Red Team Engineer (Fintech)

TL;DR

Red Team Engineer (Fintech): Planning and executing full-scope adversary emulation operations across complex AWS-native infrastructure and payment services with an accent on manual exploitation, cloud security, and purple team collaboration. Focus on building a greenfield offensive security program, developing custom tooling, and translating attack paths into actionable detection use cases for the SOC.

Location: Hybrid (Warsaw, Nicosia, Kyiv, Lviv). Must be based in or able to work from these locations.

Company

hirify.global is a global payments orchestration platform empowering internet companies with robust financial infrastructure.

What you will do

• Plan and execute full-scope red team operations across external perimeters, web/API, and AWS infrastructure.
• Build and manage external testing programs, including structured pentests and bug bounty initiatives.
• Conduct purple team cycles with the SOC to assess detection coverage and provide concrete improvement recommendations.
• Develop custom offensive tooling and automate repeatable test scenarios to scale security coverage.
• Deliver risk-ranked reports with realistic impact analysis for both technical and management stakeholders.
• Validate security controls in production environments to ensure they function as intended.

Requirements

• 4+ years of experience in offensive security, penetration testing, or red team operations.
• Hands-on experience with adversary emulation mapped to MITRE ATT&CK in production environments.
• Advanced manual web and API exploitation skills, including OWASP Top 10.
• Deep cloud attack experience, specifically AWS (IAM abuse, privilege escalation, CI/CD).
• Proficiency in Python, Go, or Bash/PowerShell for custom tool development.
• Strong operational discipline regarding OPSEC, ethics, and handling sensitive financial data.

Nice to have

• Purple teaming experience and detection engineering knowledge.
• Familiarity with payment domain specifics like card processing flows, PCI DSS, and SWIFT.
• Contributions to open-source offensive tooling or published security research.

Culture & Benefits

• 30+ days of paid time off and unlimited sick leave.
• Comprehensive health coverage and wellness benefits.
• Creative freedom to define the offensive security program from scratch.
• Direct collaboration with leadership and a senior InfoSec team.
• Access to professional development through conferences and courses.