Information Security Red Team Engineer

Join to apply for the Information Security Red Team Engineer role at Utah Community Credit Union (UCCU).

Work with our Blue Team to design, simulate, and defend against real‑world cyberattacks.

• Manage vulnerability scanning tools, recast criticality, and prioritize remediation to meet SLAs.
• Conduct full‑scope red‑team engagements: reconnaissance, exploitation, and post‑engagement reporting.
• Perform advanced penetration testing on networks, applications, cloud environments, and physical security systems.
• Develop and execute custom exploits and payloads to simulate sophisticated adversary tactics.
• Execute social engineering campaigns (phishing, vishing, physical intrusion) to test human security resilience.
• Assess and bypass security controls such as firewalls, IDS/IPS, and endpoint protection.
• Utilize OSINT techniques for reconnaissance and attack planning.
• Document findings and provide actionable remediation recommendations to stakeholders.
• Collaborate with Blue Team to improve detection, response, and overall security posture.
• Stay current with emerging threats, zero‑day vulnerabilities, and advanced attack techniques.
• Continuously improve detection, protection, and response processes.
• Ensure compliance with regulatory requirements, maintain audit logs, and provide security reporting to leadership.
• Maintain a regular and predictable schedule.

• Successfully execute red‑team engagements within defined scope and timelines.
• Deliver high‑quality, accurate vulnerability findings and recommendations.
• Reduce exploitable vulnerabilities over time.
• Effectively collaborate with Blue and Purple teams.
• Continuously improve attack simulation techniques and methodologies.

• Bachelor's degree in Cybersecurity or related field (or equivalent experience).
• OSCP, CEH, GIAC, CISSP, Security+ preferred.

• Deep understanding of attack frameworks (e.g., MITRE ATT&CK), penetration testing methodologies, and exploit development.
• Knowledge of network protocols, operating systems, and application security.
• Familiarity with NIST CSF 2.0 or other cybersecurity frameworks.
• Understanding of financial‑institution risk and operations.
• Familiarity with regulatory and compliance requirements.
• Minimum three years of experience in offensive security, penetration testing, or a related field.
• Hands‑on experience with tools such as Metasploit, Cobalt Strike, Burp Suite, and custom scripting.
• Demonstrated ability to collaborate effectively with a broad range of constituencies.

• Strong problem‑solving and critical‑thinking skills.
• Ability to work under pressure and adapt to evolving attack scenarios.
• Excellent written and verbal communication for technical reporting and executive briefings.

• Talking:
  Convey detailed or important instructions accurately, loudly, or quickly.
• Hearing:
  Able to hear normal conversations.
• Repetitive Motion:
  Frequent wrist, hand, or finger movements.
• Visual:
  Average visual acuity necessary to prepare or inspect documents or computer screens.
• Strength:
  Sedentary work; sitting most of the time; exert up to 10 lbs. occasionally.
• Working Conditions:
  
  No hazardous or significantly unpleasant conditions.

In accordance with the Americans with Disabilities Act, requirements may be modified to accommodate disabled individuals. No accommodations will be made that pose serious health or safety risks or undue hardship to the organization.

We are an at‑will employer. Employees may be terminated for any reason not prohibited by law.