Threat Researcher

Join Trend ‧ Join New Generation

趨勢科技 - 全球雲端資安領航者 / 全亞洲最大軟體公司 / 企業版圖橫跨五大洲 / 趨勢全球研發基地在台灣
===============================================================

Overview

Global Services - Cyber Threat Red Team

Red Team delivers offensive security engagements - red teaming and penetration testing - that help customers identify threats and weaknesses before real adversaries can exploit them. Through realistic, ethical attack simulations, we provide actionable findings that strengthen our customers systems, security controls, and overall resilience against real-world attacks.

Job Responsibilities

- Perform red teaming and penetration testing engagements against customers enterprise environments, including their cloud applications and infrastructure

- Simulate real-world adversaries (TTPs) and conduct research on offensive techniques and evasion methods

- Recognize and safely operate attacker tools, tactics, and procedures within authorized engagements

- Develop scripts, tools, and methodologies to enhance and automate red teaming processes

- Design and test new security technologies, automations, and controls

- Document findings and clearly communicate risk and remediation to customers engineering and management teams

Required Qualifications

- Solid understanding of computer hardware, software, networks, and communications/connectivity

- Hands-on familiarity with both Linux/Unix and Windows operating systems

- Proficiency with web technologies and cloud environments (SaaS), plus working knowledge of wireless and mobile device security

- Experience conducting full-scope assessments and penetration tests - including phishing, social engineering, server- and client-side attacks, protocol subversion, and network/web application exploitation

- Experience with scanning, attack, and assessment tools and techniques, including proficiency in at least one C2 framework

- In-depth knowledge of high-impact web application vulnerabilities - including RCE, SQL injection, SSRF, LFI/path traversal, XXE, insecure deserialization, SSTI, and

authentication/authorization flaws (e.g., IDOR) - with the ability to identify, exploit, and chain them in real-world scenarios

- Ability to leverage and modify existing exploits or PoCs to conduct vulnerability testing

- Demonstrated experience in technical report writing

- Strong analytical skills and the ability to work both independently and as part of a team

Preferred Qualifications

- 2+ years of experience in red teaming and/or penetration testing

- One or more practical, hands-on offensive certifications (e.g., OSCP / OSCP+, OSWE, OSEP)

- Experience developing custom tooling or automation for offensive operations

- Experience operating in mature, monitored environments (evading EDR/SOC detection)

- Good written and verbal communication skills in English

===============================================================