Job Description

Vitol is an energy and commodities company with revenues of $331 billion in 2024; its primary business is the trading and distribution of energy products globally – it trades over seven million barrels per day of crude oil and products and, at any time, has 250 ships transporting its cargoes.

Vitol’s clients include national oil companies, multinationals, leading industrial companies and utilities. Founded in Rotterdam in 1966, today Vitol serves clients from some 40 offices worldwide and is invested in energy assets globally including 24mM3 of storage, 850kbpd of refining capacity, and 10,000 service stations. To date, we have committed over $2.5 billion of capital to renewable projects and are identifying and developing low-carbon opportunities around the world.

• Design, implement, and maintain security architecture for on-premises environments.
• Monitor, detect, triage, and respond to security incidents and alerts end-to-end, providing L2 and L3 support; own the incident lifecycle from initial detection through containment, eradication, recovery, and post-incident review.
• Operate and tune Microsoft Sentinel (SIEM/SOAR) — build detection rules, analytic queries, and automated playbooks to reduce mean time to detect and respond.
• Leverage Varonis for data access governance, insider threat detection, and abnormal behaviour alerting across file systems and cloud storage.
• Design, plan, and execute internal Red Team engagements — including scoping, rules of engagement, adversary simulation, and structured debrief — to validate defensive controls and identify gaps before real attackers do. Improve and maintain the Red Team Infrastructure aligned with the current threat landscape
• Operate AI/LLM-powered penetration testing tooling against Vitol's own infrastructure as part of the Red Team program, evaluating its effectiveness and contributing findings to the wider security roadmap.
• Conduct offensive security assessments using industry-standard tools including Burp Suite (web application testing), BloodHound (Active Directory attack path mapping), C2 frameworks.
• Manage incidents reported by CrowdStrike Falcon (endpoint telemetry and threat intelligence), Microsoft Defender (endpoint protection and XDR).
• Perform threat hunting across endpoint, network, and cloud telemetry; develop and refine threat hunt hypotheses based on current threat intelligence.
• Implement and manage identity and access management solutions, with particular attention to privileged access and lateral movement vectors identified through Red Team activity.
• Develop and maintain security documentation including Red Team playbooks, IR runbooks, and lessons-learned reports.

Qualifications

• 3+ years of hands-on cybersecurity experience, with a demonstrable focus on offensive security and/or security incident response — practitioner experience will be weighted heavily over managerial or advisory backgrounds.
• OSCP (Offensive Security Certified Professional) required; OSEP, OSED, CRTO, or equivalent offensive security certifications are a strong plus.
• Proven experience operating red team or penetration testing engagements independently, from scoping through reporting.
• Proficiency with Burp Suite (web application and API testing), BloodHound (AD enumeration and attack path analysis), C2 frameworks, CrowdStrike Falcon (endpoint detection and threat intelligence), Microsoft Defender (endpoint protection and XDR integration), and evasion techniques (AV/EDR bypass, LOLBins, payload obfuscation).
• Hands-on experience with Microsoft Sentinel — authoring KQL detection rules, building analytic workbooks, and configuring SOAR playbooks.
• Familiarity with AI/LLM-assisted offensive security tooling (e.g., tools leveraging large language models for reconnaissance, payload generation, or automated exploitation workflows); willingness to evaluate and operationalize emerging tools in this space.
• Strong knowledge of Active Directory attack paths, Windows and Linux internals, and common enterprise network protocols (Kerberos, LDAP, SMB, DNS).
• Experience with scripting and automation (Python, PowerShell, or Bash) to support both offensive tooling and detection engineering.
• Familiarity with cloud environments (Azure preferred given Microsoft stack) and their associated threat models.

Additional Information

• Highly responsive, energetic, and enthusiastic.
• Strong analytical skills, attention to detail, and ability to work in a high-pressure environment.
• Highly responsive, energetic, and enthusiastic.
• Strong analytical skills, attention to detail, and ability to work in a high-pressure environment.
• Capable of prioritizing tasks and meeting critical deadlines.
• Ready to work extended hours when required.
• Can work independently and report to the CISO.
• Excellent judgment, attention to detail.
• Solution and results oriented.
• Team player, with an open non-political style and a high level of personal integrity