WE ARE HIRING: Senior Engineer – IT Security

Location: Sri Lanka
Employment Type: Full-time
Company Industry: Banking

Role Overview

We are seeking a highly skilled and technically strong Senior Engineer – IT Security to support offensive security operations, red team engagements, threat emulation, purple team collaboration, and security control validation within the banking sector.

The selected candidate will be responsible for designing and executing authorized red team assessments, simulating real-world threat scenarios, identifying security weaknesses, supporting remediation planning, and collaborating with SOC, infrastructure, and application teams to strengthen the organization's overall cyber defense posture. This role requires strong offensive security experience, deep technical expertise, and a strong understanding of regulatory and compliance requirements in the financial services environment.

Key Responsibilities

Offensive Security & Red Team Operations

• Design and execute end-to-end red team engagements covering the full cyber kill chain, from initial access simulation to controlled data exfiltration validation.
• Simulate advanced threat actor tactics, techniques, and procedures using the MITRE ATT&CK framework.
• Develop threat playbooks based on real-world threat intelligence relevant to the banking and financial sector.
• Use Breach and Attack Simulation tools to support continuous validation of security controls.
• Maintain and manage secure red team infrastructure for authorized security assessments.
• Conduct deep-dive manual exploitation of web applications, mobile applications, and internal network environments beyond automated scanning.

Threat Emulation & Security Testing

• Develop authorized scripts, payloads, and assessment tools to test security controls and validate detection capabilities.
• Conduct social engineering assessments such as phishing, vishing, and smishing within approved rules of engagement.
• Identify unconventional attack paths and security gaps across systems, applications, networks, cloud, and containerized environments.
• Translate technical exploit chains into clear executive summaries and actionable remediation plans.
• Advise infrastructure and application teams on practical remediation strategies beyond simple patching.

Purple Team Collaboration & SOC Support

• Collaborate with the Security Operations Center to conduct purple team exercises.
• Measure and improve defensive detection and response capabilities.
• Support the SOC in creating and improving detection logic such as Sigma or YARA rules based on red team activity.
• Work closely with defensive teams to validate security monitoring, alerting, and incident response effectiveness.
• Guide teams in the remediation of identified vulnerabilities and track progress until closure.

Security Research, Tools & Continuous Improvement

• Research and introduce new tools, techniques, and methodologies to strengthen the organization's security posture.
• Monitor emerging threats, advisories, alerts, and vulnerabilities relevant to banking IT infrastructure.
• Recommend and support mitigation controls for identified threats and vulnerabilities.
• Participate in the implementation of new IT security projects identified by management.
• Support continuous improvement of offensive security processes, testing methodologies, and security validation activities.

Strategy, Governance & Compliance

• Assist in the development and enforcement of IT security policies, procedures, and standards.
• Ensure offensive security operations validate the effectiveness of controls required by compliance and regulatory frameworks.
• Support compliance requirements related to PCI DSS, ISO 27001, CBSL, SWIFT, NIST CSF, and other applicable standards.
• Participate in regulatory, compliance, and management-initiated audits.
• Provide timely responses and technical input for audit observations and remediation actions.

Candidate Profile

• Bachelor's degree in Information Technology, Computer Science, Information Security, Cyber Security, or a related discipline.
• Minimum 5+ years of experience in Offensive Security.
• At least 3 years of experience focused on Red Teaming or Advanced Penetration Testing.
• Professional certifications such as OSCE, OSCP, GRTP, CEH, eJPT, SSCP, ISACA CSXP, or GSEC will be an added advantage.
• Deep expertise in exploiting and assessing Windows / Active Directory environments.
• Proficiency in scripting or programming languages such as Python, PowerShell, Bash, or C#.
• Experience conducting adversarial emulation in cloud and containerized environments.
• Hands-on experience with offensive security frameworks such as Cobalt Strike, Metasploit, Havoc, or Brute Ratel.
• Strong understanding of MITRE ATT&CK and D3FEND frameworks.
• Strong knowledge of network applications, protocols, and related security implications, including TCP/IP, HTTP, TLS, SSH, and DNS.
• Good understanding of security technologies such as firewalls, EDR, SIEM, IPS/IDS, WAF, and MDM.
• Comprehensive knowledge of both Windows and Linux environments.
• Strong ability to think creatively and identify unconventional security weaknesses.
• Excellent communication skills with the ability to translate technical findings into business risk.
• Strong understanding of regulatory and compliance requirements such as PCI DSS, ISO 27001, NIST CSF, CBSL, and SWIFT will be an added advantage.
• Strong work ethics, strict adherence to Rules of Engagement, and high attention to detail during sensitive security operations.

Ready to take your career to new heights?

We're InTalent Asia, your go-to recruitment partner in Sri Lanka, and we've got an exciting opportunity for you! Our client is looking for a dynamic individual to fill the role of Senior Engineer – IT Security.

At InTalent Asia, we're not just recruiters; we're here to architect your career success. Join us in the journey of matching your skills with unparalleled opportunities.

Apply now and see how you can be the perfect fit for this exclusive position!

#InTalentAsia #CareerOpportunity #JobVacancy #ITSecurity #CyberSecurityJobs #RedTeam #BankingJobs #InformationSecurity #ElevateYourCareer