Logo Raiffeisen Bank International AG

Penetration Tester / Red team Specialist

New

Raiffeisen Bank International AG

Job

  • Level
    Experienced
  • Job Field
    IT, Security, Test/QA
  • Employment Type
    Part Time
  • Contract Type
    Permanent employment
  • Salary
    from 3.375 € Gross/Month
  • Location
    Vienna
  • Working Model
    Hybrid, Onsite

    • Job Summary

    In this role, you will simulate realistic attacks, validate security controls, and develop actionable recommendations for detection and response teams to enhance security in a complex enterprise environment.

    Job Technologies

    Your role in the team

    • RBI Group Cyber Defense Services is seeking an experienced Red Team Specialist to operate in a large, complex enterprise environment spanning multiple business units, network banks, and subsidiaries. This role combines hands-on offensive security with defender enablement: you will simulate realistic attack paths, validate security controls, and translate offensive findings into concrete improvements for detection and response teams across the Group.
    • Plan and execute red team and purple team engagements across enterprise, endpoint, identity, network, cloud, and web environments.
    • Conduct realistic attack-path exercises against Group units and subsidiaries, aligned with approved scope and business context.
    • Perform offensive activities including privilege escalation, lateral movement, persistence, defense evasion, and identity abuse in enterprise and cloud environments.
    • Assess internal infrastructure, Active Directory, cloud identity, and web application attack surfaces.
    • Dokumentiere Angriffsketten aus der Perspektive des Verteidigers, einschließlich verwendeter Techniken, erwarteter Telemetrie, Erkennungslücken und spezifischer Empfehlungen für die Erkennungstechnik.
    • Work closely with blue teams, detection engineers, and incident responders to validate controls and improve detection and response coverage.
    • Translate findings into prioritized remediation guidance, detection use cases, and practical follow-up actions.
    • Develop or customize offensive tooling, scripts, and test scenarios where required.

    This text has been machine translated. Show original

    Our expectations of you

    Qualifications

    • Deep understanding of the internals of at least one operating system (Windows or Linux), authentication mechanisms, service and process relationships, and system telemetry.
    • Prior knowledge of Active Directory abuse paths and enterprise identity attack techniques.
    • Understanding of how web attacks manifest in application logs, web logs, WAF telemetry, and identity providers.
    • Proficiency in at least one scripting language, preferably PowerShell or Python.
    • Ability to communicate clearly with both technical and non-technical stakeholders.
    • Vertrautheit mit Atomic Red Team, Caldera oder ähnlichen Frameworks zur Gegenspielersimulation.
    • Knowledge of Azure AD / Entra ID and cloud identity attack techniques.
    • Knowledge of SWIFT security controls and attack surfaces.
    • Vertrautheit mit TIBER-ähnlichen oder threat-led Testing-Ansätzen, DORA (Digital Operational Resilience Act).
    • Contributions to the offensive security community: CVE discoveries, public tooling, conference talks, blog posts, or CTF platforms.
    • Relevant offensive security certifications.
    • German language skills (business level).

    Experience

    • Proven hands-on experience delivering red team, purple team, or advanced penetration testing engagements in large enterprise environments.
    • Experience in offensive operations beyond tool usage, including privilege escalation, lateral movement, persistence, defense evasion, and identity abuse in enterprise and cloud environments.
    • Hands-on experience in web application exploitation techniques, such as authentication bypass, session abuse, SSRF, deserialization, injection flaws, and OAuth/SAML abuse.
    • Experience working in Blue Team functions such as Detection Engineering or Incident Response.
    • Experience building, tuning, or validating detections in SIEM and EDR platforms.
    • Experience in the financial services or other regulated industries (banking, insurance, critical infrastructure).
    • Experience with OT/SCADA environments or banking ATM/POS network security assessments.

    This text has been machine translated. Show original

    What we offer

    • Work-Life Balance: Flexible hours, work-from-home options from Austria.
    • Global community: 75+ nationalities, English as the company language, and work permit support. Our teams thrive on collaboration and mutual respect.
    • Career growth: We believe in continuous learning and proactive career development. Take on challenging work that stretches your abilities, attend trainings, and use new technologies to make a lasting impact.
    • Stay healthy: Subsidized canteen, well-being programs, check-ups, and sport allowances.
    • Save money: Discounts, exclusive banking terms, and a free public transport pass.
    • Family support: Child allowances, gender-neutral parental leave, bilingual company kindergarten, and holiday childcare.
    • Competitive salary: In accordance with Austrian legal requirements, the minimum salary for this position is EUR 3,375.40 gross per month under the applicable Banking Collective Agreement. The actual salary is typically higher and will be determined individually based on your qualifications, professional experience, and the specific requirements of the role.

    This text has been machine translated. Show original

    Benefits

    Work-Life-Integration

    More net

    Food & Drink

    Topics that you deal with on the job

    Job Locations

    Map of company locations

    • Location Vienna

      Austria

    This is your employer

    Raiffeisen Bank International AG

    Raiffeisen Bank International AG

    Wien, Wien

    The Raiffeisen Bank International AG (RBI) is a leading commercial and investment bank in Austria and also considers Central and Eastern Europe (CEE) to be its home market. In CEE, the RBI has a tightly knit network of subsidiaries, leasing companies, and a variety of specialized financial service providers in 17 markets.

    Description

  • Company Size
    250+ Employees
  • Founding year
    2010
  • Language
    English
  • Company Type
    Established Company
  • Working Model
    Full Remote, Hybrid, Onsite
  • Industry
    Banking, Finance, Insurance

    • Dev Reviews

    by devworkplaces.com

    Total

    (4 Reviews)
    4.1

    • Culture

      4.4

    • Career Growth

      4.0

    • Workingconditions

      4.7

    • Engineering

      3.6
    Show All Dev Reviews
    Logo Raiffeisen Bank International AG

    Penetration Tester / Red team Specialist

    Raiffeisen Bank International AG
    Salary
    from 3.375 € Gross/Month
    Location
    Vienna
    Working Model
    Hybrid, Onsite
    Diversity
    Open for all genders

    More Jobs