Red Team Lead Engineer , Vice President

As a senior member of the Red Team within the cybersecurity organization, the Red Team Lead Engineer will guide and execute adversary‑emulation activities, threat‑informed security testing, and controlled offensive security operations. The Lead Engineer is responsible for ensuring all testing activities align with organizational standards, authorization requirements, and applicable regulatory expectations, and that they are conducted safely within approved scopes and environments.
 

The Red Team Lead Engineer will design and lead comprehensive, intelligence‑driven assessments across enterprise applications, platforms, cloud services, and critical infrastructure. These assessments evaluate both technical security controls and the effectiveness of detection, prevention, and incident‑response capabilities across the organization.
 

This role will collaborate with technical subject‑matter experts, security leadership, process and risk stakeholders, cyber threat intelligence analysts, defensive operations teams, and business system owners to ensure testing scenarios accurately represent realistic adversary behaviors and align with enterprise risk priorities. The Lead Engineer is expected to bring deep technical expertise across core security control domains, including identity and access management, data protection, secure software practices, cloud and infrastructure security, endpoint and detection technologies, network security, and vulnerability and threat management. Knowledge of security monitoring, detection engineering, and incident‑response workflows further supports effective evaluation of organizational defenses.

As a senior role, the Red Team Lead Engineer will also contribute to methodology refinement, scenario development, process improvement, documentation standards, and cross‑team coordination, helping advance the maturity and effectiveness of the overall testing program.

What you will be responsible for

• Lead and execute adversary‑emulation activities to assess organizational defenses and security control effectiveness.
• Oversee and perform targeted security assessments across applications, infrastructure, cloud platforms, and critical enterprise technologies.
• Guide team members, assign work, and review testing approaches for quality and safety.
• Collaborate with security, technology, and risk stakeholders to design realistic, threat‑informed testing scenarios.
• Evaluate detection and response capabilities and drive improvements through coordinated purple‑team efforts.
• Develop and refine testing methodologies, tooling standards, and reporting practices to mature the program.
• Deliver audit‑ready reports and provide guidance on remediation to reduce identified risks.
   

What we value

• Advanced proficiency in offensive security techniques and threat‑informed testing methodologies.
• Strong understanding of adversary behaviors and attack frameworks to guide scenario design.
• Broad, technical knowledge across networks, operating systems, cloud environments, and core security controls.
• Demonstrated analytical ability to identify core issues, interpret risk, and propose practical, evidence‑driven solutions.
• Strong organizational, time‑management, and prioritization skills in dynamic and high‑pressure environments.
• Commitment to maintaining awareness of emerging threats, vulnerabilities, and offensive security trends.
• Ability to develop or refine tools and automate tasks using common scripting languages.
• Demonstrated leadership in analyzing complex issues, shaping direction, and guiding team decision‑making.
• Excellent communication skills with the ability to distill complex technical concepts for diverse audiences.
• High integrity, professionalism, and sound judgment when handling sensitive information and operating under pressure.

Experience Desired

• Bachelor’s degree or equivalent advanced security experience.
• 4–6 years leading and/ or conducting penetration testing or red‑team activities.
• Broad expertise across networks, operating systems, cloud, and security controls.
• Strong knowledge of threat‑informed testing and attack frameworks.
• Experience coordinating with defensive teams to evaluate detections.
• Ability to script and automate tasks using common languages.
• Exceptional communication and reporting skills for diverse audiences.

Salary Range:

$110,000 - $185,000 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.

For a full overview, visit https://hrportal.ehr.com/statestreet/Home.

About State Street

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on jobs at StateStreet.com/careers

Read our CEO Statement

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.