Senior Red Team Consultant (m/f/d)

SRLabs is home to knowledge leaders securing critical infrastructures in finance, energy, and telecommunications. We focus on hands-on hacking resilience – not compliance –, which we shape by combining our hacking research with impactful consulting work for innovation leaders that have a natural thrive for cutting-edge technologies. What makes us unique? We come from diverse backgrounds from all over the world, and that's just the way we like it. From coding, reverse engineering, penetration testing, exploit scripting, process design, research and consulting skills, our mix of colleagues possesses a vast set of qualifications, that equips us to influence design decisions of large-scale organisations.

What awaits you with us:

• Diverse team of highly motivated and competent security experts
• Culture of constant learning and improvement
• Flexible home office.
• You can work from anywhere in Germany
• Yearly company retreat
• Urban Sports Club membership
• Deutschlandticket (public transportation)
• 30 days paid vacation

Job brief: As a Red teamer at SRLabs, you work in a small and specialised team simulating infiltrations of corporate environments with high levels of protection for our clients. From obtaining initial access via external vulnerabilities or phishing, over lateral movement and to a domain takeover, you take part in the full chain of emulating adversarial cyber attacks. To remain undetected and complete your mission, you are able to avoid noise and bypass detection solutions and other protection measures. You analyze protection and monitoring gaps for their technical and operational root causes, and provide actionable steps for closing these gaps, bearing in mind the customer specific constraints our clients are facing. Your strategic advice supports the management in defining the security roadmap and employing security budget most effectively.

Your Responsibilities:

• Participate in red team engagements at SRLabs' clients
• Perform external penetration testing and run phishing campaigns
• Bypass protection measures and move undetected inside corporate networks
• Develop tools, scripts and exploits for red team engagements
• Create presentations to communicate risk and provide strategic advice on process optimizations
• Support the client in addressing findings, in both, written and verbal communication
• Develop methodologies to extrapolate from Red Team insights to generic security assurance checks
• (Optional) Lead red team exercises and take responsibility for what comes with it (scoping, task management, escalations, ...)

What do you bring:

• Strong foundational knowledge of information technology, including (Operating systems, Networking and Web technologies)
• Hands-on experience in offensive security and red teaming
• Solid experience with Active Directory and Entra ID security
• Experience in client-facing roles or security consulting, including (presenting technical findings to diverse audience and provide strategic advice to clients)
• Infrastructure and web penetration testing
• Proficiency in programming languages such as:
• Python, C/C++, Go, Java
• Excellent communication skills in English (written and verbal)

Nice to have Relevant expertise from areas like

• Malware delivery and development
• Incident response
• Vulnerability research and exploit development
• Reconnaissance, OSINT and social engineering
• Operational security and bypassing of security measures (AV/EDR, endpoint and infrastructure hardening, SIEM generated alerts, Honeypots, ...)
• Detection engineering and SOC operation
• Experience in management consulting and communication

We are looking forward to receiving your application.