Elite Red Team Position This is not a mid-level role. This is not for lab-only testers. This is not compliance penetration testing. We are looking for operators who have personally executed real exploitation during professional engagements, not just vulnerability identification. Core Responsibilities Lead and execute advanced Red Team operations against enterprise environments. Simulate real-world attackers by performing: • Initial access exploitation• Privilege escalation• Credential harvesting• Active Directory attacks• Lateral movement across systems• Persistence techniques Achieve validated SYSTEM (Windows) or root (Linux) compromise during authorized Red Team exercises. Demonstrate realistic business impact through controlled exploitation scenarios. Document attack paths and produce clear technical reports describing: • exploitation methodology• attack chain progression• affected systems• business risk and remediation recommendations Mandatory Technical Requirements Candidates must demonstrate proven offensive security capability, including: • At least 10 real OS-level shell or RCE compromises personally executed during authorized engagements. • Experience executing multi-stage attack chains, including: Initial accessPrivilege escalationCredential harvestingLateral movement • Strong post-exploitation capability beyond initial shell access. • Practical experience exploiting enterprise Active Directory environments. Active Directory Attack Experience Candidates must demonstrate familiarity with common enterprise AD attack paths, including: KerberoastingAS-REP RoastingACL abuseNTLM relay attacksDCSync attacks Understanding of privilege escalation paths within Active Directory is expected. Post-Exploitation Capability Strong experience performing post-exploitation activities such as: • system enumeration• credential extraction• privilege escalation• lateral movement• persistence mechanisms Operators must be capable of continuing exploitation after initial access is obtained. Important Clarification The required exploitation experience must come from authorized professional environments, including: • enterprise penetration testing engagements• Red Team adversary simulation exercises• internal enterprise testing infrastructure The following do NOT count toward the required exploitation experience: HackTheBoxTryHackMeCTF challengesbasic lab environments Candidates must demonstrate real exploitation depth, not platform achievements. Technical Validation Process All candidates undergo a structured technical validation process before interviews. Initial evaluation includes: • written technical discussion• exploit chain explanations• scenario-based technical responses Voice or video interviews are conducted only after the technical validation stage is successfully completed. Required Experience Minimum 5+ years of hands-on offensive security experience, including professional work in: • Red Team operations• enterprise penetration testing• adversary simulation engagements Strong understanding of: • Active Directory attack paths• Kerberos abuse techniques• privilege escalation methods• credential harvesting techniques• lateral movement strategies Communication Requirements Strong written and spoken English communication skills. Candidates must be able to clearly explain: • the vulnerability exploited• how exploitation was performed• the resulting system compromise• the potential business impact Application Requirements Serious applicants only. Applications should include: • descriptions of real exploitation scenarios• technical write-ups (if available)• GitHub or research links (optional) Candidates unable to demonstrate real exploitation depth will not proceed. How to Apply Apply through our careers page: https://sentrabytedigitalsolusi.com/careers or send your application to: hr@sentrabytedigitalsolusi.com Before applying, please ensure you can clearly describe: 1. At least one exploitation scenario where you achieved OS-level shell access. 2. The exact access vector used. 3. The privilege level obtained. 4. Post-exploitation actions performed. Applications without technical detail will not be reviewed.

Role Description The Security Engineer I – IT Auditor will report to the Audits and Assessments Security Engineering Manager in the Technology Department. This role is responsible for assessing the design and testing operating effectiveness of general computer controls and application controls and will also be responsible for conducting third-party (vendor) risk assessments for vendors and other external partners. Work collaboratively with control operators. Assess the risk posed by potential findings and present the findings to the 3rd Party Auditors and senior management. The IT Auditor will also need to stay aware of emerging technologies and risks. - Perform third-party (vendor) risk assessments, including reviewing security and compliance documentation, identifying control gaps, tracking remediation items, and communicating results to stakeholders. - Assist in planning audits, executing audit work, and preparing audit reports. - Develop a keen understanding of IT risks and control activities for information systems, technical infrastructure, data centers, computer operations, and key applications. - Perform general and application control reviews for simple to complex computer information systems, like Linux, Windows, and databases such as SQL Server, Oracle, and cloud platforms such as Azure. - Provide recommendations to improve control posture and strengthen IT processes identified through the course of audits and control testing. - Prepare and present written and oral issues/reports and other technical information in a pertinent, concise, and accurate manner for distribution to management. - Keep abreast with new technologies and IT control frameworks such as NIST Cyber Security Framework, NIST 800-171 publications, and Cloud Security Frameworks. - Other duties as assigned. Qualifications - Minimum required: 1-3 years of applicable experience in internal or external IT auditing, or security compliance and/or relevant experience in information technology. - Bachelor’s Degree in Information Technology, Cybersecurity or related field with focus on information systems preferred. - Technical Certifications a plus. - Experience with a leading internal/external IT audit professional firm. - Knowledge of the Financial Services Industry preferred. Requirements - Possess a combination of technology, security, and analytics skills. - Intellectual curiosity to find new and unusual ways of how to solve cyber security issues. - Ability to approach cyber security challenges while keeping an eye on what is important. - Experience interpreting, analyzing, and maintaining systems. - Ability to create and maintain respectful, strong working relationships with both IT and business units to integrate security principles with business operations. - Strong client service orientation. - Ability to prioritize, plan and take initiative and be highly self-motivated. - Strong verbal and written communication skills; positive attitude; ability to work as a team member. - Experience in a high availability environment preferred.

