Senior Pentester / Red Teamer

Company Description

ecosio is a fast-growing, innovative service company and a leading provider of B2B integration, specialising in electronic data interchange (EDI), Web EDI and e-invoicing. ecosio is part of Vertex, Inc., a leading global provider of indirect tax solutions listed on Nasdaq (VERX).

Our brand slogan is Connections That Work as we believe strong connections are central to successful business relationships - both external and internal. At ecosio, we hire individuals from all backgrounds and are committed to creating an inclusive work environment. We are technology lovers, set the highest standards for our solutions, and put innovative ideas first.

Job Description

As a Senior Pentester / Red Teamer, you will operate as a highly autonomous security specialist responsible for proactively identifying vulnerabilities, simulating real-world attack scenarios, and hardening our infrastructure and applications. You will design and execute offensive security engagements — including penetration tests, red team exercises, and threat hunting campaigns — across cloud-native and hybrid environments. A core part of your mandate is to build and maintain automated security testing pipelines, leveraging AI-assisted tooling to continuously assess and improve the organisation's security posture.

You'll connect with the role if you enjoy...

• Plan and execute penetration tests against internal and external infrastructure, web applications, APIs, and cloud environments (primarily AWS)
• Conduct red team engagements simulating advanced persistent threats (APTs) and real-world attack chains
• Design, build, and maintain automated pentesting and security scanning pipelines integrated into CI/CD workflows
• Leverage AI and machine-learning–based tools (e.g., LLM-assisted vulnerability discovery, automated exploit generation, AI-driven anomaly detection) to scale offensive security operations
• Develop custom exploit code, scripts, and tooling tailored to the organisation's technology stack
• Assess and harden Kubernetes and AWS environments (IAM, VPC, EKS, Lambda, S3, CloudTrail, GuardDuty, etc.)
• Document findings in clear, actionable reports with risk ratings and remediation guidance
• Collaborate with SOC, DevOps, and engineering teams to validate fixes and improve detection capabilities
• Contribute to purple team exercises bridging offensive findings with defensive improvements
• Stay current on emerging attack techniques, CVEs, threat intelligence, and offensive security research
• Mentor junior security team members on offensive methodologies and tooling

Qualifications

To connect with ecosio it is important to have…

• 5+ years of hands-on experience in penetration testing, red teaming, or offensive security roles in Cloud environments
• Proven track record of security assessments in AWS environments (IAM misconfigurations, privilege escalation, serverless exploitation, container breakouts)
• Deep understanding of OWASP Top 10, MITRE ATT&CK, and common exploit frameworks (Metasploit, Cobalt Strike, Sliver, etc.)
• Strong proficiency in scripting and automation (Python, Bash, Go, or similar)
• Strong proficiency in subject matter tools e.g. Pacu or Prowler
• Solid knowledge of networking, operating systems (Linux/Windows), and cloud-native architectures
• Familiarity with AI/ML-assisted offensive security tools and techniques
• Excellent analytical thinking and ability to work independently with minimal supervision
• Strong written and verbal communication skills for technical and executive reporting

And nice to have...

• Relevant certifications such as OSCP, OSEP, OSCE, CRTO, GPEN, GXPN, or AWS Security Specialty