# Cybersecurity Offensive Specialist **Company:** [SquareDev](http://jobs.workable.com/companies/wQZ5ptvWTa31vomire9Cix.md) **Location:** Athens, Greece **Workplace:** hybrid **Employment type:** Full-time **Department:** Consulting [Apply for this job](http://jobs.workable.com/view/825bf3e2-3bd8-41b2-a2bd-be4b10b44ace) ## Description ### **Why are you looking for a job?** If your answer ticks all the boxes, this could be the start of a great collaboration. - You have a curious mind - You won't understand what we're talking about if you don't 🤔 - You want to learn more around technology - You won't survive if you don't 😱 - You want to make the world a bit better - We don’t like you if you don’t 😎 We happen to be just like that as well. We like hacking things here and there (you included) and create scalable solutions that bring value to the world. ### **SquareDev? 🐿️** We use state-of-the-art technology to build solutions for our customers and our partners' customers. We make sure we stay best-in-class by participating in **research projects across Europe**, collaborating with **top universities and enterprises** **on** **AI, Data, and Cloud**. **About QnR Group** **SquareDev is a member of the** **QnR Group**, a leading technology organization specializing in end-to-end custom software solutions, Artificial Intelligence, Cybersecurity, SAP S/4HANA, SAP Business One, ServiceNow, and FinTech solutions. As part of QnR Group's ongoing expansion — both in Greece and internationally — we are continuously hiring across a wide range of tech roles. Successful candidates may be hired by QnR Group, or another company within the Group, depending on the role and project. ### **Role overview** We are looking for **Cybersecurity Offensive Specialists** (Junior/Mid/Senior) to proactively identify and address security vulnerabilities, misconfigurations and design weaknesses — strengthening overall security posture and resilience against cyber threats. The role involves close collaboration with defensive teams to share findings and insights that drive security improvements. Depending on your area of expertise, you may operate in one or more of the following specialisations: - Vulnerability Assessment (VA) — performing scans and assessments to identify weaknesses and communicating findings to stakeholders. - Penetration Testing (PT) — conducting manual and automated testing to identify vulnerabilities across infrastructure, applications and systems. - Red Teaming (RT) — simulating advanced adversarial techniques to assess the effectiveness of the organisation's defensive strategy. ## Requirements **The ideal candidate will be responsible for:** **JUNIOR** **Vulnerability Assessment** - Assist in performing vulnerability scans and assessments, document and report basic vulnerabilities, and follow standard procedures. - Perform vulnerability assessments independently, identify and document vulnerabilities, and prioritise by severity. - Assist in root cause analysis, collaborate with senior staff for mitigation guidance, and track remediation progress. **Penetration Testing** - Assist in basic penetration tests under supervision, document and report basic vulnerabilities, and follow standard PT methodologies. - Conduct penetration tests on networks, web applications and systems; identify and document common vulnerabilities. - Assist in creating detailed penetration testing reports; stay informed on new attack vectors and provide detection teams with context for purple team efforts. **Red Teaming** - Assist in basic red teaming exercises and simulations on on-premises and cloud infrastructure. - Collaborate with senior red teamers to understand tactics and techniques; document findings and vulnerabilities identified during exercises. - Follow established red teaming methodologies, maintain basic knowledge of attack vectors and tools, and assist in creating detailed red teaming reports. - Stay informed about emerging attack techniques and evasion tactics; provide detection teams with context for purple team improvement efforts. **MID** **Vulnerability Assessment** - Conduct vulnerability assessments on complex systems, analyse and interpret scan results, and prioritise using risk assessment. - Collaborate with IT teams for remediation, develop and maintain custom scripts and tools, and contribute to VA policies and procedures. - Assist in compliance audits and present findings to technical and non-technical audiences. **Penetration Testing** - Lead penetration testing engagements, conduct comprehensive tests (automated and manual), and identify and exploit a wide range of vulnerabilities and misconfigurations. - Collaborate with stakeholders to define scope and objectives, develop and customise PT methodologies, and create detailed actionable reports. - Stay updated on advanced attack techniques and provide detection teams with sufficient context for purple team improvement efforts. **Red Teaming** - Lead and coordinate red teaming exercises on various targets across on-premises and cloud infrastructure. - Develop and execute comprehensive red teaming attack