Location: Berlin (3 days per week onsite)Duration: 6 months (scope for extension)Sector: RetailRate: Hourly € rate (competitive - will depend on experience) Role Overview We’re looking for aRed-Team Engineering Leadto spearhead proactive security efforts by simulating real-world threats and uncovering weaknesses before attackers do. In this role, you’ll not only execute high-impact offensive operations but also provide technical direction, shape team strategy, and influence the security maturity of the broader organization.This is a hands-on leadership position—ideal for someone who thrives at the intersection of technical excellence, threat modelling, and mentorship. Key Responsibilities Design and lead red-team exercises targeting infrastructure, applications, and services—ranging from stealth reconnaissance to full-chain exploitation. Coordinate and manage incoming security reports from external researchers, including bug bounty and third-party assessments. Investigate and deconstruct vulnerabilities to identify patterns, root causes, and mitigation paths. Perform in-depth reviews of third-party platforms and cloud-integrated solutions to uncover risk exposure. Develop and maintain offensive security tools and automation frameworks to streamline operations and generate threat metrics. Collaborate with developers, security engineers, and operations teams to communicate risks and provide technical remediation strategies. Organize internal training, workshops, and red-team drills to enhance team skills and spread awareness of offensive methodologies. Prioritize red-team initiatives based on evolving threat models, business impact, and organizational risk appetite. Contribute to shaping and scaling the overall security strategy, policies, and tooling. What You Bring
Extensive experience in offensive security, red teaming, or adversary emulation in a modern cloud-first environment. Demonstrated leadership in guiding security engineering teams or red-team functions. Proficiency in dissecting application security issues, especially in environments built with JavaScript (Node.js) and Java. Solid understanding of cloud-native architectures, particularly AWS-based systems and containerized services. Strong scripting capabilities in Python for tooling, automation, and data analysis. Excellent communication skills—capable of translating technical findings into actionable insights for both engineers and executives. Ability to self-direct, drive security initiatives, and cultivate a team culture focused on continuous improvement. Certifications such as OSCP, OSWE, CREST, GIAC, or equivalent practical experience. A track record of contributing to security communities, CTFs, or open-source security tools.
#J-18808-Ljbffr