Lead Application Security & Red Team Operations at I&M Bank

The role requires a strategic, hands-on cyber leader with deep expertise in threat emulation, vulnerability exploitation, and adversary simulation, as well as the ability to partner closely with other security and technology teams to strengthen the Group’s defensive posture.

Key Responsibilities

• Develop, implement, and maintain the Group’s Red Team strategy, ensuring realistic simulation of cyber threats, including advanced persistent threats (APTs), insider threats, and emerging attack vectors.
• Assist with CyberSecurity Forensics.
• Oversee targeted threat hunting initiatives, leveraging threat intelligence and advanced analytics to identify potential breaches and vulnerabilities.
• Collaborate with the Group SOC team to translate intelligence into actionable detection and defence improvements.
• Direct incident simulation and adversarial testing exercises to validate the effectiveness of security controls, processes, and incident response readiness.
• Lead red team/purple team engagements to evaluate the resilience of critical assets and infrastructure.
• Partner with the SOC, Technology, Risk, and Compliance teams to ensure defensive measures align with regulatory requirements, internal policies, and industry best practices.
• Establish and maintain key cyber resilience metrics, reporting to executive leadership and governance forums on threat trends, testing outcomes, and operational readiness.
• Select, deploy, and optimise advanced testing and adversary simulation tools and platforms to enhance operational capability.
• Embed cloud security controls in CI/CD.  Build, mentor, and retain a high-performing red team and application security workforce capable of countering evolving and sophisticated threats.

Job Specifications

Academic Qualifications

• Bachelor’s Degree in IT, Technology, Cyber Security, or a related field – mandatory
• Master’s Degree in Cyber Security, Information Assurance or a related field – desirable

Professional Qualifications / Membership to professional bodies/ Publication  

• Offensive Security Certifications
• Certified Red Team Certifications
• Certified Secure Software Lifecycle Proffessional (CSSLP)
• Cloud Pentester Certifications
• ISO/IEC 27001 Lead Implementer/Auditor 
• Membership in recognised cyber security professional associations (e.g., ISACA, SANS, ISC2)

Work Experience Required

• 10+ years of progressive experience in cyber security, with at least 5 years in a senior leadership role focused on Red Teaming, threat hunting, and adversary simulation within the financial services sector.
• Proven track record in planning and executing complex red team and penetration testing engagements against advanced threat actors.
• Hands-on expertise in exploitation techniques, attack path development, and evasion tactics.
• Strong background in vulnerability assessment, adversarial emulation frameworks (e.g., MITRE ATT&CK, CALDERA, C2 frameworks), and purple teaming.
• Demonstrated experience in integrating threat intelligence into testing and defence strategies.
• Familiarity with banking regulations, data protection laws, and industry cyber security standards (e.g., NIST, ISO 27001).