Senior Security Testing Infrastructure Engineer

This role is within an offensive security team at a global financial institution, focusing on building and maintaining the technical infrastructure that supports penetration testing activities.

Infrastructure & Systems:

• Advanced Linux (RHEL) and Windows Server administration
• Virtualisation technologies such as VMware, Hyper-V, or equivalent
• Foundational cloud knowledge in AWS or Azure
• Container technologies like Docker and Kubernetes (desirable)
• Asset management and configuration baseline maintenance

Automation & Tooling:

• Expert level scripting in Python, Bash, PowerShell
• Expert level Infrastructure as Code with Terraform and Ansible
• Expert level CI/CD pipeline management with GitLab CI, Jenkins, or equivalent
• Version control using Git / GitLab / GitHub
• Integration of security tools with ticketing and reporting platforms (e.g., Jira)
• Knowledge of HashiCorp Vault (desirable)

Security Knowledge:

• Familiarity with offensive security tooling ecosystems
• Understanding of web application security standards (OWASP, CWE, CVE)
• Ability to validate vulnerabilities and eliminate false positives
• Secure handling of sensitive testing data
• Basic understanding of exploitation and proof-of-concept development

Compliance & Governance:

• Experience in regulated environments, preferably banking or financial services
• Ability to produce clear technical documentation in English
• Familiarity with access control principles, segregation of duties, and data protection standards
• Comfort with audit processes and internal governance frameworks

Nice to have:

• RHCSA (Red Hat Certified System Administrator)
• AWS Cloud Practitioner or equivalent
• Certified Kubernetes Administrator (CKA)
• HashiCorp Terraform Associate
• Experience with air-gapped or highly isolated environments
• Background in Tier-1 financial institutions

• Maintain and manage penetration testing infrastructure, including workstations, servers, virtual environments, and specialised hardware
• Administer internal security testing platforms ensuring availability, stability, and performance
• Develop and maintain automation scripts, CI/CD pipelines, and tooling to improve testing efficiency and repeatability
• Manage test lab environments including provisioning, configuration management, access control, and secure data handling
• Perform patch management, software updates, and licensing oversight
• Troubleshoot infrastructure issues to minimise disruption
• Ensure compliance with internal security policies, regulatory requirements, and data protection standards
• Maintain documentation of lab architecture, configurations, and operational procedures
• Support vendor evaluation and onboarding of new security testing technologies
• Collaborate with security, IT, and engineering teams on continuous improvement of testing capabilities