You will become part of a small team of autonomous individuals who, alone or together, will research and attack systems, networks and applications in the pursuit of risk discovery. You will prove your thesis by conducting the attack, make that risk transparent to the other party and give advice on its remediation. As a member of this team you will enjoy an atmosphere that dispenses with the idea of up-selling services and billable hours, we are a small team who focus on making KPN more secure. We place strong emphasis on self-development because, as a team, we believe that this is the path towards more effective individual members.
More than ever the digital landscape is shifting, where the threats in the digital world can and sometimes are more effective than traditional military armaments. The intention is to integrate security into the mindset of not just our own interests but to be an example to others that security can, and should, be part of the development of any project. As a member of this team you will enjoy an atmosphere that dispenses with the idea of billable hours and focuses instead on self-development because, as a team, we believe that this is the path towards more effective individual members.
You will mainly work in our Amsterdam office, near station Amsterdam Sloterdijk. There are moments you will be required to appear in other areas, Hilversum, Den Haag, and anywhere else required, but these moments are not as consistent and travel expenses are covered.
With the REDteam of KPN Chief Information Security Office (CISO).
Your biggest impact
Keeping KPN reliable, secure and trusted by customers, partners and society.
Your role as
You will participate in the testing and security efforts of KPN and her interests. Your challenge would be:
1. Keeping up to date with current attack methodologies and events;
2. Development of tooling to help you automate certain tasks;
3. Consistently Training/Improving your skill set;
4. Effectively communicate issues with colleagues and project member
Your role will also involve collaborating with other branches of the business to deal with broader security concerns like planned awareness engagements, real world incidents and the risk assessment of real world geopolitics.
What are you bringing us
A desire to learn the things you don't know, a desire to share the things you do, and the wisdom to know the difference. You are someone who looks at things and automatically starts thinking from the perspective of a malicious actor. How they would exploit its weaknesses, whether physical or digital. You enjoy CTFs, cipher puzzles and spend your spare time reverse engineering binaries or playing games like hackthebox.
We accept many people from many walks of life, so don’t be afraid if your degree seems unrelated to the position. There will be a chance to show us what you can do. If you already have your OSCP and/or OSCE then all the better.
A working knowledge of python, linux systems, windows systems/powershell is a must. Knowledge of OWASP, NIST, CIS would also be beneficial.
Skills focusing on mobile app security, cloud security, physical device hacking and wireless communication protocols would be great, but are not required (the desire to learn more about these topics is, however, an implicit requirement).
Who we are
We are an attack focused branch of the security information office (CISO) of KPN. We plan, coordinate and execute engagements on projects, infrastructure and the systems of KPN proper. Sometimes these engagements are purely digital, sometimes they are physical (trying to get into buildings you are not supposed to be in) and sometimes these engagements are unannounced to the wider company (Phishing campaigns for example). We are a team dedicated to discovering our flaws before our adversaries do, whether external or internal and to attempt to aid in their mitigation in a timely manner. We are a team of people who have an utter thirst for knowledge and we pride ourselves on our training and self-development allowances. If you think you would fit well within a team of autodidacts who love learning and sharing that knowledge with each other then please contact us.
What do you get in return…