Senior Red Team Engineer

Job Description

The Senior Red Team Engineer is responsible for advanced penetration testing and adversarial simulation to assess and enhance the security posture of the organization. This role necessitates a blend of deep technical expertise and strategic thinking ensuring that the organization stays ahead of potential cyber threats.

Key Responsibilities

• Execute complex red team engagements to simulate real-world cyber-attacks on the organization's infrastructure, applications, and data.
• Collaborate with blue teams to validate the effectiveness of defensive measures and improve detection and response capabilities.
• Execute purple team exercises to integrate red and blue team activities, enhancing overall security effectiveness.
• Utilize threat intelligence to inform red team activities, ensuring simulations reflect current and emerging threat landscapes.
• Conduct attack path mapping for threat modeling to identify, assess, and prioritize potential cyber threats and vulnerabilities.
• Produce detailed reports and presentations that articulate findings, vulnerabilities, and potential impacts to technical and non-technical stakeholders.
• Recommend actionable remediation strategies to mitigate identified vulnerabilities and improve overall security posture.
• Document red team methodologies, tools, and processes for knowledge sharing and continuous improvement.
• Mentor and train junior red team members, fostering a culture of continuous learning and professional development.

Qualifications

Education and Experience

• Bachelor's degree in Computer Science, Information Security, or adequate experiences in the Offensive Security area.
• Minimum of 5 years of experience in cybersecurity and red team roles.
• Proven track record of executing complex red team engagements.

Technical Skills

• Deep understanding of network protocols, operating systems, and security architectures.
• Proficiency in penetration testing tools and frameworks such as Metasploit, Burp Suite, and Cobalt Strike.
• Experience with scripting and programming languages such as Python, PowerShell, and Bash.
• Knowledge of threat modeling, vulnerability assessment, and risk management practices.

Certifications

• Relevant industry certifications such as OSCP, OSCE, OSEP, CISSP, or GPEN.
• Continuous professional development through participation in cybersecurity training and conferences.

What we offer:

• Exciting work in a great team, global projects, international environment

• Opportunity to learn and grow professionally within the company globally

• Hybrid working model, flexible role pattern (e.g. even 80% full-time is possible in justified cases)

• Pension and health insurance contributions

• Internal reward system plus referral programme

• 5 weeks annual leave, 5 sick days, 15 days of certified sick leave paid above statutory requirements annually, 40 paid hours annually for volunteering activities, 12 weeks of parental contribution

• Cafeteria for tax free benefits according to your choice (meal vouchers, Lítačka, sport, culture, health, travel, etc.), Multisport Card

• Vodafone, Raiffeisen Bank, and Mall.cz discount programs

• Parking in the garage, showers, refreshments, massage chairs, library, music corner

• Competitive salary, and many more

Ready to take up the challenge? Apply now!
Know anybody who might be interested? Refer this job!

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:

Relocation:

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:

Shift:

Valid Driving License:

Hazardous Material(s):

Job Posting End Date:

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.