Penetration Tester Specialist - Red Team

Are you curious, motivated, and forward-thinking? At FIS you’ll have the opportunity to work on some of the most challenging and relevant issues in financial services and technology. Our talented people empower us, and we believe in being part of a team that is open, collaborative, entrepreneurial, passionate and above all fun.

About the team

The Red Team is part of the broader Offensive Security team within FIS. The Red Team is responsible for designing and executing strategic offensive security operations against the FIS people, processes, and technology. We also work closely with Threat Intel and Blue Teams for adversary TTP emulation.

What you will be doing

FIS is looking for an experienced Senior Red Team Operator to join our dynamic team. This role involves designing, implementing, and conducting red/purple team operations and emulating threat actor tactics, techniques, and procedures. You will identify and exploit vulnerabilities, assess security postures, and provide actionable insights to strengthen our cybersecurity defenses.

• Develop and execute complex attack scenarios and simulations to emulate real-world threats and test the robustness of our cybersecurity measures.
• Collaborate with cross-functional teams to analyze security findings, prioritize remediation efforts, and recommend effective mitigation strategies.
• Create detailed reports outlining vulnerabilities, exploit techniques, and actionable recommendations for improving security posture.
• Conduct threat hunting and map the attack surface.
• Work with the business to review vulnerabilities and advise on remediation priorities.
• Stay updated on emerging security threats, attack techniques, and industry best practices to enhance offensive security methodologies.
• Research and development of custom tools and malware payloads to support operations.
• Provide technical expertise and guidance on offensive security techniques, tools, and procedures.
• Participate in knowledge-sharing activities, such as training sessions and workshops, to foster continuous learning and skill development within the organization.

What you bring:

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience and skills.
• At least one offensive security certification such as OSCP, OSCE, GPEN, or equivalent.
• 5+ years of experience in offensive security roles, including penetration testing, red/purple teaming, and ethical hacking.
• Strong knowledge of network, operating system, cloud, and web application security architecture.
• Proficiency in using offensive security tools such as Metasploit, Burp Suite, Nmap, Nuclei, and Kali Linux.
• Experience with command and control (C2) frameworks such as Cobalt Strike, Sliver, or Mythic.
• Well-versed in at least one scripting or programming language such as Python, C++, C#, Java, Go, PowerShell.
• Experience in creating custom tools and payloads that can evade defensive products.
• In-depth understanding of attack vectors, exploit techniques, and vulnerability assessment methodologies, with experience in applying MITRE ATT&CK.
• Excellent analytical skills with the ability to assess complex systems and identify security gaps.

Added bonus if you have:

• Experience in the FinTech or Banking industries.
• Familiarity with industry compliance standards and regulations (e.g., PCI DSS, ISO 27001, GDPR).
• Familiarity with CBEST or TIBER assessment frameworks.

What we offer you

• A competitive salary and benefits
• A variety of career development tools, resources and opportunities
• Varied and challenging work to help you grow your technical skillset

Privacy Statement

FIS is committed to protecting the privacy and security of all personal information that we process in order to provide services to our clients. For specific information on how FIS protects personal information online, please see the Online Privacy Notice.

Sourcing Model

Recruitment at FIS works primarily on a direct sourcing model; a relatively small portion of our hiring is through recruitment agencies. FIS does not accept resumes from recruitment agencies which are not on the preferred supplier list and is not responsible for any related fees for resumes submitted to job postings, our employees, or any other part of our company.

#pridepass