Senior Penetration Testing; Red Team

Job Description Summary

Enterprise Technology is a global organization within Transamerica. We provide dedicated application support to Transamerica and align with Aegon’s business units through technology. We are building the company’s AI environment, a flexible cloud experience for internal hosting, data governance frameworks, and security and stability for technology. Our goal is to help business units move quickly and deliver value to clients while keeping information safe.

The team is diverse, with over 1000 colleagues from multiple nationalities across locations including the UK, the US, the Netherlands, Hungary, Spain, and Hong Kong. We pursue a wide range of careers in areas such as application development, information security, infrastructure services, data & analytics, risk & controls, procurement, program management, and architecture, with a focus on development opportunities for employees.

The most important quality for new members is curiosity. We solve problems by applying existing knowledge to new situations. While mature processes exist, we continuously look for opportunities to improve and adapt to rapid changes in technology.

• Find new and creative ways to break technology through Red Team or Purple Team operations
• Plan, scope, and implement large-scale covert operations with sophisticated goals and significant impact
• Develop new adversary tools, techniques, or methodologies
• Engage in Threat Hunting opportunities with the Threat Hunters to discover and eradicate threats
• Participate in all phases of Red Team security operations
• Perform physical exploitation, network exploitation, and social engineering assessments against authorized targets
• Conduct network reconnaissance and open-source intelligence gathering
• Configure and safely utilize attack tools, tactics, and procedures against authorized targets
• Develop scripts, tools, or methodologies to enhance red-teaming capabilities
• Communicate findings and strategy to client stakeholders, including technical staff, executive leadership, and legal counsel
• Provide risk-appropriate and pragmatic recommendations to remediate identified flaws, vulnerabilities, and misconfigurations

• Do No Harm approach: operational objectives cannot come at the expense of others
• Growth mindset; excited for opportunities to solve new problems
• Helpful demeanor; trusted adversaries and trust needs to remain strong
• Customization of adversarial tools (e.g., Cobalt Strike BOFs, Mythic Agent profiles, and adding new exploits to MSF)
• Defender experience and knowledge, including using Splunk and risk identification
• Web application penetration testing assessments
• Social-engineering assessments (email, phone, or physical)
• Developing, extending, or modifying exploits, shell code, or exploit tools
• Network penetration testing and manipulation of network infrastructure
• Recent verifiable experience in information security and adversary simulation
• Knowledge of global cyber threats, threat actors, and TTPs targeting financial services
• Experience with Red, Blue, or Purple teaming exercises
• Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN
• 3+ years of Penetration Testing/Red Team experience
• Ability to define and communicate complex technical risk to varied audiences
• Proficiency with Microsoft Office; strong Excel and PowerPoint skills preferred
• Experience with systems such as Service Now, JIRA, or equivalent
• Ability to read, write, and speak English fluently
• Experience leading group discussions and presenting to diverse audiences
• Self-motivated with strong self-management skills

• Strong knowledge of penetration testing and covert Red Team operations in information security
• Bachelor’s degree in Information/Cyber Security, Information Risk Management, Information Systems, Computer Science, or related fields, or equivalent experience
• Active cybersecurity certifications
• Experience in insurance, payments, banking, or Fin Tech industries
• Strong Excel and PowerPoint skills

• Hybrid position requiring three days in office per week at Cedar Rapids, IA or Denver, CO
• Minimal travel may be required for training or team meetings
• Occasional work outside normal hours due to global support and meetings

The salary generally ranges between $100,000 and $140,000 annually. This estimate depends on qualifications, experience, geography, work-location designation (in-office, hybrid, remote), and operational needs. Salary may vary above or below the stated range as permitted by law. Eligible for an annual bonus based on company plan and individual performance at the company’s discretion. Applicants must be authorized to work in the U.S. We cannot sponsor visas at this time.

This is a hybrid position with three days in office per week in Denver or Cedar Rapids. Relocation assistance is not provided.

This job description is not a contract of employment. The company may change, add to, remove, or revoke terms at its discretion. For…