Red Team Security Engineer
Location
Europe
Posted
56 days ago
Salary
0
Seniority
Mid Level
Job Description
Red Team Security Engineer
Sabio Group
Role Description At Sabio Group, we build and operate AI-powered customer experience platforms for some of the world's most demanding enterprise brands. As we push deeper into agentic AI, multi-cloud architectures and high-volume conversational systems, the attack surface evolves with us — and we need people who can think like adversaries to keep our customers, our data and our reputation safe. We're hiring a Red Team Security Engineer to join our Information Security & Cyber Security team in South Africa. You'll be the offensive counterpart to our defensive function: stress-testing the solutions we design, build and operate — from cloud-native services to LLM-powered agents — by attacking them the way a real adversary would, and partnering with engineering teams to fix what you find. This is a hands-on role for someone who is genuinely curious about how systems break, comfortable writing code as well as reading it, and excited about the new class of vulnerabilities emerging in AI and agentic systems. Qualifications - Demonstrable hands-on experience in offensive security — penetration testing, red teaming, or adversary simulation — against modern web, API and cloud-based systems. - Strong understanding of common vulnerability classes (OWASP Top 10, authZ flaws, SSRF, deserialization, injection, cryptographic misuse) and how to chain them into real impact. - Solid grasp of cloud security in at least one major provider (AWS, Azure or GCP): IAM, networking, key management, container and serverless services, common misconfigurations and attack paths. - Practical understanding of AI/LLM systems — how they work, where they fail, and the new risks they introduce (prompt injection, jailbreaks, insecure tool use, training/RAG data exposure). - Coding capability in at least one of Python, Go, JavaScript/TypeScript or similar — comfortable writing exploits, tooling and automation, not just running other people's tools. - Confidence with offensive tooling — Burp Suite, nmap, Nuclei, BloodHound, Metasploit, custom scripts — and the judgement to know when to build vs. buy. - Familiarity with CI/CD, containers and IaC (Docker, Kubernetes, Terraform or equivalent) and how to attack and defend them. - An evaluation mindset: you measure security posture with reproducible tests, metrics and evidence — not gut feel. - Comfort with agentic development workflows — using AI coding assistants and AI co-work / pair-development models (Claude Code, Copilot, Cursor or equivalent) as part of your day-to-day delivery. - Clear written and verbal communication in English: able to brief engineers, executives and (where relevant) customers on findings and risk. - A strong ethical compass and discipline around scope, rules of engagement, evidence handling and responsible disclosure. Requirements - Plan and execute red team engagements, penetration tests and adversary simulations against our platforms, products and corporate environment. - Identify, exploit and document vulnerabilities across web applications, APIs, cloud infrastructure, identity systems and AI/LLM-based services. - Develop realistic attack scenarios — initial access, privilege escalation, lateral movement, data exfiltration — mapped to frameworks such as MITRE ATT&CK. - Build and maintain custom tooling, exploits and automation where off-the-shelf tools fall short. - Leverage AI pen testing tooling and frameworks as a force amplifier within your role. - Active, hands-on use of AI-powered offensive security tooling as a core part of your workflow — leveraging LLMs and agentic assistants to accelerate reconnaissance, exploit development, code review, payload generation and report writing. - Familiarity with emerging AI red-team frameworks and platforms — e.g. PyRIT, Garak, Promptfoo, NVIDIA Aegis, Microsoft Counterfit, HackerOne / Bugcrowd AI testing toolkits, or equivalent — and a practical sense of when to use which. - Experience building or extending automated AI red-team harnesses: prompt-injection test suites, jailbreak corpora, tool-abuse scenarios, multi-turn attack agents, and regression eval sets for LLM and agentic systems. - Pragmatic judgement on the limits and risks of AI-assisted offensive work — hallucinated findings, false confidence, data leakage into third-party models — and the discipline to validate AI output before acting on it. - Curiosity to keep pace with a fast-moving space: new models, new attack techniques, new defensive controls — and a willingness to bring those learnings back into the team. - Probe LLM-powered and agentic systems for prompt injection, jailbreaks, tool/function-call abuse, context leakage, insecure output handling and supply-chain risks. - Test RAG pipelines, knowledge bases and integrations for data exfiltration, poisoning and unauthorized access paths. - Contribute to internal threat models for agentic architectures and help shape secure-by-default patterns for multi-agent and tool-using systems. - Stay close to evolving standards and guidance (e.g. OWASP Top 10 for LLMs, NIST AI RMF, emerging agent interoperability protocols). - Perform deep-dive security testing of cloud workloads across AWS, Azure and/or GCP — IAM, network, container, serverless and data-layer concerns. - Review CI/CD pipelines, IaC (Terraform, CloudFormation, Bicep) and Kubernetes deployments for misconfigurations and exploitable weaknesses. - Conduct source-assisted ("grey-box") testing — reading code to find logic flaws, authZ gaps and unsafe integrations. - Triage findings, assign realistic severity, and write clear, reproducible reports with concrete remediation guidance. - Partner with engineering teams to validate fixes, advise on secure design and pair on hardening work — not just throw findings over the wall. - Drive continuous improvement of detection coverage by working with the blue team / SOC on purple-team exercises. - Build automation that turns one-off tests into repeatable, scheduled checks — exposure scanning, attack-path analysis, agent red-teaming harnesses. - Integrate offensive testing into the SDLC: SAST/DAST/IAST, dependency scanning, secrets detection, container and IaC scanning. - Treat evaluation and regression of security controls as a first-class deliverable — measured, not assumed. - Work alongside the Head of Information Security, AI Ethics leads, platform engineering and product teams to embed security early. - Produce clear design reviews, threat models, runbooks and post-engagement reports for both technical and executive audiences. - Operate within strict rules of engagement, with care for production stability, customer data and legal/regulatory obligations. Benefits - Remote/Flexible work - Discovery Medical Aid - Connectivity Allowance - 15 days paid holiday a year (this includes three Sabio days) - Momentum EAP
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Director, Global Security Standards and Compliance
Oak View Group - OVGOak View Group (OVG), founded in 2015, is a leading company in the sports, live entertainment, and hospitality industries. It is dedicated to delivering exceptional experiences acr
Title: Director, Global Security Standards and Compliance | Full-Time | Remote Location: Remote, United States Department: Security Job ID 2026-31819 Location Name Remote Type Regular Full-Time Location : Location US-Remote Job Description: Oak View Group Oak View Group (OVG) is the global leader in premium live entertainment infrastructure and services, with a platform spanning venue development and end-to-end capabilities across venue management, hospitality, and sponsorship sales. Founded in 2015, the company serves a collection of seven world-class owned venues and a client roster of the most iconic arenas, stadiums, convention centers, music festivals, performing arts centers, and cultural institutions, spanning four continents. Position Summary The Director, Global Security Standards & Compliance will champion Prevent Advisors’ Global Security function for all venues and events that are managed by Oak View Group (OVG). Working at the direction of OVG’s Chief Security Officer and in partnership with other corporate departments and leaders, this role will develop and execute an enterprise-wide physical security strategy that establishes minimum compliance standards, delivers subject-matter expertise, and provides centralized oversight, policy, and programmatic consistency across all managed venues and events. The Director will be the primary security resource and point of contact for operational leaders, ensuring regulatory compliance, risk reduction, investigative rigor, and coordinated responses to security incidents. This role pays an annual salary of $125,000-140,000. Benefits for Full-Time roles: Health, Dental and Vision Insurance, 401(k) Savings Plan, 401(k) matching, and Paid Time Off (vacation days, sick days, and 11 holidays). Responsibilities - Design, implement, and maintain an enterprise-wide physical security program and roadmap for OVG venues and events, including corporate minimum standards, policies, procedures, playbooks, and metrics. - Translate executive-level security strategy into deployable standards and tactical guidance for venue operations and event teams. - Establish and maintain program governance, including compliance monitoring, exception approval processes, and regular executive reporting. - Ensure physical security policies and practices comply with applicable local, state, and federal laws and regulations, including OSHA Duty of Care and industry-specific standards. - Define and enforce minimum security standards for access control, perimeter security, video surveillance, screening, credentialing, visitor management, incident reporting, crowd management, radio communications, and emergency preparedness. - Conduct or oversee compliance assessments and corrective action plans for venue partners and third parties. - Act as the principal security liaison to Operations, Safety, Legal, HR, Insurance Partners, Risk Management, and venue leadership to align security initiatives with operational constraints and business objectives. - Provide consultative support for contract negotiations, venue onboarding, event risk assessments, and security staffing models. - Facilitate cross-functional incident review and lessons-learned sessions. - Direct strategies and resources for responding to incidents; including, criminal financial loss, crimes against persons, threats, illegal acts, and property/environmental crimes. - Oversee the approach, deployment, and execution of security investigations (initial fact-finding through coordination with law enforcement and legal). - Ensure incidents are managed with timely, consistent communication and appropriate escalation to executives, Legal, Risk Management, and affected stakeholders. - Implement programs to reduce frequency and severity of security incidents and to prevent catastrophic events - Integrate physical security with safety, loss control, continuity planning, and insurance requirements. - Lead or coordinate risk assessments, threat modeling, and coordinate other security services such as security exercises (tabletops, full-scale drills)with PA’s Business Services Division. - Maintain awareness of emerging security technologies and industry best practices; recommend investments (CCTV, access control, analytics, communications) that deliver scalable value across venues. - Define key performance indicators (KPIs), develop dashboards, and use data to drive continuous improvement and cost-effective security operations. - Manage