Senior Threat Emulation Engineer - Red Team

At Emirates, we believe in connecting the world, to and through, our global hub in Dubai; and in constantly innovating to ensure our customers ‘Fly Better’. Emirates Group IT thrives on the dynamic nature of technology. Being pioneers in aviation innovation, we're always at the forefront, pushing boundaries. We're on the lookout for exceptional IT professionals to fortify our position as leaders in the industry. Embark on a journey with the world’s largest international airline and become a vital part of our cutting-edge information and technology team as Senior Threat Emulation Engineer - Red Team.

Join our CyberSecurity team where we ensure a world class CyberSecurity organisation based on the key principles of People, Process and Technology underpinned with executive endorsement of a multi-year strategy to continuously improve and develop. The team protects our digital assets by monitoring for threats, responding to incidents, managing vulnerabilities, and ensuring compliance with security policies and regulations. If you are passionate about CyberSecurity, we invite you to apply to play a crucial role in shaping the future of our technology initiatives at Emirates Group.

As a Senior Threat Emulation Engineer - Red Team, you will deliver advanced adversary emulation capabilities to assess and strengthen the organisation’s ability to detect, prevent, and respond to sophisticated cyber threats. Operate and enhance Breach and Attack Simulation (BAS) platforms, develop and execute intelligence-led simulation scenarios, and work closely with cross-functional cybersecurity teams to identify and address detection and response gaps.

In this role you will:

• Conduct adversary emulation scenarios based on threat intelligence to validate security controls, detection capabilities, and incident response readiness.
• Operate and maintain Breach and Attack Simulation (BAS) platforms, ensuring accurate execution of tactics, techniques, and procedures (TTPs) relevant to the organisation’s threat landscape.
• Collaborate with Security Operations Centre (SOC), Incident Response, Threat Intelligence, and Security Engineering teams to close detection gaps and improve control effectiveness.
• Analyse simulation outcomes, identify vulnerabilities, and provide clear, actionable recommendations for remediation. Support the governance of remediation activities to ensure timely closure of vulnerabilities and systemic weakness.
• Compile and present findings and technical reports, ensuring accuracy, clarity, and relevance for both technical and management audiences.
• Track and monitor the remediation lifecycle of identified issues, ensuring closure within agreed timelines.
• Research emerging adversary tradecraft, tools, and techniques to enhance the scope and realism of emulation activities.
• Contribute technical expertise to strategic security initiatives, align simulation outcomes with long-term resilience objectives, and continuously enhance the adversary emulation function through innovation and skills development.

To be considered for the role, you must meet the below requirements:

• Degree or Honours (12+3) or equivalent Degree in Information Technology, Information Security, or a related field.
• Preferred professional certifications such as OSCP, OSEP, CRTP, CRTE, GPEN, or equivalent
• 3+ years in Red Team, adversary emulation, or offensive security roles.
• 5+ years of experience in offensive security methodologies, tools, and frameworks, including command-and-control (C2) operations, antivirus evasion, defence evasion techniques, and threat emulation platforms.
• Strong understanding of network protocols, system architectures, and core security technologies.
• Demonstrated proficiency in social engineering techniques and evaluating organisational resilience against such attacks.
• In-depth knowledge of threat intelligence and the tactics, techniques, and procedures (TTPs) used by diverse threat actors.
• Experience in handling security incidents, including investigation, containment, eradication, and recovery phases of incident response.
• Proficiency in scripting and programming languages such as Python, Go, and Bash for task automation and customisation.
• Extensive experience in technical risk assessments with the ability to provide practical, prioritised risk mitigation recommendations.
• Proficiency in using security information and event management (SIEM) tools such as Splunk, including developing custom detection logic.

Leadership Role: No

Join us in Dubai and enjoy an attractive tax-free salary and travel benefits that are exclusive to our industry, including discounts on flights and hotels stays around the world. Find out what it’s like to live and work in our fast-paced, cosmopolitan home city in the Dubai Lifestyle section of our website www.emirates.com/careers