Threat Researcher

About the role

Global Services - Cyber Threat Red Team Red Team delivers offensive security engagements - red teaming and penetration testing - that help customers identify threats and weaknesses before real adversaries can exploit them. Through realistic, ethical attack simulations, we provide actionable findings that strengthen our customers' systems, security controls, and overall resilience against real-world attacks. Job Responsibilities - Perform red teaming and penetration testing engagements against customers' enterprise environments, including their cloud applications and infrastructure - Simulate real-world adversaries (TTPs) and conduct research on offensive techniques and evasion methods - Recognize and safely operate attacker tools, tactics, and procedures within authorized engagements - Develop scripts, tools, and methodologies to enhance and automate red teaming processes - Design and test new security technologies, automations, and controls - Document findings and clearly communicate risk and remediation to customers' engineering and management teams Required Qualifications - Solid understanding of computer hardware, software, networks, and communications/connectivity - Hands-on familiarity with both Linux/Unix and Windows operating systems - Proficiency with web technologies and cloud environments (SaaS), plus working knowledge of wireless and mobile device security - Experience conducting full-scope assessments and penetration tests - including phishing, social engineering, server- and client-side attacks, protocol subversion, and network/web application exploitation - Experience with scanning, attack, and assessment tools and techniques, including proficiency in at least one C2 framework - In-depth knowledge of high-impact web application vulnerabilities - including RCE, SQL injection, SSRF, LFI/path traversal, XXE, insecure deserialization, SSTI, and authentication/authorization flaws (e.g., IDOR) - with the ability to identify, exploit, and chain them in real-world scenarios - Ability to leverage and modify existing exploits or PoCs to conduct vulnerability testing - Demonstrated experience in technical report writing - Strong analytical skills and the ability to work both independently and as part of a team

Requirements

• 2+ years of experience in red teaming and/or penetration testing
• One or more practical, hands-on offensive certifications (e.g., OSCP / OSCP+, OSWE, OSEP)
• Experience developing custom tooling or automation for offensive operations
• Experience operating in mature, monitored environments (evading EDR/SOC detection)
• Good written and verbal communication skills in English
• ===============================================================
• 連結智慧 守護世界 --- Connected Intelligence for Securing a Connected World

Additional Information

Join Trend ‧ Join New Generation 趨勢科技 - 全球雲端資安領航者 / 全亞洲最大軟體公司 / 企業版圖橫跨五大洲 / 趨勢全球研發基地在台灣 ===============================================================

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Trend Micro? Share your experience