Senior Security Engineer Purple Teaming

THE BEST WORK OF YOUR CAREER

Trade Republic is the largest savings platform in Europe - we operate in 18 countries serving 10 million customers who trusted us with over 150B in assets. But were striving for more.

We have a bold mission to empower everyone to build wealth with easy safe and free access to financial systems. You will have the opportunity to grow your career by collaborating with a team of outstanding talents and state-of-the-art technology to build a lasting positive future for millions.

WHAT YOULL BE DOING

As a Senior Security Engineer in Purple Teaming youll plan and execute purple team exercises aligned to realworld threat actors to protect Trade Republics critical systems and customer data. Your responsibilities include:

• Design attack scenarios covering initial access persistence lateral movement privilege escalation commandandcontrol and exfiltration.
• Coordinate with business and engineering teams to gather requirements understand operational constraints and ensure testing activities align with business risk.
• Assess existing security controls to ensure they arent just active but actually effective.
• Conduct deep-dive assessments of internal networks applications and cloud infrastructure.
• Develop and tune SIEM detections analytics rules and alerts based on attack simulations and real incidents together with the Security Operations team.
• Validate alert quality reduce false positives and improve signaltonoise ratio.
• Validate coverage of detections against known TTPs and identify detection gaps.
• Support and enhance incident response playbooks escalation paths and response automation.
• Conduct hypothesisdriven threat hunts based on attacker tradecraft and threat intelligence.

WHAT WERE LOOKING FOR

Core Experience

• 5 years as a Security Engineer with 3 years specializing in Purple/Red/Blue Teaming.
• Experience running or leading purple team exercises in enterprise environments
• Strong understanding of realworld attacker behavior not just theoretical frameworks
• Experience operating in regulated or compliancedriven environments (MaRisk BAIT GDPR)

Technical Experience

• Strong understanding of cloud security (AWS) and Kubernetes security
• Good understanding of macOS security
• Experience with SIEM solutions preferably Google SecOps
• Experience with Endpoint Detection & Response (EDR) tools such as SentinelOne or CrowdStrike
• Proficiency in Python Go or other scripting language
• Multi-cloud experience (GCP Azure) is advantageous

WHY YOU SHOULD APPLY NOW

Our culture rewards ownership excellence and high energy. We care deeply about outcomes and hold each other accountable - were here to win and fix one of the largest challenges Europeans face - closing the pension gap and democratizing wealth. If this gets you fired up reach out!

We believe its our teams varied identities and backgrounds that make us sharper and stronger. Were committed to creating an environment where everyone feels respected and has equal opportunity to thrive in their careers. For any questions on DEI during the interview process reach out to your recruitment partner.