relationships with security vendors, consultants, and technology providers. - Create training curricula, guidance, and awareness programs for venue staff, event teams, and leadership on security protocols and incident reporting. - Serve as a spokesperson internally and externally on security matters as appropriate. Qualifications Required - Bachelor’s degree in Criminal Justice, Security Management, Homeland Security, Business Administration, or a related field. Advanced degree preferred. - 5-7+ years of progressive security leadership experience, including several years managing enterprise security programs for multi-site venues, large events, or similar high-density public environments. - Demonstrated experience within live events, sports & entertainment, venue management, or large-scale hospitality operations, preferably as the principal security representative. - Demonstrated experience designing and implementing security policies, compliance programs, and investigative frameworks. - Strong experience partnering with Operations, Legal, HR, Insurance, and Risk Management. - Proven ability to lead multi-disciplinary teams and manage cross-functional stakeholder relationships. - Experience with incident command structures, emergency operations, and conducting security exercises. - Familiarity with applicable regulatory frameworks (OSHA Duty of Care, local law enforcement protocols, and data/privacy considerations). - Excellent written and verbal communication skills; proven experience presenting to executives, senior leadership, and government partners. - Willingness and ability to travel frequently and work evenings/weekends for events. - Frequent on-site presence at live-event venues and events (may include late nights, weekends, and extended hours). - Ability to travel domestically (frequently, up to 75%) and internationally (infrequently, ~10%) Preferred - Professional certifications such as CPP (ASIS), PSP (ASIS), or equivalent. - Experience with vendor procurement, security systems (CCTV, access control), and security analytics/insights platforms. - Law enforcement, military, or federal investigative background. Strengthened by our Differences. United to Make a Difference At OVG, we understand that to continue positively disrupting the sports and live entertainment industry, we need a diverse team to help us do it. We also believe that inclusivity drives innovation, strengthens our people, improves our service, and raises our excellence. Our success is rooted in creating environments that reflect and celebrate the diverse communities in which we operate and serve, and this is the reason we are committed to amplifying voices from all different backgrounds. Equal Opportunity Employer Oak View Group is committed to equal employment opportunity. We will not discriminate against employees or applicants for employment on any legally recognized basis (“protected class”) including, but not limited to veteran status, uniform service member status, race, color, religion, sex, national origin, age, physical or mental disability, genetic information or any other protected class under federal, state, or local law.
Title: Security Systems | Technical Lead Location: Sydney Australia Job Description: Joining Arup Arup's purpose, shared values and collaborative approach has set us apart for over 75 years, guiding how we shape a better world. Within Arup, the Resilience, Security and Risk (RSR) team addresses malicious man-made threats through integrated expertise including counter-terrorism design, blast engineering, operational resilience and security system engineering. We are seeking an enthusiastic and capable Technical experienced Consultant to join our specialist Security System Engineering team, delivering innovative, integrated security solutions across the built environment. The Opportunity - Design and deliver integrated security systems, including access control, video surveillance and intruder detection, across complex built-environment projects. - Coordinate security systems with third-party building systems such as fire, telecommunications, electrical, BMS and vertical transport. - Manage and deliver security design projects incorporating Secured by Design, CPTED principles and Threat, Vulnerability and Risk Assessments. - Lead technical reviews, audits and site installation inspections, while providing guidance to junior team members in BIM and Revit environments. - Collaborate across RSR disciplines and wider Arup teams, contributing to quality management, resourcing, business development and client engagement. At Arup, you belong to an extraordinary collective - in which we encourage individuality to thrive. Our strength comes from how we respect, share and connect our diverse experiences, perspectives and ideas. You will have the opportunity do socially useful work that has meaning - to Arup, to your career, to our members and to the clients and communities we serve. Is this role right for you? - A bachelor's degree (or equivalent) in systems, electrical, aeronautical or built-environment engineering, or recognised credentials in security or risk management. - Strong experience delivering security systems projects within a multidisciplinary engineering consultancy environment. - Technical knowledge of physical and electronic security measures, relevant legislation and international standards, with a holistic, risk-based approach to security. - Excellent communication, analytical and presentation skills, supported by industry networks and confidence engaging with clients and stakeholders. - A proactive, growth-oriented mindset, with willingness to travel, work on client sites outside Sydney when required, and pursue ongoing professional development (including chartership and licensing where applicable). What we offer you At Arup, we care about each member's success, so we