Security Analyst/Senior Security Analyst (Red Team) - ITDSGGR (Contractual) jobs in United States
cer-icon
Apply on Employer Site
company-logo

International Monetary Fund · 7 hours ago

Security Analyst/Senior Security Analyst (Red Team) - ITDSGGR (Contractual)

positionWashington, DC
timeFull-time
remoteOnsite
seniorityMid, Senior Level
date4+ years exp

The International Monetary Fund (IMF) is seeking a Security Analyst/Senior Security Analyst (Red Team) to join their Information Security and Governance division. This role is responsible for planning, executing, and managing adversarial simulation exercises to assess and improve the organization's security posture, leading offensive security assessments and collaborating with IT and cybersecurity teams.

FinanceFinancial ExchangesFinancial Services

Responsibilities

Perform Red and Purple Team assessments including adversarial emulation of cyber-attacks against the IMF’s IT environments
Support the Red Team lifecycle including designing, planning, executing, and reporting on adversary simulation efforts across the IMF
Support the design, plan, and execute security controls testing, purple team engagements, and automated adversary simulation exercises
Present complex Red Team engagement findings to non-technical audiences with the purpose of communicating business impact of discovered risks and the recommended risk treatment
Work closely with multi-disciplinary teams across the IT and information security functions to communicate and enable the appropriate understanding and properly address exploitable security gaps discovered throughout the execution of Purple and Red Team exercises
Adhere to all predefined rules of engagement before, during, and after the execution of all Red Team efforts
Drive continuous Red Team innovation and developments, constantly seeking to improve the Red Team service offering from both a technical perspective and strategic perspective
Support Red team capabilities through tool creation, research on techniques, incorporation of threat actor intelligence, internal presentations, and knowledge sharing
Develop and maintain in-depth Red Team documentation surrounding both technical and non-technical service functions and tasks

Qualification

Offensive SecurityRed TeamingBreachAttack SimulationMITRE ATT&CK FrameworkScripting LanguagesCloud SecurityC2 FrameworksExploit DevelopmentAnalytical SkillsEthical MindsetCommunication SkillsProblem-Solving SkillsAdaptability

Required

Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 10 years of relevant experience working in an offensive security/red teaming role including network, mobile, cloud, social engineering, scripting, etc
OR Advanced degree in Information Security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 4 years of relevant experience working in an offensive security/red teaming role including network, mobile, cloud, social engineering, scripting, etc
OSCP-Offensive Security Certified Professional or CRTO-Certified Red Team Operator or GIAC Penetration Tester (GPEN) certification (minimum required)
Experience working with breach and attack simulation (BAS) solutions to design realistic test cases, measure defensive coverage, and produce actionable remediation reports is required
Proficiency in scripting or programming languages (e.g., Python, PowerShell, or C) for automation, custom simulations, and reporting
A deep technical understanding of MITRE ATT&CK framework, threat actor, tactics, techniques, and procedures (TTPs)
Proven hands-on experience with industry leading C2 frameworks (Cobalt Strike, Nighthawk, Silver, Mythic, etc.)
Familiarity with exploit development, privilege escalation, lateral movement, and evasion techniques
Practical experience testing and defending Active Directory environments, cloud infrastructure (AWS, Azure, GCP), and container platforms (Docker, Kubernetes), including identifying attack paths and recommending mitigations
Knowledge of EDR evasion, memory injection, and obfuscation techniques
Deep technical skills in assessing and exploiting vulnerabilities across a variety of platforms, including Windows, Linux, and macOS environments, including Active Directory (AD) exploitation and privilege escalation techniques
Experience with tools used for wireless, web applications, and network security testing. Knowledge of a wide array of technologies, including network security, endpoint protection, cloud security, and SIEM systems
Excellent communication skills to document findings and collaborate across multi-disciplinary IT teams to develop documentation and explain technical details
Ability to work independently and collaboratively in high-pressure environments
Ethical mindset and discretion in handling sensitive information
Adaptability to rapidly changing threat landscapes and technologies
Strong analytical and problem-solving skills

Preferred

OSEE-Offensive Security Exploitation Expert (Preferred)
OSED-OffSec Exploit Developer (Preferred)
GXPN-GIAC Exploit Researcher And Advanced Penetration Tester (Preferred)

Company

International Monetary Fund

twittertwittertwitter
company-logo
International Monetary Fund works to foster global monetary cooperation, secure financial stability, and reduce poverty around the world.
dateFounded in 1945
location
Washington, District of Columbia, USA
people-size1001-5000 employees
web-link
http://www.imf.org/

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Kristalina Georgieva
Managing Director
linkedin

Recent News

The Express Tribune
'Seriously embraced' reforms of federal govt already yielding ‘fruits of action’: IMF chief
2026-01-24
Hindu Business Line
Ashwini Vaishnaw rejects IMF view on India’s AI ranking at Davos
2026-01-22
KPNews.com
Ukraine Has Done Its Part, Now Ukraine’s Friends Need to Do Theirs, IMF Managing Director Says
2026-01-22
Company data provided by crunchbase