Senior IT Security Analyst - Red Team

Senior IT Security Analyst - Red Team

About the Role:
As the Senior IT Security Analyst, you will lead objective-based assessments that simulate realistic adversary behaviors in a controlled, authorized manner. In this role, you will be required to demonstrate senior proficiency in assessment planning, stakeholder coordination, evidence-based reporting, risk communication, and collaboration with defensive teams to improve detection, response, and remediation outcomes. Your role will also include interfacing with internal business unit IT representatives and stakeholders at all levels during performance of your duties.

Responsibilities:

• Lead the planning, scoping, execution, reporting, and remediation tracking for senior red team assessments across Wolters Kluwer environments
• Design assessment objectives, rules of engagement, success criteria, and safety controls in partnership with CTC leadership, business units, legal, privacy, and technology stakeholders
• Conduct authorized red team assessments that evaluate enterprise resilience across applications, infrastructure, identity, cloud, endpoint, network, and security monitoring capabilities
• Perform adversary emulation and threat-informed control validation aligned to relevant frameworks such as MITRE ATT&CK, internal risk priorities, and current threat intelligence
• Translate red team findings into clear risk narratives, prioritized remediation actions, and executive-ready summaries for technical and non-technical audiences
• Partner with blue team, SOC, incident response, vulnerability management, and engineering teams to validate detection coverage and improve response playbooks
• Coordinate assessment logistics, communications, evidence handling, stakeholder briefings, and after-action reviews to ensure assessments are well governed and repeatable
• Mentor and guide junior and mid-level security analysts on red team assessment methodology, documentation quality, operational discipline, and professional conduct
• Identify systemic security themes from assessment results and recommend improvements to reduce enterprise attack paths and business risk
• Support remediation validation by retesting agreed findings and confirming that corrective actions address root causes rather than symptoms
• Maintain awareness of emerging attacker techniques, defensive countermeasures, and security assessment approaches relevant to WK technology environments
• Collaborate with threat intelligence teams to convert relevant threat information into realistic, controlled assessment scenarios
• Advise on technology solution implementation, security control selection, and monitoring/reporting of assessment outcomes and control performance
• Provide input based on policies, standards, and management guidance, and recommend improvements to red team operating procedures
• Complete work in an accurate, ethical, and controlled manner to meet Wolters Kluwer strategic security objectives
• Contribute to metrics, key performance indicators, trend analysis, and reporting that communicate red team assessment coverage, findings, risk reduction, and remediation progress
• Assist with secure configuration, hardening, and remediation discussions when red team findings identify control gaps or exploitable attack paths
• Respond to audit, regulatory, and customer inquiries by explaining red team assessment scope, methodology, governance, and security improvement outcomes as appropriate
• Work with business units to understand environment-specific risk, align assessment objectives to business priorities, and properly address identified security gaps
• Ensure red team work is compliant with WK enterprise policies, procedures, authorization requirements, and the CTC strategic plan
• Assist in the operationalization of new red team capabilities, assessment tooling, reporting templates, and continuous improvement processes
• Conduct training and knowledge-sharing sessions with other team members and cross-functional security partners
• Support incident response and investigation activities, as directed, by providing assessment context, attack-path analysis, and recommendations based on solid security principles
• Develop threat- and assessment-related communications that help improve WK security situational awareness, detection readiness, and resilience

Skills:

• Strong understanding of security principles including confidentiality, integrity, availability, access control, authentication, authorization, privacy, and non-repudiation
• Strong understanding of red team concepts, adversary emulation, control validation, detection engineering collaboration, and enterprise attack surface management.
• Experience planning and conducting authorized red team assessments across applications, infrastructure, cloud, identity, endpoint, and network environments
• Experience with offensive security assessment tools, scripting, safe testing practices, evidence capture, and repeatable documentation methodologies
• Understanding of common vulnerabilities, misconfigurations, attack paths, and control gaps, including how they arise and how they can be remediated
• Familiarity with Internet technologies, network protocols, network applications, identity services, cloud platforms, and enterprise security tooling
• Knowledge of network security, host/system security configuration, logging, monitoring, hardening, and detection opportunities relevant to red team outcomes
• Ability to define assessment scope, objectives, rules of engagement, success criteria, stakeholder communications, and risk controls
• Ability to synthesize technical evidence into practical security recommendations, risk themes, and measurable improvement actions
• Ability to collaborate with blue team, SOC, incident response, engineering, and vulnerability management teams to improve prevention, detection, and response capabilities
• Demonstrated ability to analyze ongoing assessment activity for safety, business impact, and the potential of a security incident
• Familiar with ITIL service management methodology and enterprise change/control processes
• Strong technical skills in security assessments of external service providers and management of partner suppliers

Our Interview Practices

To maintain a fair and genuine hiring process, we kindly ask that all candidates participate in interviews without the assistance of AI tools or external prompts. Our interview process is designed to assess your individual skills, experiences, and communication style. We value authenticity and want to ensure we’re getting to know you—not a digital assistant. To help maintain this integrity, we ask to remove virtual backgrounds and include in-person interviews in our hiring process. Please note that use of AI-generated responses or third-party support during interviews will be grounds for disqualification from the recruitment process.

Applicants may be required to appear onsite at a Wolters Kluwer office as part of the recruitment process.

Experience Level

Senior Level