Senior Security Engineer - Purple Teaming

THE BEST WORK OF YOUR CAREER

Trade Republic is the largest savings platform in Europe - we operate in 18 countries, serving +10 million customers who trusted us with over 150B in assets. But we’re striving for more.

We have a bold mission to empower everyone to build wealth with easy, safe, and free access to financial systems. You will have the opportunity to grow your career by collaborating with a team of outstanding talents and state-of-the-art technology to build a lasting, positive future for millions. 

WHAT YOU'LL BE DOING

As a Senior Security Engineer in Purple Teaming, you'll plan and execute purple team exercises aligned to real‑world threat actors to protect Trade Republic's critical systems and customer data. Your responsibilities include:

• Design attack scenarios covering initial access, persistence, lateral movement, privilege escalation, command‑and‑control, and exfiltration.
• Coordinate with business and engineering teams to gather requirements, understand operational constraints, and ensure testing activities align with business risk.
• Assess existing security controls to ensure they aren't just "active," but actually effective.
• Conduct deep-dive assessments of internal networks, applications, and cloud infrastructure.
• Develop and tune SIEM detections, analytics rules, and alerts based on attack simulations and real incidents together with the Security Operations team.
• Validate alert quality, reduce false positives, and improve signal‑to‑noise ratio.
• Validate coverage of detections against known TTPs and identify detection gaps.
• Support and enhance incident response playbooks, escalation paths, and response automation.
• Conduct hypothesis‑driven threat hunts based on attacker tradecraft and threat intelligence.

WHAT WE'RE LOOKING FOR

Core Experience

• 5+ years as a Security Engineer with 3+ years specializing in Purple/Red/Blue Teaming.
• Experience running or leading purple team exercises in enterprise environments
• Strong understanding of real‑world attacker behavior, not just theoretical frameworks
• Experience operating in regulated or compliance‑driven environments (MaRisk, BAIT, GDPR)

Technical Experience

• Strong understanding of cloud security (AWS) and Kubernetes security
• Good understanding of macOS security
• Experience with SIEM solutions, preferably Google SecOps
• Experience with Endpoint Detection & Response (EDR) tools such as SentinelOne or CrowdStrike
• Proficiency in Python, Go or other scripting language
• Multi-cloud experience (GCP, Azure) is advantageous

WHY YOU SHOULD APPLY NOW

Our culture rewards ownership, excellence, and high energy. We care deeply about outcomes and hold each other accountable - we’re here to win and fix one of the largest challenges Europeans face - closing the pension gap and democratizing wealth. If this gets you fired up, reach out! 

We believe it’s our team’s varied identities and backgrounds that make us sharper and stronger. We’re committed to creating an environment where everyone feels respected and has equal opportunity to thrive in their careers. For any questions on DEI during the interview process, reach out to your recruitment partner.

We believe it’s our team’s varied identities and backgrounds that make us sharper and stronger. We’re committed to creating an environment where everyone feels respected and has equal opportunity to thrive in their careers. For any questions on DEI during the interview process, reach out to your recruitment partner.