Location: Berlin (3 days per week onsite)Duration: 6 months (scope for extension)Sector: RetailRate: Hourly € rate (competitive - will depend on experience)Role OverviewWe’re looking for aRed-Team Engineering Leadto spearhead proactive security efforts by simulating real-world threats and uncovering weaknesses before attackers do. In this role, you’ll not only execute high-impact offensive operations but also provide technical direction, shape team strategy, and influence the security maturity of the broader organization.This is a hands-on leadership position—ideal for someone who thrives at the intersection of technical excellence, threat modelling, and mentorship.Key Responsibilities
* Design and lead red-team exercises targeting infrastructure, applications, and services—ranging from stealth reconnaissance to full-chain exploitation.
* Coordinate and manage incoming security reports from external researchers, including bug bounty and third-party assessments.
* Investigate and deconstruct vulnerabilities to identify patterns, root causes, and mitigation paths.
* Perform in-depth reviews of third-party platforms and cloud-integrated solutions to uncover risk exposure.
* Develop and maintain offensive security tools and automation frameworks to streamline operations and generate threat metrics.
* Collaborate with developers, security engineers, and operations teams to communicate risks and provide technical remediation strategies.
* Organize internal training, workshops, and red-team drills to enhance team skills and spread awareness of offensive methodologies.
* Prioritize red-team initiatives based on evolving threat models, business impact, and organizational risk appetite.
* Contribute to shaping and scaling the overall security strategy, policies, and tooling.
What You Bring
* Extensive experience in offensive security, red teaming, or adversary emulation in a modern cloud-first environment.
* Demonstrated leadership in guiding security engineering teams or red-team functions.
* Proficiency in dissecting application security issues, especially in environments built with JavaScript (Node.js) and Java.
* Solid understanding of cloud-native architectures, particularly AWS-based systems and containerized services.
* Strong scripting capabilities in Python for tooling, automation, and data analysis.
* Excellent communication skills—capable of translating technical findings into actionable insights for both engineers and executives.
* Ability to self-direct, drive security initiatives, and cultivate a team culture focused on continuous improvement.
* Certifications such as OSCP, OSWE, CREST, GIAC, or equivalent practical experience.
* A track record of contributing to security communities, CTFs, or open-source security tools.
#J-18808-Ljbffr