• Be the Identity Security Guru • Architect and Define Solutions • Own the Technical Delivery • Strategic Client Engagement • Proactive Problem Solving • Drive Expansion & Adoption • Technical Enablement • Internal Collaboration • Operational Excellence

Role Overview We are seeking a delivery-driven Security Engineering Lead to own and execute enterprise-wide security initiatives end-to-end. This role demands a hands-on technical leader who can translate security strategy into measurable business outcomes across key domains such as Data Loss Prevention (DLP), Microsoft Purview, Privileged Access Management (PAM), Identity Governance, and Vulnerability Management. You will operate at the intersection of strategy, execution, and stakeholder influence, ensuring security programs are delivered with precision, accountability, and operational excellence. 🎯 Key Responsibilities 1. Security Program Leadership & Delivery - Own full lifecycle of enterprise security programs (planning → execution → closure) - Lead multiple concurrent initiatives with strong focus on timelines, cost, and outcomes - Establish governance frameworks, KPIs, and reporting cadence - Drive cross-functional execution across global and matrixed teams 2. Data Loss Prevention (DLP) & Microsoft Purview (Mandatory) - Design and implement enterprise-grade DLP strategies across endpoints, email, cloud, and networks - Lead implementation and optimization of Microsoft Purview DLP capabilities - Define and operationalise data classification and labeling frameworks - Balance policy enforcement with business usability - Establish monitoring, incident response, and reporting structures 3. Privileged Access Management (PAM) - Lead implementation and governance of PAM platforms - Enforce controls, including credential vaulting, session monitoring, and JIT access - Drive adoption across infrastructure and application teams - Identify, assess, and remediate privileged access risks 4. Password & Credential Security - Define enterprise password and credential management strategies - Integrate with SSO, MFA, and identity platforms - Ensure secure identity lifecycle management (joiner/mover/leaver) - Promote organisation-wide credential security awareness 5. Penetration Testing & Vulnerability Management - Lead enterprise vulnerability management programs - Manage penetration testing engagements (internal + vendors) - Drive red team / purple team exercises with actionable outcomes - Partner with engineering teams to validate and close vulnerabilities - Deliver executive-level risk reporting 6. Identity Governance & Access Control - Implement Identity Governance & Administration (IGA)frameworks - Automate access certification and review workflows - Enforce RBAC and least-privilege principles - Support audit readiness and compliance evidence management 7. Stakeholder & Executive Communication - Act as a trusted advisor to business and executive leadership - Present security posture, risks, and program outcomes clearly - Collaborate with Legal, Compliance, HR, and Finance teams - Foster a strong security-first culture across the organization ✅ Required Qualifications Experience - 12+ years in cybersecurity, with 5+ years in leadership roles - Proven track record delivering large-scale enterprise security programs - Hands-on expertise in at least 4 of the following: - DLP (Microsoft Purview mandatory) - PAM - Identity Governance (IGA) - Password/Credential Management - Penetration Testing / Vulnerability Management - Experience in regulated or enterprise-scale environments Technical Skills - Strong experience with enterprise security platforms across: - DLP (especially Microsoft Purview) - PAM tools - IAM / IGA platforms - Vulnerability management tools - Solid understanding of cloud security (Microsoft Azure preferred) - Scripting/automation (PowerShell, Python, etc.) Education - Bachelor’s degree in Computer Science, Information Security, or related field - A master’s degree is a plus Certifications (Preferred) - CISSP / CISM / CRISC - CEH / OSCP - Microsoft Security / Azure certifications - PMP or equivalent 🌟 Key Competencies - Strong ownership mindset with outcome-driven execution - Excellent executive communication & stakeholder management - Ability to bridge deep technical expertise with strategic vision - Strong risk assessment and decision-making capability - Comfortable operating in fast-paced, high-impact environments