Senior Security Engineer - Purple Teaming

About the role

As a Senior Security Engineer in Purple Teaming, you'll plan and execute purple team exercises aligned to real‑world threat actors to protect Trade Republic's critical systems and customer data.

What you'll do

• Design attack scenarios covering initial access, persistence, lateral movement, privilege escalation, command‑and‑control, and exfiltration.
• Coordinate with business and engineering teams to gather requirements, understand operational constraints, and ensure testing activities align with business risk.
• Assess existing security controls to ensure they aren't just "active," but actually effective.
• Conduct deep-dive assessments of internal networks, applications, and cloud infrastructure.
• Develop and tune SIEM detections, analytics rules, and alerts based on attack simulations and real incidents together with the Security Operations team.
• Validate alert quality, reduce false positives, and improve signal‑to‑noise ratio.
• Support and enhance incident response playbooks, escalation paths, and response automation.

What you'll need

• 5+ years as a Security Engineer with 3+ years specializing in Purple/Red/Blue Teaming.
• Experience running or leading purple team exercises in enterprise environments.
• Strong understanding of real‑world attacker behavior, not just theoretical frameworks.
• Experience operating in regulated or compliance‑driven environments (MaRisk, BAIT, GDPR).
• Strong understanding of cloud security (AWS) and Kubernetes security.
• Experience with SIEM solutions, preferably Google SecOps.
• Experience with Endpoint Detection & Response (EDR) tools such as SentinelOne or CrowdStrike.
• Proficiency in Python, Go or other scripting language.

Nice to have

• Good understanding of macOS security.
• Multi-cloud experience (GCP, Azure).