Security Engineer II - Red Team (BAS)
Interactive Brokers · Mumbai, India
mid
security engineerred team
Apply on Interactive Brokers →
Company Overview
Interactive Brokers Group, Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich, CT, USA, with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades, known for our cutting-edge technology and client commitment.
IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments.
Barron's has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology.
About the Role
We are seeking a skilled cybersecurity professional to join our team in a dual role focused on Phishing Simulation and Red Team Breach Attack Simulation (BAS). This position requires expertise in both conducting phishing campaigns and operating BAS tools to simulate various attack scenarios beyond phishing. The role is critical for assessing and improving our organization's security posture against multiple threat vectors.
Key Responsibilities
Phishing Simulation
Design, develop, and execute sophisticated phishing simulation campaigns tailored to organizational needs
Create and manage the technical infrastructure required for phishing simulations, including domains and servers
Develop realistic phishing email content and landing pages that reflect current threat actor tactics
Generate comprehensive phishing reports with metrics, findings, and recommendations
Track user susceptibility to phishing attempts and measure improvement over time
Collaborate with security awareness teams to develop targeted training based on simulation results
Breach Attack Simulation (BAS)
Configure and operate BAS tools to simulate various attack scenarios beyond phishing (e.g. ransomware, lateral movement, data exfiltration)
Design realistic red team scenarios to test security controls across the organization
Troubleshoot technical issues with BAS tools and ensure proper execution of attack scenarios and that log events are being raised and ingested
Analyze BAS results to identify security gaps and control weaknesses
Provide recommendations for security improvements based on BAS findings
Stay current with emerging attack techniques and implement them in simulation scenarios
Document and maintain BAS procedures and playbooks
General
Collaborate with security teams to prioritize remediation efforts based on simulation findings
Contribute to the development of security policies and procedures
Maintain knowledge of current cybersecurity threats and attack methodologies
Participate in security assessment activities as needed
Technical Requirements
Strong understanding of domain and server setup for phishing operations, including technical components such as:
DNS configuration (A records, MX records, CNAME)
Email authentication protocols (SPF, DKIM, DMARC)
Web server configuration and management
SSL/TLS certificate implementation
Solid networking knowledge including:
TCP/IP protocols
Network architecture
Firewalls and routing
Network security principles
Experience operating BAS tools and understanding attack chain methodologies
Familiarity with Red Team concepts and tactics
Working knowledge of Vulnerability Assessment and Penetration Testing (VAPT)
Experience with infrastructure set-up and management
Creative approach to developing realistic attack scenarios and campaigns
Qualifications
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent work experience)
3+ years of experience in cybersecurity with focus on phishing simulations and/or red team operations
Hands-on experience with BAS tools
Basic understanding of infrastructure setup and management
Preferred Certifications (one or more)
Certified Ethical Hacker (CEH)
eLearnSecurity Junior Penetration Tester (eJPT)
Offensive Security Certified Professional (OSCP)
Practical Network Penetration Tester (PNPT)
Certified Red Team Professional (CRTP)
Certified Red Team Operator (CRTO)
Certified Network Penetration Tester (CNPen)
Personal Attributes
Strong analytical and problem-solving skills
Excellent written and verbal communication abilities
Attention to detail and methodical approach to work
Ability to work independently and as part of a team
Commitment to continuous learning and professional development
Creative mindset for developing effective security testing scenarios
Join our team to help strengthen our security defenses through comprehensive security simulations and contribute to building a more resilient security posture for our organization.
Company Benefits & Perks:
Competitive salary package.
Performance based annual bonus ( cash and stocks ).
Hybrid working model (3 days office/week ).
Group Medical & Life Insurance.
Modern offices with free amenities & fully stocked cafeterias.
Monthly food card & company paid snacks.
Hardship/shift allowance with company provided pickup & drop facility*
Attractive employee referral bonus.
Frequent company sponsored team building events and outings.
* Depending upon the shifts.
** The benefits package is subject to change at the management's discretion.
Posted 2026-06-22