Who we are looking for

As a member of the Red Team within the Global Cyber Security group, the Red Team Engineer will serve as a core technical contributor for adversary‑emulation, threat‑informed security testing, and controlled offensive security operations. The engineer will execute activities in accordance with State Street’s standards and procedures, risk‑acceptance, and regulatory expectations, ensuring all work is conducted within approved environments, scopes, and authorization pathways.

The Red Team Engineer will conduct comprehensive, intelligence‑driven assessments of enterprise applications, critical infrastructure components, and associated operational and technical security controls. These assessments evaluate not only the security posture of targeted systems but also the effectiveness of the organization’s detection, prevention, response, and governance capabilities.

The Red Team Engineer will collaborate with technical experts across applications, platforms, and infrastructure, security leadership, and process stakeholders, threat intelligence and defensive analytics teams, security operations personnel, and business system owners to ensure testing scenarios reflect realistic adversary behaviors and enterprise risks. The role requires strong technical expertise and broad knowledge of core security control domains, including identity and access management, data protection, secure software development, cloud and infrastructure security, endpoint and detection technologies, network security, and enterprise vulnerability and threat management. Familiarity with security monitoring, detection engineering, and incident response processes further supports the evaluation of organizational defenses.

What you will be responsible for

• Execute authorized adversary‑emulation activities to assess defenses, security controls, and organizational resilience.
• Perform targeted security assessments across applications, infrastructure, cloud platforms, and enterprise technologies.
• Collaborate with cybersecurity, technology, and risk stakeholders to develop realistic, threat‑informed testing scenarios.
• Evaluate detection and response capabilities and support improvement through coordinated purple‑team activities.
• Operate within defined approval processes, scopes, authorization boundaries, and safe‑testing protocols.
• Develop or adapt tools and techniques to support realistic testing, ensuring secure and compliant usage.
• Produce clear, audit‑ready reporting and support remediation to reduce identified risks and strengthen defenses.

What we value

These skills will help you succeed in this role

• Strong proficiency in offensive security techniques, including infrastructure, application, and cloud‑focused penetration testing.
• Deep understanding of adversary behaviors and attack frameworks (e.g., MITRE ATT&CK) to inform realistic testing scenarios.
• Familiarity with modern security tooling, assessment utilities, and red‑team‑oriented testing methodologies.
• Ability to develop or adapt scripts and tools using common scripting languages.
• Broad technical knowledge across networks, operating systems, identity systems, cloud services, and security controls.
• Demonstrated analytical ability to identify core issues, interpret risk, and propose practical, evidence‑driven solutions.
• Strong organizational, time‑management, and prioritization skills in dynamic and high‑pressure environments.
• Ability to work independently while collaborating effectively with technical and non‑technical stakeholders.
• Commitment to maintaining awareness of emerging threats, vulnerabilities, and offensive security trends.
• High attention to detail and consistent delivery of accurate, high‑quality work.
• Clear and professional communication skills, including the ability to simplify complex technical concepts.
• Proven ability to handle sensitive information responsibly and operate with discretion and professionalism.

Education & Preferred Qualifications

• Bachelor’s degree or equivalent hands‑on security experience.
• 2–4 years in penetration testing or red‑team activities.
• Broad experience with networks, operating systems, cloud, and security controls.
• Familiarity with threat‑informed testing and attack frameworks.
• Experience collaborating with defensive teams to validate detections.
• Ability to script or automate tasks using common languages.
• Strong reporting and communication skills across technical audiences.

Salary Range:

$120,000 - $202,500 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.

For a full overview, visit https://hrportal.ehr.com/statestreet/Home.

About State Street

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on jobs at StateStreet.com/careers

Read our CEO Statement

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.