Offensive Security Consultant (Red Teamer)

Schuberg Philis is a mission-critical IT company dedicated to securing society's essential systems, such as financial transactions, energy grids, supply chains, and production lines. We don’t settle for baseline security; our solutions enable operational excellence and transformative resilience. Security, for us, goes beyond compliance, it’s about delivering proactive and adaptive solutions to ever-evolving threats. Our flat, self-steering organization enables autonomy while fostering innovation.

We seek an Offensive Security Consultant to strengthen the security of mission-critical systems. You’ll apply an offensive mindset and simulate sophisticated cyberattacks, design collaborative purple team exercises and provide insights that empower organizations to continuously improve their defences.

Our customers, from the finance, utilities, public services, and retail sectors, rely on systems that must stay secure, operational, and resilient under any circumstances. This role is vital to ensuring those systems don’t just survive attacks but constantly evolve to handle new threats.

Responsibilities

• Identify mission-critical "crown jewels," assess vulnerabilities, and design attack scenarios using advanced techniques that go beyond standard vulnerability scans.

• Lead threat intelligence-driven red team operations to simulate real-world cyber threats. Facilitate purple team exercises, bringing defensive and offensive teams together to strengthen security and train defences.

• Provide clear, prioritized, and actionable insights to improve customers’ resilience. Your recommendations will enable organizations to advance their security strategies intelligently.

• Partner with clients to develop adaptive defence strategies that integrate offensive insights with IT and OT blueprints to tackle complex, evolving threats.

• Support blue teams with offensive thinking; analyse threat intelligence, perform risk assessments, define abuse cases and support emergency response.

• Play a key role in shaping Schuberg Philis’s security propositions, ensuring our customers are equipped to not just withstand threats but thrive beyond them.

• Share your expertise to drive innovation internally, with our customers, and within the broader tech community to inspire a pro-active approach to security challenges.
  

Who You Are

• Proven expertise in IT and/or OT security (10+ years of experience), with a strong track record in offensive security, red teaming and advanced attack scenarios.

• Advanced familiarity with attack tactics (TTPs) alongside defensive tools such as SOC/SIEM platforms, vulnerability management systems and endpoint detection and response (EDR).

• Comprehensive knowledge of risk assessments and turning findings into actionable, practical improvements. Knowledge of zero-trust strategies and IAM concepts is a plus.

• Ability to clearly explain technical insights to both engineers and executives.

• Passion for questioning norms, pushing boundaries, and driving continuous improvement in security practices.

What can you expect?

At Schuberg Philis, you’ll join a community of engineers with an awesome combination of exceptionally high security standards, an infatuation with automation, and the power to make a positive, sustainable impact on customers’ business. Due to the nature of our customer engagements, there is no pressure on (billable) hours, but we focus on quality and impact – or as we like to call it “freedom & responsibility”. You know best how to deliver the most value.

You’ll also be embedded in a company committed to helping colleagues grow as people and professionals through training, opportunities for knowledge-sharing, and good old-fashioned fun.   

Our offices are high-quality workspaces, and we go way beyond what is expected. We have productive equipment, good food and drinks, team outings, family days, labs to experiment with innovative technologies, etc. We’re very active in the AWS community, attending and organizing meetups and conferences, and organizing internal knowledge sharing events.