Red Team Specialist

We are seeking a Red Team Specialist to join our Exposure Management group. This role focuses on simulating real-world adversaries to evaluate the resilience of a large, complex multinational environment. The Red Team Specialist will design and execute offensive campaigns, emulating threat actors’ tactics, techniques, and procedures (TTPs), and work closely with threat intelligence, detection engineering, posture management, and incident response teams to identify weaknesses and validate defensive capabilities.

Your role

• Plan and execute red team campaigns targeting enterprise, cloud, and hybrid environments using intelligence-driven TTPs.
• Perform adversary emulation across multiple attack vectors, including phishing, lateral movement, credential abuse, persistence, and privilege escalation.
• Develop and maintain custom tools, scripts, and techniques to support red team operations.
• Collaborate with Threat Intelligence to align operations with relevant adversary profiles.
• Coordinate with Posture Management and Vulnerability Management to ensure identified exposures are tested and validated.
• Provide actionable reporting and technical debriefs to both technical stakeholders and senior leadership.
• Support purple team exercises to validate detections, response processes, and defensive improvements.
• Contribute to continuous improvement of red team methodologies, playbooks, and operational security (OPSEC).

You're the right fit if

• Bachelor’s degree in Cybersecurity, Computer Science, or related field; or equivalent.
• Minimum 5 years of experience with Bachelor's OR Minimum 3 years of experience with Master's in areas such as Security Architecture, Network Security, Cybersecurity Technology, Information Security or equivalent.
• Working knowledge of artificial intelligence concepts and practical experience applying AI or machine learning techniques within cybersecurity functions, such as threat analysis, automation, or analytics.
• 2–5 years of experience in penetration testing, offensive security, or red team operations.
• Strong grounding in IT infrastructure (networks, operating systems, identity management, cloud services).
• In-depth understanding of adversary tactics mapped to MITRE ATT&CK.
• Proficiency with offensive security tools (Cobalt Strike, Metasploit) and scripting languages (Python, PowerShell, Bash).
• Demonstrated experience in lateral movement, persistence techniques, and privilege escalation in enterprise environments.
• Experience with cloud attack paths in AWS, Azure, or GCP.
• Familiarity with Active Directory and identity attack scenarios.
• Exposure to purple team methodologies and collaboration with blue teams.
• Relevant cybersecurity certifications are highly desirable.
• Fluency in English (min C1 level)

How we work together

We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week. Onsite roles require full-time presence in the company’s facilities. Field roles are most effectively done outside of the company’s main facilities, generally at the customers’ or suppliers’ locations.

This role is an office role.

About Philips

We are a health technology company.