Penetration Tester (Sr. Red Team)

Company Description

Founded and headquartered in Switzerland, Avaloq is continuously expanding its global footprint with around 2,500 colleagues in 12 countries, and more than 160 clients in 35 countries. We are an industry-leading provider of wealth management technology and services for financial institutions around the world, including private banks and wealth managers, investment managers, as well as retail and neo banks. Our research led approach and continual innovation is powered by the passion and creativity of our colleagues.
We are always looking for talented people to join us on our mission to orchestrate the financial ecosystem and democratize access to wealth management. Avaloq offers the opportunity to work closely with some of the world’s leading financial institutions as we jointly develop and shape careers. Championing a collaborative, supportive and flexible work environment empowers our colleagues to reach their full potential.

Job Description

You will be part of a well-established international Information Security team focused on Offensive Security activities. As a Red Team Specialist, you will play a critical role in assessing and enhancing our organization's security defenses.

Your primary responsibility is to simulate attacks on the organization's systems, networks, and applications to identify vulnerabilities and weaknesses; document the findings, and work with stakeholders to ensure that any findings are understood and addressed. You will collaborate closely with other security professionals, including Blue team members (defenders) and Cyber Security Operations Center (CSOC) analysts. Together, you will strengthen the organization's security posture. Your role will contribute to the success of the team and will be reporting to the Head of InfoSec Assurance.

Your key tasks 

• Conduct Red team exercises to evaluate the effectiveness of security controls.
• Mimic real-world attacks to identify vulnerabilities and provide actionable recommendations.
• Carry out continuous implementation and testing sophisticated Tactics, Techniques, and Procedures (TTPs) to be engineered as part of the offensive knowledge base (KB).
• Design and implement advanced attack scenarios targeting modern computer networks and cloud environments.
• Contribute to the continuous improvement of the existing offensive knowledge base (KB).
• Execute testing, validation, and verification activities (e.g., field testing, performance testing, etc..) to evaluate and certify the effectiveness and stability of engineered capabilities.
• Collaborate with Blue team members and CSOC team to improve detection and response capabilities.
• Produce reports documenting findings and present them to stakeholders.
• Coordinating the engagement of specialized external companies for penetration tests when these activities cannot be carried out by internal personnel.
• Stay up-to-date with the latest attack techniques and security trends.

Qualifications

• Bachelor’s degree, or are a Master student or Post-graduate in Computer Science, Engineering, Information Security, Computer Engineering, Information Technology, or a related field.
• Previous hands-on work experience, with a focus on Information Technology or Cyber Security. preferably in a bank, financial institution, or consulting company
• Passion on ethical hacking and enjoy breaking things to make them stronger.
• Strong understanding of offensive security techniques.
• Strong knowledge of common attacks, web protocols, web application, windows and *nix environment, TCP/IP, firewalls, cryptography, and operational security tools and practices.
• Knowledge of generic offensive tools and C2 as well as industry-standard tools to perform security assessments.
• DevSecOps skills (Terraform, Github, Containers, Microservice, Serverless function, Cloud technologies).
• Strong problem solving, organizational and time management skills. IT and MS Office suite skills are strongly recommended.
• Demonstrates the ability to influence others through strong written and verbal communication, maintaining cooperative relationships at all levels of the organization, despite differing perspectives.
• Certifications like OSCP,OSEP,RTO,GIAC, GRTP.
• Recognition via public CVE or Bug Bounty Program.
• Fluent in English.

Additional Information

We realize that managing work life balance is a challenge we all face in our daily lives and in order to support with this we are pleased to offer hybrid and flexible working for most of our Avaloqers to maintain work life balance and still continue our fantastic Avaloq culture in our global offices. 

In Avaloq we are proud to embrace diversity and understand the success of our business is built on the power of different opinions, we are whole heartedly committed to fostering an equal opportunity environment and inclusive culture where you can be your true authentic self. 

We hire, compensate and promote regardless of origin, age, gender identity, sexual orientation or any other fantastic traits that make us all unique, we have done our best to write this advert in an inclusive and neutral way. 

Please be aware that we will not accept speculative CV submissions for any of our roles from recruitment agencies, and any unsolicited candidate submissions will be exempt from any payment expectations.

#LI-Hybrid