Senior Red Team Operator

Senior Red Team Operator
Amsterdam, Full-time (36-40 hours per week)

A role in Global CISO that’s as much about breaking things as it is about building resilience.

Are you passionate about cybersecurity and driven by an adversarial mindset? Do you want to test a global financial institution against sophisticated, real-world threats?

As a Senior Red Team Operator at ING, you will be part of a hands-on team focused on strengthening the bank's security posture. We emulate the mindset of an attacker to test our people, processes, and technology on a global scale. Your mission will be to simulate the tactics, techniques, and procedures (TTPs) of advanced threat actors, providing critical assurance to the business and its leadership.

This is not a standard penetration testing role. We are looking for a specialist in red teaming who can plan and execute long-term, intelligence-led campaigns while maintaining exceptional operational security (OPSEC).

The team
You will join the Amsterdam-based red team, a highly specialized, multicultural group of experts with a proven track record in cybersecurity. As part of the Tribe Cyber Threat Management (CTM), we have a hands-on approach and focus on the constant evolution of our skills through research and on-the-job experience. We are a crucial part of the Global CISO organisation, and our work directly influences ING's global security strategy. We help each other to be successful and live by the Orange Behaviours.

Roles and responsibilities
You play a key role in protecting ING through:   

• Leading advanced red team engagements.
  Design and conduct complex, long-run red team campaigns that mirror the sophistication of top-tier, intelligence-led exercises. You will test our global enterprise, including on-premise, cloud (Azure, Google Cloud), and hybrid environments.
• Executing the full attack lifecycle.
  Run objective-driven, end-to-end red team campaigns, from initial access to data exfiltration, while employing stealth to evade our Blue Team.
• Developing and maintaining red team infrastructure.
  Build, operate, and customize the team's command-and-control (C2) infrastructure. You will be expected to go beyond using standard tools like Cobalt Strike or Sliver, developing bespoke capabilities to ensure operational success.
• Driving defensive improvements through purple teaming.  
  Partner directly with our SOC and defensive teams in collaborative purple team exercises to tune detection rules, improve playbooks, and enhance ING’s defensive capabilities.
• Developing custom tooling to bypass advanced defences.
  Research emerging TTPs and create your own tools, implants, and loaders in languages like C++, C#, or Go to bypass modern security controls like EDR and application allow-listing.
• Delivering actionable insights to the business.
  Author comprehensive, narrative-style reports that translate complex technical findings into clear, actionable recommendations for executive stakeholders.

How to succeed
We hire smart people like you for your potential. Our biggest expectation is that you’ll stay curious. Keep learning. Take on responsibility. In return, we’ll back you to develop into an even more awesome version of yourself.

We're looking for someone who not only has the technical skills but also embodies the Orange Behaviours.

• You take it on and make it happen.
  You have a proactive, hands-on mentality and take ownership of complex campaigns from planning to execution. You are curious and driven to find new ways to challenge our defences.
• You help others to be successful.
  You are a natural collaborator, eager to share your expertise in purple team exercises and mentor junior operators. You thrive in a team environment where knowledge sharing is key to everyone's growth.
• You are always a step ahead.
  You have a forward-thinking mindset, constantly researching emerging threats and developing novel tools to stay ahead of the curve. You don't wait for instructions; you anticipate future challenges and build the solutions for them.

In addition, the following technical skills will help you to be successful in this role:

• 5+ years of hands-on experience in a dedicated red team role.
• You bring strong development skills in at least one low-level language (e.g., C++, C#, Go, Rust) for custom tool development, and proficiency in a scripting language (e.g., Python, PowerShell).
• Deep experience attacking complex enterprise environments, including Active Directory and major cloud providers (Azure, AWS, GCP).
• A strong Operational Security (OPSEC) mindset with a proven ability to conduct covert, objective-driven operations.
• Advanced offensive security certifications (e.g. OSEP, OSCE, GXPN, CRTO) are a plus, but your hands-on experience is what matters most.
• You are fluent in English, both verbally and in writing.

This position is an Integrity Sensitive Position. Enhanced Reliability Screening is a part of the application process.

Rewards and benefits
We want to make sure that it’s possible for you to strike the right balance between your career and your private life. Find out more about our employment conditions.

The benefits of working with us at ING include:

• 25-28 vacation days depending on contract
• Pension scheme
• 13th month salary
• 8% Holiday payment
• Hybrid working
• A generous budget for professional development, including advanced training and certifications.
• Dedicated time (e.g., 20%) for independent research and tool development.
• Personal growth and challenging work with endless possibilities
• An informal working environment with innovative colleagues

About us
Curious about how ING empowers people and businesses to move forward?

Discover what we do and what we can offer you.

Questions?
Contact the recruiter attached to the advertisement. Want to apply directly? Please upload your CV and motivation letter by clicking the ‘Apply’ button.