We are looking for a highly skilled Senior Penetration Tester / Red Team Operator to join our team. In this full-time role, you will be responsible for conducting advanced penetration tests and working on complex Red Team engagements aimed at assessing and challenging our customers' security posture.
You will design and execute sophisticated adversary simulation campaigns, emulating real-world threat actors across the full attack lifecycle. This includes identifying attack paths, exploiting vulnerabilities, maintaining stealthy persistence, and delivering actionable insights to improve defensive capabilities.
You will also contribute to the development of offensive tooling, methodologies, and tradecraft, while working closely with clients to provide strategic recommendations.
This is a hybrid position based in Luxembourg, with partial remote work possible.
Your skills
- Proven experience conducting large-scale and mature Red Team engagements in real-world environments
- Strong hands-on expertise across multiple phases of offensive operations
- Ability to operate autonomously in complex and high-security environments
- Solid experience performing standard penetration testing engagements, including:
- Network pentesting (internal, external and cloud infrastructure)
- Application pentesting (web, mobile and thick client applications)
- Demonstrated experience in at least one of the following areas:
- Initial access techniques (phishing campaigns, payload delivery, implant development)
- Vulnerability research (including discovery of complex or novel flaws)
- Malware development (custom tooling, evasion techniques, obfuscation)
- Post-exploitation (lateral movement, privilege escalation, persistence, data exfiltration)
- Solid experience in reverse engineering and/or malware analysis
- Deep understanding of modern cybersecurity threats, detection mechanisms, and defensive strategies
Nice to Have
- Participation in TIBER (Threat Intelligence-Based Ethical Red Teaming) exercises
- Offensive security certifications such as OSEP, OSCE, CRTO, or equivalent
- Experience in developing or modifying exploit code and offensive framework