scenarios; identify and exploit a wide range of vulnerabilities and weaknesses. - Collaborate with stakeholders to define red teaming scope and objectives; create detailed and actionable reports with remediation recommendations. - Guide junior red teamers and provide detection teams with sufficient context for purple team improvement efforts. **SENIOR** **Vulnerability Assessment** - Develop and implement comprehensive vulnerability management strategies. - Conduct in-depth analysis of zero-day vulnerabilities and emerging threats. - Provide guidance on vulnerability mitigation, remediation and detection strategies; act as subject matter expert in vulnerability management. - Engage in research and development related to vulnerability assessment. **Penetration Testing** - Plan and execute complex penetration tests across on-premises and cloud environments; design and implement advanced PT strategies. - Lead scoping discussions with customers or internal teams; identify and exploit zero-day vulnerabilities and advanced attack vectors. - Develop custom tools and scripts; provide expert guidance on vulnerability mitigation and risk management. - Supply detection teams with sufficient context for purple team improvement efforts; contribute to PT policies and procedures. **Red Teaming** - Plan and execute complex red team exercises simulating advanced threat scenarios across on-premises and cloud infrastructure. - Lead discussions with customers or internal teams to understand business context and objectives; develop and implement advanced red teaming strategies. - Identify and exploit zero-day vulnerabilities and advanced attack vectors; provide expert guidance on vulnerability mitigation and risk management. - Contribute to the development of red teaming policies and procedures; provide detection teams with sufficient context for purple team improvement efforts. - Engage in advanced research and development related to red teaming. **To excel in this role, you'll need:** - A Bachelor's degree or Master's degree in Cybersecurity, Computer Science, Information Technology, Networks or a closely related field is mandatory. **JUNIOR** - Basic cybersecurity principles and familiarity with common offensive security tools and frameworks. - Basic knowledge of operating systems, network security concepts and common vulnerabilities / attack vectors. - Basic scripting / automation and basic risk assessment skills. - Ability to work as part of a team, follow procedures and communicate findings effectively. - Basic common cybersecurity threats, attack vectors and vulnerability assessment importance / patch management. - Common operating systems (Windows, Linux) and basic network protocols. - Basic cybersecurity compliance standards (e.g. ISO 27001). - Familiarity with SIEM systems and basic incident response concepts. **MID** - At least 3 years of experience. - Advanced knowledge of offensive security tools and methodologies (VA, PT or red teaming). - Manual assessment capabilities and strong understanding of exploit frameworks and threat intelligence. - Scripting proficiency (e.g. Python, PowerShell) for developing and customising tools. - Strong project management, leadership and risk assessment skills. - Ability to present findings clearly to technical and non-technical audiences. - In-depth knowledge of various vulnerability types and advanced scanning / assessment techniques. - Mastery of offensive security methodologies and threat intelligence relevance. - Proficiency in regulatory and compliance requirements related to offensive security. - Very good cloud computing understanding. **SENIOR** - At least 6 years of experience. - Expertise in offensive security techniques across one or more of: vulnerability assessment, penetration testing and/or red teaming. - Proficiency in developing custom scripts and tools for security assessments. - Knowledge of advanced threat actor TTPs and attack techniques. - Exceptional risk assessment skills with ability to provide actionable guidance on mitigation and remediation. - Strong communication, presentation, leadership and mentorship capabilities. - Thought leadership in offensive security and cybersecurity. - In-depth knowledge of vulnerability databases (CVE, NVD), exploit development and reverse engineering. - Advanced knowledge of compliance standards, regulations and legal aspects of vulnerability research and disclosure. - In-depth understanding of cloud security concepts and platforms; proficient cloud computing knowledge. **Certifications **_At least one in Cybersecurity, information technology, computer science, governance, engineering, and at least one in offensive security are mandatory for the mid & senior roles, e.g.:_ **Cybersecurity / IT / Computer Science / Governance:** GSEC, CISSP, CompTIA Security+, CSX-P, CISM, or equivalent, etc. **Offensive Security:** OSCP, OSWP, OSCE, OSEE, OSWE (Offensive Security), GIAC: GWAPT, GPEN, GCPN, GXPN, Licensed Penetration Tester (LPT), Product-specific: VA tools (e.g. Nessus), web PT toolkits (e.g. Burp Suite), red team platforms (e.g. Cobalt Strike), etc.