About Invesco

As one of the world’s leading independent global investment firms, Invesco is dedicated to rethinking possibilities for our clients. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world. If you're looking for challenging work, intelligent colleagues, and exposure across a global footprint, come explore your potential at Invesco.

What’s in it for you?

Our people are at the very core of our success. Invesco employees get more out of life through our comprehensive compensation and benefit offerings including:

• Flexible paid time off

• Hybrid work schedule

• 401(K) matching of 100% up to the first 6% with a discretionary supplemental contribution

• Health & wellbeing benefits

• Parental Leave benefits

• Employee stock purchase plan

Job Description Your Team:Our Red Team is a high‑impact security group that simulates real‑world cyber threats to help the organization stay ahead of emerging risks. The team operates like an in‑house “ethical adversary,” identifying weaknesses across cloud, network, application, and physical environments. By partnering closely with security operations and technology teams, they help strengthen defenses and improve response readiness. This group thrives on curiosity, collaboration, and creativity—constantly researching new attack techniques to keep the organization resilient.

Your Role:The Principal Red Team Operator is a senior technical role who conducts advanced adversary‑simulation exercises to uncover hidden security gaps. In this role, you’ll design and execute operations that mimic sophisticated attackers, perform penetration tests, and build test plans driven by real threat intelligence. You’ll collaborate with stakeholders across the organization, provide expert guidance on remediation, and deliver clear, actionable reporting. As a senior member of the team, you’ll also help shape testing strategy, mentor junior operators, and elevate the maturity of the program.

You Will Be Responsible For:

• Solicit input from stakeholders to identify testing needs and establish clear, well‑defined objectives and scope for testing

• Plan and execute Red Team operations and Purple Team exercises that mimic the Tactics, Techniques, and Procedures (TTPs) used by threat actors.

• Write reports based on exercise and testing output.

• Provide consulting services to stakeholders on remediation and mitigation strategies.

• Research industry trends and news sources for emerging threat patterns, attack techniques, and vulnerabilities.

• Write and customize testing tools and scripts to automate testing functions.

• Incorporate social engineering (e.g. phishing, vishing, and physical tailgating) into campaigns to exploit human vulnerabilities.

• Perform penetration tests on applications, networks, or other types of systems.

• Build threat models for various types of systems.

• Helping management develop the future vision for the testing program.

• Build positive relationships with peers and operations teams whose controls are under evaluation.

• Perform after hours testing in accordance with business requirements

• Other duties as assigned.

The Experience You Bring:

• Minimum 6 years of relevant experience in information security with 4 years in red team testing

• Prior experience with offensive tools, network penetration testing tools, scripting languages, command and control frameworks, programming languages (C, C++, C#), software vulnerabilities, exploits and malware development.

• Prior experience leveraging threat intelligence for operations planning such as TIBER or Advance Red Team testing frameworks.

• Proficient operational understanding of how to ascertain, validate, and employ data from sources that are generally available to the public.

• Fluent in the techniques that hackers utilize to attack an organization and understand how to pull information from large data sets and how to structure information for reuse

• Possess a solid understanding of enterprise-grade technologies including operating systems, databases, web applications & applicable monitoring tools

• Strong Network infrastructure & Security configuration knowledge.

• Prior experience of vulnerability management and application security.

• Familiarity with MITRE ATT&CK framework.

• OSCP or CRTO in good standing

Full Time / Part Time

Full time

Worker Type

Employee

Job Exempt (Yes / No)

Yes

Workplace Model

Pursuant to Invesco’s Workplace Policy, employees are expected to comply with the firm’s most current workplace model, which as of October 1, 2025, includes spending at least four full days each week working in an Invesco office. This reflects our belief that spending time together in the office helps us build stronger relationships, collaborate more easily, and support each other’s growth and development.

The above information on this description has been designed to indicate the general nature and level of work performed by employees within this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job. The job holder may be required to perform other duties as deemed appropriate by their manager from time to time.

Invesco's culture of inclusivity and its commitment to diversity in the workplace are demonstrated through our people practices. We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender, gender identity, sexual orientation, marital status, national origin, citizenship status, disability, age, or veteran status. Our equal opportunity employment efforts comply with all applicable U.S. state and federal laws governing non-discrimination in employment.