Senior Adversarial Emulation Consultant

Location:

4910 Tiedeman Road - Brooklyn, Ohio 44144

Position Summary

Our Cyber Adversary and Exposure Mgmt. team rolls up into Key’s broader Cyber Defense function within Corporate Information Security.  Cyber Defense’s mission is simple: We aim to Deter, Detect, Deny, and Disrupt adversaries through proactive threat centric defense.

The Senior Adversarial Emulation Consultant is a key member of the Cyber Defense Cyber Adversary and Exposure Mgmt. team, responsible for simulating advanced persistent threats (APTs) and emulating real-world adversaries to assess and improve KeyBank’s detection, response, and resilience capabilities. This role goes beyond traditional red teaming and penetration testing by incorporating threat intelligence, custom tooling, and stealthy tradecraft to test the effectiveness of security controls and incident response processes.

The ideal candidate will have deep experience in adversary simulation, red teaming, and offensive security operations across hybrid environments (on-prem, cloud, and physical). This role requires strong technical acumen, creativity, and the ability to communicate complex findings to both technical and executive audiences.

Key Responsibilities

• Lead and execute adversary emulation engagements using intelligence-driven threat scenarios aligned with frameworks such as MITRE ATT&CK.
• Design and conduct full-scope red team operations, including initial access, lateral movement, privilege escalation, and data exfiltration simulation.
• Conduct physical, external/internal, and wireless network assessments, as well as web and mobile application testing.
• Perform security assessments across cloud platforms (Google Cloud, Microsoft Azure, AWS) and embedded systems.
• Develop and test threat actor emulation tools, tactics, and procedures for the Red Team to employ on-demand in assessments of application, system, and network security controls.
• Employ these tools and techniques in the KeyBank environment with minimal supervision.
• Partner with the Cyber Threat Intelligence team to ensure Red Team capabilities and tactics accurately reflect the current threat landscape.
• Consult with cross-functional teams during project testing phases and architectural design reviews to ensure appropriate security controls are in place to mitigate threats.
• Coordinate and monitor third-party penetration testing engagements, ensuring alignment with requirements, effective communication, and timely, accurate reporting.
• Generate and publish Red Team metrics and reporting to track program effectiveness and stakeholder visibility.
• Lead efforts to track remediation of findings to completion through coordination with application and technology system owners.
• Expand the team’s capabilities through:
    - Creation of custom tools and automation frameworks.
    - Research and development of novel offensive techniques and tradecraft.
    - Incorporation of threat actor intelligence into emulation scenarios.
    - Delivery of internal presentations and knowledge-sharing sessions.
• Collaborate with the Cyber Threat Intelligence team to translate real-world TTPs into emulation plans.
• Evaluate the effectiveness of detection and response capabilities across SOC, EDR, SIEM, and other security layers.
• Provide detailed post-mortem reports and executive briefings with prioritized recommendations.
• Mentor junior team members and contribute to the development of adversarial tradecraft within the team.
• Partner with blue teams to conduct purple team exercises and improve detection engineering.
• Contribute to the continuous improvement of adversarial emulation methodologies, tooling, and documentation.

Required Qualifications

• Bachelor’s degree or equivalent work experience.
• 8+ years of experience in Red Team or Penetration Testing roles.
• Proficiency with Red Team tools and Command & Control (C2) frameworks.
• Strong scripting and programming skills in PowerShell, Python, JavaScript, Bash, Golang or similar languages.
• Deep understanding of Windows, Linux, Kali Linux, and macOS operating systems.
• Hands-on experience with one or more of the following:
• Google Cloud, Microsoft Azure, and AWS platforms.
• Advanced networking knowledge and experience with attack simulation.
• Familiarity with the MITRE ATT&CK framework and adversary TTPs.
• Deep understanding of one or more Penetration Testing Methodologies such as PTES, ISECOM, ISSAF, and OSSTMM
• Strong research and reporting skills.
• Willingness to travel for on-site assessments.

Preferred Certifications

• Offensive Security Certified Professional (OSCP)
• Offensive Security Certified Expert (OSCE)
• Offensive Security Experienced Penetration Tester (OSEP)
• Certified Red Team Professional (CRTP)
• GIAC Penetration Tester (GPEN)
• GIAC Web Application Penetration Tester (GWAPT)
• CREST Registered Penetration Tester / CBEST Qualifications

COMPENSATION AND BENEFITS

This position is eligible to earn a base salary in the range of $94,000 to $175,000 annually depending on location and job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance.

Please click here for a list of benefits for which this position is eligible.

Job Posting Expiration Date: 07/07/2025 KeyCorp is an Equal Opportunity Employer committed to sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.