• Enhanced organization readiness through awareness programs, phishing simulations, and red/blue team exercises.

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or equivalent experience.
• Offensive security certifications such as OSCP, OSWE, OSEP, CREST CRT/CPT or similar are highly advantageous.
• 5–6 years of relevant experience in offensive security, penetration testing, or red team operations, along with a minimum of 2 years of experience leading or supervising a security testing or red team function.
• Previous experience in financial services, fintech, telecommunications, or other high-risk sectors is a strong advantage.
• Strong hands-on experience in web, API, and mobile application penetration testing, as well as infrastructure, network, and cloud environments (AWS/Azure).
• Proficient in scripting with Python, Bash, and PowerShell, and experienced in exploit development.
• Familiarity with frameworks and standards: MITRE ATT&CK, OWASP Top 10, OWASP MASVS, CIS Controls.
• Proficiency with industry tools such as Burp Suite, Metasploit, Nmap, Kali Linux suites, and commercial security testing platforms.
• Understanding of secure SDLC, CI/CD pipelines, and modern application architectures.
• Strong analytical, reporting, and communication skills to articulate technical findings to both technical and non-technical stakeholders.
• Able to work independently with strong problem-solving capabilities and attention to detail.