Security Researcher & Red Team Operator Full-time Job
vor 1 Woche - Engineering - BaarJobdetails
- 80–100 %
- Hybrid work
- Immediately or by agreement
Cyber security is our passion - yours too?
Cyber security is a challenge that we grow together every day. Our mission and vision: to make the world more digitally secure every day. We are always looking for new team members to support us in this endeavour. Whether apprentice, professional or manager: everyone is equally important to us and first and foremost people. What do we have in common? A passion for cyber security and the motivation to give our best for ourselves and our customers every day. To achieve this, we need a working environment in which everyone feels comfortable. We offer you an open and collegial corporate culture, short decision-making paths, hybrid working models, a high level of trust, plenty of room for ideas and your individual development, as well as a team that celebrates small and large successes together. Maybe you'll soon be part of it too?
Your Job
We are seeking a highly motivated and experienced Security Researcher & Red Team Operator. In this newly created and mixed role, you will be responsible for developing Red Team capabilities as well as executing Red/Purple Team projects. About 50% of the time you will perform attacker tradecraft research, publish technical blog articles on offensive-security topics and present findings at internal or external conferences. Staying up to date with the latest adversary tactics and vulnerabilities will be key to your success in this role – a role that involves developing and maintaining tools designed to bypass security controls for use in covert operations.
The second part of the job is to propose, plan, and execute Red Team and Purple Team operations based on realistic threats to InfoGuard and our clients. You will work closely with our Security Operations Center and Incident Response Team to improve detection and response capabilities. As part of your responsibilities, you will write detailed reports for clients covering the goals, processes, and results of Red Team operations, including significant observations and recommendations. You will also deploy and manage attack infrastructure for stealth operation. Besides this, you will also play an important role in mentoring and teaching other engineers within the Red Team.
Although you will be joining an existing team of talented professionals, this specific area of our Red Team is still under development. We are looking for someone eager to build up this function – while helping to shape new processes, tools, and strategies. If you are excited about being part of a team that is still growing and evolving, this role is for you!
Skill Check
mandatory
important
desirable
Technical requirements
Several years of experience in conducting advanced adversary-simulation exercises
Experience in developing custom tools and researching techniques which bypass defensive products to remain undetected in mature network environments
Profound knowledge of exploit techniques and commonly used attack tools, frameworks and techniques (TTPs) used by red teams
Ability to automate tasks by writing or adapting scripts and programs
Informed on current security trends, advisories, publications, and academic research on latest techniques
Proficiency in at least one programming language such as Python, C#, or C++
Familiarity with common frameworks and regulations in the field such as DORA and TIBER
Track record of past publications/research (CVEs, PoCs, technical blogposts, talks at relevant conferences)
Personal requirements
Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner
Excellent written and spoken English
Good knowledge of German
You're not as confident as you'd like in every area? Every person has different strengths and talents. Your motivation and personality are more important to us than a top-class CV. Perhaps you have other skills that you can bring to us? Either way, we look forward to receiving your application.
Your Team
You are joining three colleagues in the Security Research & Red Team, which is part of InfoGuard’s Penetration Testing Team. Our Pen Testing Team consists of several (senior) professionals with different technical backgrounds. We take on the role of the attacker for our customers and test their programs, protocols, and systems. We are constantly coming up with creative, unconventional ways to gain access to sensitive data. To this end, we also develop our own attack tools or use social engineering attacks such as phishing. After the attack, we support our customers as competent consultants – describing the vulnerabilities we have found and, above all, how the customer can eliminate them. We explain our results to other specialists, but also find the right words for people without specialist knowledge.
Working together is not only fun – we also learn from and with each other every day. In our day-to-day business, we mostly work operationally on projects – whether on site at the customer’s premises, in the InfoGuard offices or from home – whereby our technical expertise and creative solutions are definitely among our USPs. In addition to cross-team collaboration, we also focus on research, working together on complex challenges and testing new technologies. We also regularly present these at internal and external trade fairs. In short, there is never a dull moment with us. If you are eager to learn, enjoy working in a team and have a passion for pen testing, you have come to the right place.
Benefits
Flexible annual working hours on the basis of a 40-hour week
Hybrid working model: in the office, at home or on the move
25 holiday days
From 40 years: 27 days
From 50 years: 30 days
10 days paternity leave (Art. 329g OR)
16 weeks maternity leave
Fixed annual salary in 13 monthly wages: special bonuses for above-average performance
Comprehensive supplementary accident insurance (UVGZ)
Generous daily sickness benefits insurance (premium paid by InfoGuard)
Attractive pension solution from the pension fund
Generous support for external function-related training and further education
Regular internal training
Paid function-related certification courses
Fresh food, drinks, fruit and snacks (FELFEL.ch)
Free coffee
Large modern terrace for BBQs, meetings and sunbathing
Events organised several times a year for employees and customers
Cost sharing for smartphone and mobile subscription plus additional SIM cards
Good accessibility by train and car (S-Bahn station and motorway access)
Exclusive employee discounts with ‘Brands for Employees’
Sport at lunchtime: discounted sports facilities in the city of Zug
EVZ seating tickets and lounge
Impressions
Your place of work
When we are not working from home or at the client's premises, we are based in Baar. The office is easily accessible by public transport.
InfoGuard AG, Lindenstrasse 10, 6340 Baar/Zug
ANOTHER QUESTION?
Chiara Martinelli
HR Recruiter
You might also like these jobs
Penetration Testers
Penetration Tester (Senior)
MORE Penetration Testers
80-100% I Hybrid work (remote/office baar) I immediately or by arrangement
MORE Analysts & Investigators
Incident Responder (Senior)
MORE Analysts & Investigators
80-100% I Hybrid work I
immediately or by arrangement
MORE