Senior Security Testing Infrastructure Engineer

We are looking for a Senior Security Testing Infrastructure Engineer to join an offensive security team at a global financial institution.

• Advanced Linux (RHEL) and Windows Server administration
• Virtualisation — VMware, Hyper-V, or equivalent
• Cloud awareness — AWS or Azure (foundational level)
• Container technologies — Docker, Kubernetes (desirable)
• Asset management and configuration baseline maintenance
• Scripting — Python, Bash, PowerShell — expert level
• Infrastructure as Code — Terraform, Ansible — expert level
• CI/CD pipelines — GitLab CI, Jenkins, or equivalent — expert level
• Version control — Git / GitLab / GitHub
• Integration of security tools with ticketing and reporting platforms (e.g. Jira)
• Familiarity with offensive security tooling ecosystems (scanning engines, attack simulation platforms)
• Understanding of web application security standards — OWASP, CWE, CVE
• Ability to validate vulnerabilities and eliminate false positives
• Secure handling of sensitive testing data — credentials, exploit artefacts, production test data
• Basic understanding of exploitation and proof-of-concept development (Core level)
• Experience working in a regulated environment — banking or financial services preferred
• Ability to produce clear technical documentation in English
• Familiarity with access control principles, segregation of duties, and data protection standards
• Comfort with audit processes and internal governance frameworks

Nice to have:

• RHCSA (Red Hat Certified System Administrator)
• AWS Cloud Practitioner or equivalent
• Certified Kubernetes Administrator (CKA)
• HashiCorp Terraform Associate
• Experience with air-gapped or highly isolated environments
• Background in Tier-1 financial institutions

• Maintain and manage penetration testing infrastructure, including workstations, servers, virtual environments, and specialised hardware
• Administer internal security testing platforms (scanning engines, attack simulation tools, reporting systems), ensuring availability, stability, and performance
• Develop and maintain automation scripts, CI/CD pipelines, and tooling to improve testing efficiency and repeatability
• Manage test lab environments — provisioning, configuration management, access control, and secure data handling
• Perform patch management, software updates, and licensing oversight across the security testing ecosystem
• Troubleshoot infrastructure issues to minimise disruption to project delivery
• Ensure testing infrastructure complies with internal security policies, regulatory requirements, and data protection standards
• Maintain clear documentation of lab architecture, configurations, and operational procedures
• Support vendor evaluation and onboarding of new security testing technologies
• Collaborate with security, IT, and engineering teams on continuous improvement of testing capabilities

This position does not involve conducting penetration tests, assessing client systems, or producing vulnerability assessment reports. Candidates looking for an active red team or pen testing role should look elsewhere. This role is for someone who wants to build the machine — not operate it.