Penetration Tester / Red team Specialist (f/m/x)

RBI Group Cyber Defense Services is seeking an experienced Red Team Specialist to operate in a large, complex enterprise environment spanning multiple business units, network banks, and subsidiaries. This role combines hands-on offensive security with defender enablement: you will simulate realistic attack paths, validate security controls, and translate offensive findings into concrete improvements for detection and response teams across the Group.
The successful candidate will help raise capability on both the red and blue sides by running high-value exercises, documenting attack chains clearly, and turning technical findings into actionable improvements for defenders.

Your mission at RBI:

• Plan and execute red team and purple team engagements across enterprise, endpoint, identity, network, cloud, and web environments.
• Conduct realistic attack-path exercises against Group units and subsidiaries, aligned with approved scope and business context.
• Perform offensive activities including privilege escalation, lateral movement, persistence, defense evasion, and identity abuse in enterprise and cloud environments.
• Assess internal infrastructure, Active Directory, cloud identity, and web application attack surfaces.
• Document attack chains in a defender-centric manner, including techniques used, expected telemetry, detection gaps, and specific detection engineering recommendations.
• Work closely with blue teams, detection engineers, and incident responders to validate controls and improve detection and response coverage.
• Translate findings into prioritized remediation guidance, detection use cases, and practical follow-up actions.
• Develop or customize offensive tooling, scripts, and test scenarios where required.

Your core competencies: 

• Proven hands-on experience delivering red team, purple team, or advanced penetration testing engagements in large enterprise environments.
• Experience in offensive operations beyond tool usage, including privilege escalation, lateral movement, persistence, defense evasion, and identity abuse in enterprise and cloud environments.
• Hands-on experience in web application exploitation techniques, such as authentication bypass, session abuse, SSRF, deserialization, injection flaws, and OAuth/SAML abuse.
• Deep understanding of the internals of at least one operating system (Windows or Linux), authentication mechanisms, service and process relationships, and system telemetry.
• Prior knowledge of Active Directory abuse paths and enterprise identity attack techniques.
• Understanding of how web attacks manifest in application logs, web logs, WAF telemetry, and identity providers.
• Proficiency in at least one scripting language, preferably PowerShell or Python.
• Ability to communicate clearly with both technical and non-technical stakeholders.

Nice to have:

• Experience working in Blue Team functions such as Detection Engineering or Incident Response.
• Experience building, tuning, or validating detections in SIEM and EDR platforms.
• Familiarity with Atomic Red Team, Caldera, or similar adversary simulation frameworks.
• Knowledge of Azure AD / Entra ID and cloud identity attack techniques.
• Experience in the financial services or other regulated industries (banking, insurance, critical infrastructure).
• Knowledge of SWIFT security controls and attack surfaces.
• Familiarity with TIBER-style or threat-led testing approaches, DORA (Digital Operational Resilience Act).
• Experience with OT/SCADA environments or banking ATM/POS network security assessments.
• Contributions to the offensive security community: CVE discoveries, public tooling, conference talks, blog posts, or CTF platforms.
• Relevant offensive security certifications.
• German language skills (business level)

What’s in it for you: 

• Work-Life-Balance: Flexible hours, work-from-home options from Austria 
• Global community: 75+ nationalities, English as the company language, and work permit support. Our teams thrive on collaboration and mutual respect. 
• Career growth: We believe in continuous learning and proactive career development. Take on challenging work that stretches your abilities, attend trainings, and use new technologies to make a lasting impact. 
• Stay healthy: Subsidized canteen, well-being programs, check-ups, and sport allowances. 
• Save money: Discounts, exclusive banking terms, and a free public transport pass. 
• Family support: Child allowances, gender-neutral parental leave, bilingual company kindergarten, and holiday childcare. 
• Competitive salary: In accordance with Austrian legal requirements, the minimum salary for this position is EUR 3.375,40 gross per month under the applicable Banking Collective Agreement. The actual salary is typically higher and will be determined individually based on your qualifications, professional experience, and the specific requirements of the role.