Job Description

Are you passionate about staying ahead of advanced cyber threats by engineering realistic adversary simulations at scale?
As a Engineering and Threat Emulation Expert Lead at ING, you will shape how we proactively test, validate, and continuously improve our cyber defences using engineering‑driven threat emulation, automation, and MLOps principles This role sits at the intersection of offensive security, detection engineering, and data‑driven security operations, with a direct impact on ING’s resilience against real‑world attackers.

The team
You will join ING’s Global Threat Management (GTM) team, a central capability within the CISO domain that focuses on intelligence‑driven, proactive defence.
The team focuses on continuous security validation, adversary simulation, and translating threat intelligence into measurable defensive outcomes You will act as an expert lead, setting direction, standards, and ways of working across threat emulation and threat engineering initiatives.

Roles and responsibilities
As a Engineering and Threat Emulation Expert Lead, you will be responsible for defining and executing ING’s threat emulation strategy with a strong engineering mindset:

• Lead the design and execution of advanced threat emulation scenarios, based on real adversary behavior (MITRE ATT&CK, APTs, criminal groups) relevant to the financial sector.
• Engineer and scale automated threat emulation frameworks, integrating tooling, scripts, and pipelines across on‑prem, cloud, and SaaS environments.
• Apply MLOps and data engineering principles to continuously validate detections, controls, and response capabilities using repeatable, measurable testing.
• Translate threat intelligence into executable emulation use cases, ensuring alignment with current threat landscape and ING risk priorities.
• Partner with Detection Engineering and SOC teams to close gaps, improve signal quality, and validate end‑to‑end detection and response outcomes.
• Provide technical leadership and coaching to senior engineers and analysts, setting best practices for threat emulation and purple teaming.
• Report outcomes and insights to senior stakeholders, clearly articulating risk reduction, coverage gaps, and improvement priorities.

How to succeed
We hire smart people like you for your potential. Our biggest expectation is that you’ll stay curious. Keep learning. Take on responsibility. In return, we’ll back you to develop into an even more awesome version of yourself.

To be successful in this role, you will:

• Drive complex security problems to engineered solutions, using automation, code, and data rather than manual testing.
• Extensive experience in offensive security, threat emulation, red/purple teaming, detection engineering, or continuous security validation within complex enterprise environments.
• Strong engineering background, with hands‑on experience in software development, scripting, or platform engineering (e.g. Python, Go, PowerShell, infrastructure‑as‑code).
• Proven experience designing and scaling automated security testing pipelines, applying CI/CD, DevOps, and MLOps concepts to security use cases.
• Deep understanding of adversary tradecraft, mapped to frameworks such as MITRE ATT&CK, and the ability to translate threat intelligence into executable emulation scenarios.
• Experience working with modern cloud and hybrid environments (e.g. AWS, Azure, GCP, SaaS), including security controls, telemetry, and detection mechanisms.
• Strong communication and leadership skills, with the ability to explain technical outcomes, risk, and coverage gaps to senior technical and non‑technical stakeholders.
• Influence senior technical and non‑technical stakeholders through clear, outcome‑focused communication.
• Mentor and elevate others, acting as a technical authority and role model within the cyber defence community.
• Continuously improve by experimenting, measuring results, and iterating based on evidence.

Background & qualifications

• A degree in Computer Science, Cyber Security, Data Science, Engineering, or a related field, or equivalent practical experience.
• Relevant certifications in cyber threat intelligence, cyber security, cloud platforms, data analytics, or security frameworks are an advantage.
• Experience with Breach & Attack Simulation (BAS) platforms or custom emulation frameworks is an advantage.

Rewards and benefits
We want to make sure that it’s possible for you to strike the right balance between your career and your private life. Find out more about our employment conditions.

The benefits of working with us at ING include:

• 25-28 vacation days depending on contract
• Pension scheme
• 13th month salary
• 8% Holiday payment
• Hybrid working
• Personal growth and challenging work with endless possibilities
• An informal working environment with innovative colleagues

About us
Curious about how ING empowers people and businesses to move forward?

Discover what we do and what we can offer you

Questions?
Contact the recruiter attached to the advertisement. Want to apply directly? Please upload your CV and motivation letter by clicking the ‘Apply’ button.