Red-Team Engineering Lead

Location: Berlin (3 days per week onsite) Duration: 6 months (scope for extension) Sector: Retail Rate: Hourly € rate (competitive - will depend on experience)

Role Overview

We’re looking for a Red-Team Engineering Lead to spearhead proactive security efforts by simulating real-world threats and uncovering weaknesses before attackers do. In this role, you’ll not only execute high-impact offensive operations but also provide technical direction, shape team strategy, and influence the security maturity of the broader organization. This is a hands‑on leadership position—ideal for someone who thrives at the intersection of technical excellence, threat modelling, and mentorship.

Key Responsibilities

• Design and lead red-team exercises targeting infrastructure, applications, and services—ranging from stealth reconnaissance to full-chain exploitation.
• Coordinate and manage incoming security reports from external researchers, including bug bounty and third‑party assessments.
• Investigate and deconstruct vulnerabilities to identify patterns, root causes, and mitigation paths.
• Perform in-depth reviews of third‑party platforms and cloud‑integrated solutions to uncover risk exposure.
• Develop and maintain offensive security tools and automation frameworks to streamline operations and generate threat metrics.
• Collaborate with developers, security engineers, and operations teams to communicate risks and provide technical remediation strategies.
• Organize internal training, workshops, and red‑team drills to enhance team skills and spread awareness of offensive methodologies.
• Prioritize red‑team initiatives based on evolving threat models, business impact, and organizational risk appetite.
• Contribute to shaping and scaling the overall security strategy, policies, and tooling.

What You Bring

• Extensive experience in offensive security, red teaming, or adversary emulation in a modern cloud-first environment.
• Demonstrated leadership in guiding security engineering teams or red-team functions.
• Proficiency in dissecting application security issues, especially in environments built with JavaScript (Node.js) and Java.
• Solid understanding of cloud-native architectures, particularly AWS‑based systems and containerized services.
• Strong scripting capabilities in Python for tooling, automation, and data analysis.
• Excellent communication skills—capable of translating technical findings into actionable insights for both engineers and executives.
• Ability to self‑direct, drive security initiatives, and cultivate a team culture focused on continuous improvement.
• Certifications such as OSCP, OSWE, CREST, GIAC, or equivalent practical experience.
• A track record of contributing to security communities, CTFs, or open-source security tools.

#J-18808-Ljbffr