The Internal Red Team sits inside the Cyber Defence tribe with Technology (1st Line Of Defence) and works hand-in-hand with our software-product squads to emulate sophisticated attackers, uncover weaknesses early in the Secure SDLC, and demonstrate continuous DORA compliance. You will own threat-led penetration testing (TLPT) exercises across our banking stack, provide actionable guidance to developers, and produce the evidence packs regulators expect under DORA Articles 23-27.

If you're passionate about offensive security, eager to work alongside top-tier engineers, and ready to make a real impact on the security of our banking systems, we want to hear from you. Apply now and help us stay one step ahead.

Duties and responsibilities

• Plan and execute intelligence-led red-team engagements (TIBER-EU test plan, scoping, rules of engagement, purple-team replays)
• Continuously test code and infrastructure in CI/CD - build automated adversary-simulation hooks that run alongside unit and integration tests so developers get feedback within minutes
• Map findings to MITRE ATT&CK and OWASP Top 10, create pull-request comments and secure-coding snippets the squads can drop into their backlog
• Run and coordinate TLPT, following the latest ECB TIBER-EU guidance and DORA Delegated Regulation on TLPT evidence, attestation, and remediation tracking
• Maintain the Red-Team toolchain (C2 frameworks, custom implants, specific exploits) and champion safe-testing practices to protect live customer services
• Deliver developer workshops, threat-modelling sessions, and post-engagement purple-team drills to strengthen detection and response playbooks
• Report metrics to senior management - coverage, mean-time-to-remediation, DORA TLPT readiness and shepherd corrective actions to closure

Required knowledge, skills and experience

• Proven experience in red-team operations, advanced penetration testing or offensive security engineering (3+ years)
• Hands-on expertise with threat-emulation frameworks (e.g., Cobalt Strike, Sliver, Atomic Red Team) and scripting (Python, PowerShell, Go, etc)
• Familiarity with TIBER-EU, CBEST, or equivalent TLPT standards, and ability to translate them into MeDirect’s risk-based testing programme
• Strong grasp of DevSecOps pipelines (IaC scanning, container security, SAST/DAST) and modern public-cloud environments
• Ability to communicate complex attack paths to both engineers and executives, drafting clear remediation plans and DORA attestation artefacts
• Relevant certifications (OSCE-3, CRTO, CCSAS, GIAC GCPN/TLPT) are an asset