Offensive Security Lead

Offensive Security Lead

Job Type: Permanent

Location:

Kingswood, Surrey
Department:
Global Cybersecurity Operations

Reports To:

Detection Engineering & Automation Manager - CDO (UK)
Level: 5

Final date to receive applications: 31 May 2026

We’ve been helping our clients build better financial futures for over 50 years by fostering teamwork across the globe. As part of Fidelity International’s Global Cyber & Information Security (GCIS) Group, the Global Cybersecurity Operations function develops a proactive, intelligence‑led cyber‑security response to defend against threats, reduce risk and business impact, and enable rapid response to incidents.

The Global Technology Group delivers IT services that underpin Fidelity’s core business functions. Within GCIS, the Cybersecurity Operations team supports infrastructure, data centre, network, security, incident management and remediation services that keep the organization operational.

The successful candidate will bring engineering expertise to security operations, championing automation and threat‑informed defenses. Your primary focus will be to drive continuous offensive security assurance by leveraging Breach and Attack Simulation (BAS) and running purple team exercises, thereby validating existing controls, identifying gaps, and driving remediation across the organization.

• Actively participate in purple team exercises with detection engineering teams to validate and improve defensive controls.
• Use Breach and Attack Simulation tooling to continuously assess security posture and identify gaps in detection and response.
• Ensure the BAS platform is fully embedded into security operations, providing continuous validation of security controls and clear assurance reporting.
• Translate BAS findings into prioritized remediation tasks and track progress with relevant stakeholders.
• Where gaps cannot be remediated, raise risks through internal governance processes and ensure visibility at the right level.
• Work with CTI to run adversary emulation exercises based on the top threat actors relevant to the organization.
• Collaborate with a wide range of stakeholders to ensure timely remediation of identified gaps and raise relevant risks.
• Provide clear, actionable reports and dashboards to leadership, highlighting gaps, remediation progress, and residual risks.

• Experience and strong understanding of frontline security operations.
• At least 4 years in Security Operations Engineering, including log onboarding, log assessment, detection use‑case development and upkeep.
• Proficiency in scripting languages required for automation (e.g., KQL, Python).
• Experience managing security solutions such as SIEM (Sentinel preferred), email protection, IDS/IPS, anti‑virus, EDR (Microsoft Defender), and ticketing tools like Service Now (Sec Ops).
• Strong experience in offensive security testing, purple teaming, or adversary emulation.
• Hands‑on experience with BAS platforms (e.g., Attack
  
  IQ, Safe Breach, Cymulate).
• Knowledge of MITRE ATT&CK, threat modelling, and attack chains.
• Ability to translate technical findings into actionable remediation plans.
• Excellent stakeholder management and communication skills.
• Banking or Finance industry experience desirable.

• Experience dealing with security incidents using the NIST framework.
• Certifications such as OSCP, OSCE, CEH, CHFI, CISSP or similar.
• Experience working with CTI teams and integrating threat intelligence into testing.
• Familiarity with cloud security testing and hybrid environments.

We offer a comprehensive benefits package, support your wellbeing and development, and provide flexible working options that balance personal and professional commitments. For more about our culture and future growth opportunities, visit care