Red Team Manager

1. Red Team Operations & Programme Leadership

• Design, plan, and execute full-scope red team engagements (network, application, cloud, social engineering, physical) against dtcpay's production and pre-production environments.
• Develop and maintain adversary emulation plans aligned with MITRE ATT&CK, TIBER-EU, and MAS TPRM threat intelligence.
• Lead purple-team exercises with the SOC and Blue Team to validate detection and response controls.
• Manage the end-to-end bug-bounty programme, triaging findings and coordinating remediation SLAs with engineering.
• Maintain the red team infrastructure (C2 frameworks, implants, phishing simulation platforms) to production-safe standards.

2. People & Team Management

• Hire, mentor, and retain a high-performing team of Red Team Operators, Penetration Testers, and Threat Intelligence Analysts.
• Define career paths, training budgets, and certification goals (OSCP, OSED, CRTO, PNPT, GXPN).
• Foster a culture of continuous learning, responsible disclosure, and professional ethics.
• Conduct regular skills assessments and rotate operators across specialisations (web, mobile, OT/IoT, cloud).

3. Technology Risk Management & Governance

• Translate red team findings into structured risk statements aligned with dtcpay's enterprise risk framework (ISO 31000, NIST RMF).
• Interface with the GRC team to update the risk register, contribute to board-level risk dashboards, and evidence remediation for auditors.
• Define and track KPIs / KRIs for offensive security: mean time to detect (MTTD), mean time to respond (MTTR), attack-surface-reduction metrics.
• Participate in third-party and supply-chain risk assessments for critical technology vendors.
• Represent offensive security in change-advisory and architecture review processes.

4. Regulatory Compliance & Privacy Requirements

• Ensure all red team activities are conducted within legal and regulatory boundaries across all operating jurisdictions, including obtaining appropriate written authorisations.
• Advise on security controls required to meet obligations under MAS TRM, PDPA, GDPR, UK GDPR, PDPD, and related frameworks.
• Collaborate with Legal and DPO to ensure personal data encountered during engagements is handled, minimised, and destroyed in compliance with applicable data-protection laws.
• Contribute to regulatory engagement: respond to MAS, ICO, and supervisory authority queries; prepare evidence packs for technology-risk examinations.
• Track regulatory developments and proactively update engagement rules of engagement and red team policies.

5. Reporting & Stakeholder Communication

• Produce executive-level and technical red team reports with clear risk ratings (CVSS, DREAD), business-impact narratives, and prioritised remediation roadmaps.
• Present findings to CISO, CTO, and Risk Committee; tailor communication to both technical and non-technical audiences.
• Maintain a historical findings database to trend residual risk over time and demonstrate programme maturity.

What We're Looking For:

• 8+ years of hands-on offensive security experience with at least 3 years in a team leadership or management capacity.
• Demonstrated expertise in adversary emulation, red team operations, and penetration testing across web applications, cloud (AWS/Azure/GCP), mobile (iOS/Android), APIs, and internal networks.
• Proven experience operating within a regulated financial-services or payment-industry environment.
• Deep working knowledge of MAS TRM Guidelines, UK GDPR / FCA Operational Resilience, GDPR, and DORA.
• Proficiency in red team tooling: Cobalt Strike / Brute Ratel, Sliver, Metasploit, Burp Suite Pro, BloodHound, Impacket, custom tooling development (Python, C#, PowerShell).
• Familiarity with cloud-native attack techniques (IAM abuse, SSRF, container escape, serverless exploitation).
• Exceptional written and verbal communication; ability to present technical risk findings to senior executives and board members.
• Bachelor's degree or higher in Computer Science, Information Security, or equivalent.

Preferred Certifications

• Offensive: OSCP / OSED / OSWE / OSMR, CRTO / CRTE, GXPN, PNPT, CCT INF / CRT
• Governance & Risk: CISSP, CISM, CRISC, CDPSE, CIPP/A or CIPP/E
• Cloud: AWS Security Specialty, Azure Security Engineer, Google PCSE

Preferred Experience

• Experience with TIBER-EU or iCAST (MAS Intelligence-led Cyber Attack Simulation Testing) engagements.
• Prior engagement with regulators (MAS, ICO, BNM, FCA) on technology-risk or security incidents.
• Exposure to blockchain, digital-asset custody, or crypto-payment infrastructure security testing.
• Experience building or scaling red team programmes from the ground up.