Lead - Red Team and Attack Simulations

Job Description Summary

Contributes to Sandoz’s offensive security strategy and participates in Red Team and Attack Simulations efforts to test Sandoz’s defenses against real-world cyberattacks, with particular focus on improving the Sandoz’s Critical Assets security and resilient posture.

 

Job Description

Major Accountabilities:

• The Lead for Red Team and Attack Simulations is crucial for ensuring Sandoz’s defensive capabilities are effective by identifying and remediating security gaps and weaknesses before they can be exploited by advanced cyber threat actors. It requires extensive technical knowledge of attack paths and cyber adversary hacking in both OT and IT environments. The role demands an experienced offensive security professional who can identify and exploit security vulnerabilities without disrupting global operations, staying ahead of constantly evolving malicious techniques, and capable of developing own tools. Additionally, it requires regulatory exposure to appropriately document findings from offensive security tests.
• Participate in designing Red Team and Attack Simulation scenarios for various kill-stage stages to identify and address gaps in Sandoz’s security and resilience posture. Collaborate with Cyber Threat Intelligence (CTI) to perform intelligence gathering against target networks, people, processes, and technologies.
• Build an evolvable threat catalogue, which will enable threat-informed defense across the Information Security Risk Management (ISRM) team. Foster collaboration with Blue and Purple teams to continuously mature detection and response capabilities.
• Continuously research, test, and develop new tools, techniques, and procedures (TTPs) in line with Sandoz’s threat profile. Stay abreast of the latest cybersecurity trends and developments to enhance the team’s tradecraft and ensuring the success of planned campaigns.

Ideal Background:

Education:

• Master of Science degree or equivalent experience in computer science, engineering or information technology or other relevant field
• Advanced certification in offensive security (e.g. OSEP, OSEE, GXPN)

Languages:

• Fluent in written and spoken English

Experience and Skills:

• At least 10 years’ experience in technology and cyber security roles ideally from mature industries like banking, pharma or critical sectors.
• At least 5 years of experience in roles related to offensive security such as Red Teaming or Adversary Emulation.
• At least 3 years of experience in IT/OT penetration testing and/or relevant security research.
• Experience in intelligence gathering against companies, networks, and technologies.
• Knowledge of designing covert C2 infrastructure in various on-prem, cloud or OT environments; automation experience is a plus.
• Proficient understanding and knowledge of general IT infrastructure technology and systems including Cloud and Operational Technology (OT / Industrial Control Systems).
• Knowledge of Python and at least another programming language.
• Knowledge of cyber threat modelling techniques and practice.
• Strong time management skills.
• Public research and security conference presentations is a plus

Why Sandoz?

Generic and Biosimilar medicines are the backbone of the global medicines industry. Sandoz, a leader in this sector, provided more than 900 million patient treatments across 100+ countries in 2024 and while we are proud of this achievement, we have an ambition to do more!

With investments in new development capabilities, production sites, new acquisitions, and partnerships, we have the opportunity to shape the future of Sandoz and help more patients gain access to low-cost, high-quality medicines, sustainably.

Our momentum is powered by an open, collaborative culture driven by our talented and ambitious colleagues, who, in return for applying their skills experience an agile and collegiate environment with impactful, flexible-hybrid careers, where diversity is welcomed and where personal growth is supported!

Join us!

Join our Sandoz Network: If this role is not suitable to your experience or career goals but you wish to stay connected to hear more about Sandoz and our career opportunities, join the Network here: Sandoz Talentpool

#Sandoz

 

Skills Desired

Communication, Cyber-Security Regulation, Cyber Threat Hunting, Cyber Threat Intelligence (Cti), Cyber Threat Management, Cyber Vulnerabilities, Decision Making Skills, Influencing Skills, Information Security Risk Management