can grow together. Guided by our values, we provide an attractive total reward package that recognises the contribution of each of our members to our shared success. As well as competitive, fair, and equitable pay, we offer a career in which all of our members can belong, grow and thrive - through benefits that support health and wellbeing, a wide range of learning opportunities and many possibilities to have an impact through the work they do. We are owned in trust on behalf of our members, giving us the freedom, with personal responsibility, to set our own direction and choose work that aligns with our purpose and adds to Arup's legacy. Our members collaborate on ambitious projects to deliver remarkable outcomes for our clients and communities. Profit Share is a key part of our reward, enabling eligible members to share in the results of our collective efforts. Explore the perks of a career with Arup Australia: - Hybrid working policy and flexible working hours. - Paid parental leave for the primary carer of 16 weeks or 32 weeks at half pay and as well as generous unpaid leave benefits. - Paid parental leave for the non-primary carer of 4 weeks plus the opportunity to access extra paid and unpaid leave of up to 16 weeks if you later become the primary carer (any leave taken at the time will be deducted from the total 16-week parental leave benefit). - Birthday leave - Annual leave loading - Ability to purchase additional leave of up to 20 days for permanent employees. - International mobility opportunities - Insurances (life & income protection) - Interest free solar energy and bicycle loans - Novated car lease - Ovasaver including discounts, vouchers, cashback, and exclusive offers on more than 300 retailers. Different people, shared values Arup is an equal opportunity employer that actively promotes and nurtures a diverse and inclusive workforce. We welcome applications from individuals of all backgrounds, regardless of age (within legal limits), gender identity or expression, marital status, disability, neurotype or mental health, race or ethnicity, faith or belief, sexual orientation, socioeconomic background, and whether you're pregnant or on family leave. We are an open environment that embraces diverse experiences, perspectives, and ideas - this drives our excellence. Guided by our values and alignment with the UN Sustainable Development Goals, we create and contribute to equitable spaces and systems, while cultivating a sense of belonging for all. Our internal employee networks support our inclusive culture: from race, ethnicity and cross-cultural working to gender equity and LGBTQ+ and disability inclusion - we aim to create a space for you to express yourself and make a positive difference. We are committed to making our recruitment process and workplaces accessible to all candidates. Please let us know if you need any assistance or reasonable adjustments throughout your application or interview process, and/or to perform the essential functions of the role. We will do everything we can to support you. #LI-AS2
Senior Engineer, Cybersecurity – Vul. Mgt
Ensemble Health PartnersInnovation in Revenue Cycle Management
• Independent monitor and manage vulnerabilities across Tenable, Wiz, Defender for Cloud, and other platforms. • Lead the assessment of reported vulnerabilities, triage them, and rank them by risk and other mitigating control factors. • Set a strategic prioritization schedule for remediation and work with patching teams to ensure timely patching. • Proficiency with ticketing tools, raising appropriate patch requests, keeping record of the pending requests, following them up on regular basis and tracking them down till resolution. • Manage risk exception procedures and ensure tools exclude findings with granted risk exceptions. • Stay at the forefront of vulnerability trends and provide recommendations for improving vulnerability management processes. • Manage CSPM components to ensure the security of cloud environments, including continuous security assessments, risk prioritization, compliance monitoring, and configuration management. • Detect and address gaps in scan coverage to ensure comprehensive vulnerability assessments. • Generate reports and deliver presentations on vulnerability assessments and remediation progress. • Mentor and train junior team members, fostering skill development and knowledge-sharing. • Contribute to the overall security strategy and engage with executive leadership to enhance security resilience. • Collaborate with cross-functional teams to address complex security issues and ensure effective vulnerability management.
• Lead high-complexity investigations involving sophisticated techniques and potential legal or regulatory considerations • Coordinate closely with Legal, People, and Security teams on investigation scope, evidence handling, privacy considerations, and response activities • Write detailed investigation reports documenting findings, evidence, impact, and recommendations for technical and non-technical stakeholders • Respond to security events from detection through to containment, remediation, and resolution • Create and improve detection logic, correlation rules, and alerts across SIEM and EDR platforms • Proactively run threat hunting and anomaly detection exercises across Canva’s environment • Design and improve scalable tooling, workflows, and operational processes that strengthen Canva’s incident detection, investigation, and response capabilities • Act as an escalation point and incident coordinator during active investigations and security incidents • Participate in a collaborative on-call rotation supporting critical security investigations and incident response activities • Mentor and support the growth of teammates through knowledge sharing, operational guidance, and investigation best practices

