About the Opportunity Job Type: Permanent Application Deadline: 31 May 2026 Title: Offensive Security Lead Department: Global Cybersecurity Operations Location: Kingswood, Surrey Reports To: Detection Engineering & Automation Manger - CDO (UK) Level: 5 We’re proud to have been helping our clients build better financial futures for over 50 years. How have we achieved this? By working together - and supporting each other - all over the world. So, join FIL – Global Cybersecurity Operations and feel like you’re part of something bigger. Department Description The Global Cyber & Information Security function is a part of the Global Technology department. The Global Technology Group function provides IT services to the Fidelity International business. These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation. The Global Cybersecurity Operations function at Fidelity International is part of the Global Cyber & Information Security (GCIS) Group, reporting to the Head of Global Cyber & Information Security. Our mission is to develop an intelligence-led, proactive cyber security response to defend Fidelity and its assets from cyber threats, to reduce risk and business impact. We adopt an ‘assumed breach’ position using multiple in-depth capabilities for protection, detection and response along with established processes to enable rapid response when an event occurs. Purpose of your role The successful candidate will be experienced in security operations engineering, understanding the value of automated security actions and how this can enhance an analysts response to events. This is a critical role expected to build and maintain our security control portfolio and help mature our monitoring and response processes. The purpose of this role is to drive continuous offensive security assurance by leveraging Breach and Attack Simulation (BAS) and participating in purple team exercises. The successful candidate will ensure that BAS is fully operationalized to provide meaningful assurance, demonstrating how existing security controls defend against real-world attacks and identifying gaps where improvements are needed. This role will define and track remediation actions based on BAS findings, collaborate with Cyber and non-Cyber stakeholders to close gaps, and escalate risks where remediation is not possible. Additionally, the role will work closely with the Cyber Threat Intelligence (CTI) team to design and execute simulations based on the organization’s top threat actors, ensuring our defences are threat informed. By continuously validating controls and improving detection, this role will strengthen organizational resilience and reduce time to detect and respond to advanced threats. Key Responsibilities · Actively participate in purple team exercises with detection engineering teams to validate and improve defensive controls. · Use Breach and Attack Simulation tooling to continuously assess security posture and identify gaps in detection and response. · Ensure the Breach and Attack Simulation platform is fully embedded into security operations, providing continuous validation of security controls and clear assurance reporting. · Translate BAS findings into prioritized remediation tasks and track progress with relevant stakeholders. · Where gaps cannot be remediated, raise risks through internal governance processes and ensure visibility at the right level. · Work with CTI to run adversary emulation exercises based on the top threat actors relevant to the organization. · Collaborate with wide range of stakeholders to ensure timely remediation of identified gaps and raise relevant risks. · Provide clear, actionable reports and dashboards to leadership, highlighting gaps, remediation progress, and residual risks. Experience and Qualifications · Experience and strong understanding of frontline security operations. · At least 4 years of experience working in Security Operations Engineering with experience in Log On-boarding, Logging Assessment, detection use-case development and upkeep. · Competent in scripting languages required for automation e.g. KQL, Python, etc · Experience working with / managing security solutions like SIEM (Sentinel preferably), Email protection, IDS/IPS, Anti-Virus, EDR (Microsoft Defender), Ticketing tool like ServiceNow (SecOps) · Strong experience in offensive security testing, purple teaming, or adversary emulation. · Hands-on experience with Breach and Attack Simulation platforms (e.g., AttackIQ, SafeBreach, Cymulate). · Knowledge of MITRE ATT&CK, threat modelling, and attack chains. · Ability to translate technical findings into actionable remediation plans. · Excellent stakeholder management and communication skills. · Banking or Finance industry related experience desirable Nice to have · Experience dealing with security incidents using the NIST framework. · Certifications such as OSCP, OSCE, CEH, CHFI, CISSP or similar. · Experience working with CTI teams and integrating threat intelligence into testing. · Familiarity with cloud security testing and hybrid environments. Feel rewarded For starters, we’ll offer you a comprehensive benefits package. We’ll value your wellbeing and support your development. And we’ll be as flexible as we can about where and when you work – finding a balance that works for all of us. It’s all part of our commitment to making you feel motivated by the work you do and happy to be part of our team. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.