Security Engineer II - Red Team (BAS)

Company Overview

Interactive Brokers Group, Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich, CT, USA, with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades, known for our cutting-edge technology and client commitment.

IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments.

Barron's has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology.

About the Role

We are seeking a skilled cybersecurity professional to join our team in a dual role focused on Phishing Simulation and Red Team Breach Attack Simulation (BAS). This position requires expertise in both conducting phishing campaigns and operating BAS tools to simulate various attack scenarios beyond phishing. The role is critical for assessing and improving our organization's security posture against multiple threat vectors. 

Key Responsibilities

Phishing Simulation 

• Design, develop, and execute sophisticated phishing simulation campaigns tailored to organizational needs


• Create and manage the technical infrastructure required for phishing simulations, including domains and servers


• Develop realistic phishing email content and landing pages that reflect current threat actor tactics


• Generate comprehensive phishing reports with metrics, findings, and recommendations


• Track user susceptibility to phishing attempts and measure improvement over time


• Collaborate with security awareness teams to develop targeted training based on simulation results 

Breach Attack Simulation (BAS) 

• Configure and operate BAS tools to simulate various attack scenarios beyond phishing (e.g. ransomware, lateral movement, data exfiltration)


• Design realistic red team scenarios to test security controls across the organization


• Troubleshoot technical issues with BAS tools and ensure proper execution of attack scenarios and that log events are being raised and ingested


• Analyze BAS results to identify security gaps and control weaknesses


• Provide recommendations for security improvements based on BAS findings


• Stay current with emerging attack techniques and implement them in simulation scenarios


• Document and maintain BAS procedures and playbooks 

General 

• Collaborate with security teams to prioritize remediation efforts based on simulation findings


• Contribute to the development of security policies and procedures


• Maintain knowledge of current cybersecurity threats and attack methodologies


• Participate in security assessment activities as needed 

Technical Requirements 

• Strong understanding of domain and server setup for phishing operations, including technical components such as:


• DNS configuration (A records, MX records, CNAME)


• Email authentication protocols (SPF, DKIM, DMARC)


• Web server configuration and management


• SSL/TLS certificate implementation


• Solid networking knowledge including:


• TCP/IP protocols


• Network architecture


• Firewalls and routing


• Network security principles


• Experience operating BAS tools and understanding attack chain methodologies


• Familiarity with Red Team concepts and tactics


• Working knowledge of Vulnerability Assessment and Penetration Testing (VAPT)


• Experience with infrastructure set-up and management


• Creative approach to developing realistic attack scenarios and campaigns 

Qualifications 

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent work experience)


• 3+ years of experience in cybersecurity with focus on phishing simulations and/or red team operations


• Hands-on experience with BAS tools


• Basic understanding of infrastructure setup and management 

Preferred Certifications (one or more) 

• Certified Ethical Hacker (CEH)


• eLearnSecurity Junior Penetration Tester (eJPT)


• Offensive Security Certified Professional (OSCP)


• Practical Network Penetration Tester (PNPT)


• Certified Red Team Professional (CRTP)


• Certified Red Team Operator (CRTO)


• Certified Network Penetration Tester (CNPen) 

Personal Attributes 

• Strong analytical and problem-solving skills


• Excellent written and verbal communication abilities


• Attention to detail and methodical approach to work


• Ability to work independently and as part of a team


• Commitment to continuous learning and professional development


• Creative mindset for developing effective security testing scenarios 

Join our team to help strengthen our security defenses through comprehensive security simulations and contribute to building a more resilient security posture for our organization. 

Company Benefits & Perks: 

• Competitive salary package.


• Performance based annual bonus (cash and stocks).


• Hybrid working model (3 days office/week).


• Group Medical & Life Insurance.


• Modern offices with free amenities & fully stocked cafeterias.


• Monthly food card & company paid snacks.


• Hardship/shift allowance with company provided pickup & drop facility*


• Attractive employee referral bonus.


• Frequent company sponsored team building events and outings.

* Depending upon the shifts.

**The benefits package is subject to change at the management's discretion.