Principal Red Team Operator​/Leader - Hybrid

About Us

We’re the world’s leading provider of secure financial messaging services, headquartered in Belgium. We are the way the world moves value – across borders, through cities and overseas. No other organisation can address the scale, precision, pace and trust that this demands, and we’re proud to support the global economy. We’re unique too. We were established to find a better way for the global financial community to move value – a reliable, safe and secure approach that the community can trust, completely.

We’re always striving to be better and are constantly evolving in an ever-changing landscape, without undermining that trust. Five decades on, our vibrant community reflects the complexity and diversity of the financial ecosystem. We innovate diligently, test exhaustively, then implement fast. In a connected and exciting era, our mission has never been more relevant. Swift now has a presence in 200+ countries and legal territories to serve a community of more than 12,000 banks and financial institutions.

• Architect, monitor and execute end‑to‑end adversary simulations across enterprise, cloud and hybrid infrastructures
• Lead and coordinate multi‑operator exploitation teams, managing simultaneous kill chains and campaign logistics
• Direct complex Red Team engagements from reconnaissance and initial access through persistence, lateral movement and data exfiltration
• Design and execute network, application, wireless, physical and cloud penetration tests
• Build, operate, and maintain Red Team infrastructure, including command‑and‑control (C2) ecosystems, phishing platforms and operational security (OPSEC) tooling
• Develop and operationalize custom tooling, payloads, automation and exploitation chains
• Research and implement advanced evasion techniques against SIEM, EDR, and XDR platforms
• Ensure operational realism, safety, and compliance with internal policy, legal constraints, and regulatory requirements
• Align Red Team operations with the MITRE ATT&CK framework and threat‑led industry testing standards

• Lead Purple Team exercises and translate offensive findings into prioritized defensive improvements
• Partner with SOC, Threat Intelligence, Risk Management, and Engineering teams to strengthen detection and response maturity
• Mentor and develop junior and mid‑level operators, sharing techniques, lessons learned, and tooling improvements
• Foster an environment of internal information sharing
• Interpret technical exploitation in the context of business risk and control effectiveness
• Communicate technical risk clearly to security leadership and key stakeholders
• Produce high‑quality After‑Action Reports (AARs), executive summaries, and technical documentation
• Ensure that all Red Team related processes adhere to governance and regulatory requirements

• Designs and leads complex Red Team engagements independently and as part of a broader campaign strategy
• Delivers realistic adversary simulations that measurably improve detection and response maturity
• Builds and maintains resilient, covert Red Team infrastructure and tooling ecosystems
• Develops novel exploitation techniques that stress modern defensive controls
• Produces clear, actionable reports aligned to business risk and regulatory expectations
• Strengthens Red Team capability through mentorship, process maturity, and tradecraft standardization
• Acts as a trusted deputy and technical authority for the Head of the Adversarial Emulation and Testing team

• Bachelor’s Degree in Computer Science or related field
• 10+ years of relevant experience
• Offensive Security Certified Professional (OSCP) or higher Offsec certification
• Proven experience leading and executing Red Team operations and adversary simulations
• Advanced skills across network, application, cloud, wireless and hybrid penetration testing
• Strong command of the exploitation lifecycle (reconnaissance, initial access, persistence, privilege escalation, lateral movement, data exfiltration)
• Experience with Active Directory exploitation, Linux privilege escalation,…