Join Our Team

We're building the future of cybersecurity. Join our team of security experts and help organizations worldwide secure their most critical systems.

Why Join Bugscale?

Work alongside recognized security specialists on cutting-edge projects that make a real impact in the cybersecurity landscape.

Cool Research

Work on advanced and complex reverse engineering projects that push the boundaries of cybersecurity. Embrace new application security and penetration testing methodologies, and investigate new domains.

Professional Growth

Continuous learning opportunities, conference participation, and mentorship from industry experts to accelerate your career development.

Collaborative Culture

Work in a supportive environment that values innovation, knowledge sharing, and maintains a healthy work-life balance.

Open Positions

Explore our current openings and find your next opportunity.

Vulnerability Researcher / Reverse Engineer

Lonay, Switzerland / Remote

Research Team

Web Application Researcher

Lonay, Switzerland / Remote

Research Team

Red Team Penetration Tester

Lonay, Switzerland

Audit

We're looking for an experienced red team penetration tester to strengthen our audit team.

In this role, you will lead advanced red team operations and penetration tests simulating real-world adversaries targeting complex corporate environments. You will design and execute realistic attack scenarios to evaluate the resilience of clients’ detection and response capabilities, uncover systemic weaknesses, and validate the effectiveness of existing security controls.

Key Responsibilities

Red Team Operations: Conduct advanced red team exercises to simulate real-world attacks and assess the effectiveness of security measures.

Threat Modeling and Adversary Emulation: Utilize threat modeling and threat actor attack pathing to validate security controls.

Infrastructure and Cloud Penetration Testing: Perform in-depth assessments of on-premise and cloud-based environments (Active Directory, Azure, AWS, Kubernetes, Linux) to identify vulnerabilities, misconfigurations, and potential attack paths.

Privilege Escalation and Lateral Movement: Design and execute attack chains involving privilege escalation, credential abuse, persistence mechanisms, and lateral movement across enterprise networks.

Detection and Response Evaluation: Collaborate with Blue Teams and SOCs to measure detection capabilities, incident response effectiveness, and identify opportunities for defensive improvement.

Tool Development and Automation: Develop, customize, and maintain scripts and tools to support offensive security operations and improve efficiency during engagements.

Continuous Improvement: Provide technical guidance and feedback to enhance methodologies, playbooks, and internal capabilities for offensive security operations.

Research and Development: Stay current with emerging attack techniques, vulnerabilities, and security technologies; contribute to internal R&D initiatives and capability development.

Reporting and Documentation: Ability to produce clear, detailed, and actionable technical reports, and to present findings and recommendations to both technical and executive audiences.

Requirements

Offensive Security Experience: 5+ years in penetration testing or red teaming, with a proven track record conducting goal-oriented offensive security operations in enterprise environments.

Strong Knowledge of Enterprise Attack Surfaces: Deep understanding of Active Directory, identity-based attacks, Kerberos abuse, lateral movement, privilege escalation, and post-exploitation in Windows and hybrid infrastructures.

Cloud and Hybrid Environment Expertise: Hands-on experience assessing or exploiting configurations in Azure AD, Microsoft 365, AWS, and Kubernetes environments.

Advanced Adversary Emulation Skills: Experience designing and executing threat simulations based on frameworks such as MITRE ATT&CK.

Proficiency with Offensive Toolsets: Strong command of offensive toolkits used for network, cloud and application penetration testing.

Custom Tooling and Scripting: Ability to develop or modify offensive tools, scripts, and payloads to bypass modern defenses.

Detection and Response Awareness: Understanding of Blue Team operations, detection engineering, and how to evaluate SOC performance and alerting effectiveness during engagements.

Assessment Methodology Knowledge: Familiarity with established security testing standards (eg NIST SP 800-115, PTES, OSSTMM, OWASP).

Effective Communication: Ability to produce clear, detailed, and actionable technical reports, and to present findings and recommendations to both technical and executive audiences.

Certifications (preferred but not required): OSCP, OSCE, CEH, GCTI, GCPN, GXPN, or equivalent.

Passion for staying ahead of emerging attack techniques, threat actor TTPs, and evolving defense mechanisms.

Apply for this Position

Don't See the Perfect Role?

We're always interested in connecting with talented security professionals. Send us your resume and let's start a conversation.

Send Your Resume