About HBX Group
HBX Group is a leading independent B2B travel technology marketplace connecting travel businesses globally through advanced technology, data-driven solutions, and a network of interconnected products and services. Our Cyber Security team is responsible for protecting global platforms, cloud infrastructure, corporate environments, data assets, and emerging AI-enabled services.
Role Overview
The Red Team Security Expert is responsible for proactively assessing and validating HBX Group's security posture across corporate, cloud, application, and AI-enabled environments.
The role combines penetration testing, adversary emulation, offensive security assessments, Purple Team activities, security research, and AI security testing. The successful candidate will work closely with Blue Team, Security Architecture, DevOps, Engineering, Data, and AI teams to identify weaknesses, validate security controls, and strengthen cyber resilience.
Offensive Security Assessments
- Conduct penetration testing activities across web applications, APIs, cloud platforms, infrastructure services and corporate environments.
- Identify, validate and assess security vulnerabilities, attack paths and exposure risks affecting business services and technology platforms.
- Perform security assessments throughout the technology lifecycle to support secure development and deployment practices.
- Collaborate with engineering and infrastructure teams to ensure vulnerabilities are effectively remediated and validated.
AI Security & Emerging Threats
- Assess risks related to Generative AI, Large Language Models (LLMs), AI agents, and machine learning systems.
- Identify and mitigate threats such as:
- Prompt injection attacks
- Data poisoning
- Model manipulation
- AI supply chain attacks
- Sensitive data leakage through AI platforms
- Shadow AI usage
- Partner with AI and Data teams to implement secure-by-design AI solutions.
- Contribute to AI governance, monitoring, and security controls.
- Stay up to date on emerging AI security frameworks and industry best practices.
Adversary Emulation & Red Team Operations
- Plan and execute realistic Red Team engagements that emulate real-world threat actors and attack scenarios.
- Leverage MITRE ATT&CK methodologies to assess detection, prevention and response capabilities.
- Evaluate security controls across on-premises, cloud and hybrid environments.
- Support cyber resilience initiatives through controlled attack simulations and adversary emulation exercises.
Application Security & Code Review
- Perform web application, API and source code security assessments.
- Identify weaknesses associated with authentication, authorisation, session management and secure coding practices.
- Support agile delivery teams by providing security findings and remediation guidance during development cycles.
- Help improve the organisation's ability to identify and mitigate vulnerabilities early in the software development lifecycle.
Cloud & Platform Security
- Perform offensive security assessments across AWS, Azure and GCP environments.
- Assess Kubernetes clusters, Docker environments and cloud-native architectures.
- Review Infrastructure-as-Code deployments and cloud configurations for security weaknesses.
- Identify privilege escalation opportunities, misconfigurations and potential attack paths.
- Support cloud security validation and architecture review activities.
Security Research & Automation
- Research emerging attack techniques, exploitation methods and offensive security tools.
- Develop and maintain automation, scripts and testing utilities to improve offensive security capabilities.
- Support continuous improvement of Red Team methodologies and testing approaches.
- Contribute to knowledge sharing, research initiatives and internal security innovation.
Purple Team Collaboration
- Collaborate with Blue Team teams to validate detections and strengthen defensive capabilities.
- Support the development and testing of monitoring rules, alerting mechanisms and incident response processes.
- Simulate realistic attack techniques to improve visibility and detection coverage.
- Promote continuous improvement through joint Red Team and Blue Team exercises.
What You Will Bring
- Previous experience in a Red Team, Penetration Testing, Offensive Security, Application Security or equivalent security-focused role.
- Strong understanding of offensive security methodologies, attack techniques and adversary emulation practices.
- Up-to-date knowledge of cyber security threats, exploitation techniques and offensive tooling.
- Experience performing vulnerability assessments, penetration testing and security validation activities.
- Knowledge of application security, secure development practices and source code reviews.
- Good understanding of DevOps and Agile principles, with the ability to support security activities in fast-moving delivery environments.
- Knowledge of cloud and container technologies, including Kubernetes, Docker and cloud environments such as AWS, GCP or Azure.
- Experience using scripting languages and automation tools to improve offensive security capabilities and testing efficiency.
Desired skills
- Ability to translate technical security findings into clear risk-based recommendations.
- Strong analytical mindset, with the ability to investigate complex attack scenarios and identify realistic exploitation paths.
- Good collaboration skills, with the ability to work effectively with Security, Engineering, DevOps and infrastructure teams.
- Proactive approach to learning and staying current with emerging threats, attack techniques and security technologies.
- Ability to balance security requirements with business priorities in agile and cloud-based environments.
Personal attributes
- Ownership and accountability when managing security findings, assessments and remediation activities.
- Clear communication style, especially when explaining technical risks to non-security stakeholders.
- Continuous improvement mindset, with a focus on advancing offensive security practices and organisational resilience.
- Team-oriented approach and willingness to collaborate across technical and business areas.
Key Skills
Ranked by relevance
Related Jobs
3 roles aligned with this opportunity
Cyber Security Specialist - Blue Team
2026-07-07
Data Analyst
2026-01-17
Site Reliability Engineer, Remote Spain
2025-01-02
- Posted
- Jul 07, 2026
- Type
- Full-time
- Level
- Mid-Senior
- Location
- Valencia
- Company
- HBX Group
Industries
Categories
Related Jobs
3 roles aligned with this opportunity
Cyber Security Specialist - Blue Team
2026-07-07
Data Analyst
2026-01-17
Site Reliability Engineer, Remote Spain
2025-01-02