Adversary Simulation Specialist

LyondellBasell (NYSE: LYB): As a leader in the global chemical industry, LyondellBasell strives every day to be the safest, best operated and most valued company in our industry. The company's products, materials and technologies are advancing sustainable solutions for food safety, access to clean water, healthcare and fuel efficiency in more than 100 international markets. LyondellBasell places high priority on diversity, equity and inclusion and is Advancing Good with an emphasis on our planet, the communities where we operate and our future workforce. The company takes great pride in its world-class technology and customer focus. LyondellBasell has stepped up its circularity and climate ambitions and actions to address the global challenges of plastic waste and decarbonization. For more information, please visit or follow @LyondellBasell on LinkedIn.yondellBasell

The Adversary Simulation Specialist will be responsible for testing and evaluating the security of a LyondellBasell's networks, systems, and applications. This role involves conducting application assessments, vulnerability assessments, penetration testing, and ethical hacking to identify and exploit vulnerabilities to improve the organization's security posture. The individual will also perform adversarial emulation and simulated attacks to test security controls and identify potential vulnerabilities in the environment.

• Identify and mimic the tactics, techniques and procedures of threat actors or threat groups, and the campaigns they execute against similar organizations or industries
• Conduct research, penetration testing, application and vulnerability assessments on external-facing resources and internal assets to determine risks
• Deliver key findings and improvement suggestions to determine if systems and infrastructure are properly tooled and resourced to defend against sophisticated attackers
• Research and integrate tools, processes, and techniques to improve vulnerability analysis, forensics capabilities, network and data security, and threat management
• Produce assessments on cyber threats, attacks, and external incidents
• Create written and verbal products for internal stakeholders to assist in proactively addressing cyber threats and mitigating risk
• Participate in threat hunting activities and incident response, as needed
• Stay current with the latest offensive security trends and techniques, including new exploits and vulnerabilities
• Continuously evaluate and improve the organization's offensive security program
• Collaborate with other members of the security team, such as Cyber Threat Intelligence team, incident responders, threat hunters and security analysts, to identify and mitigate threats

• BS or equivalent experience
• 5+ years related experience in one or more of the following: offensive security, red teaming, penetration testing, exploit development, cybersecurity
• Effective communication skills in writing and speaking with an emphasis on report creation and sharing

• Knowledge of advanced cyber threats, adversary methodologies, and cyber threat intelligence
• Experience writing code in one or more programming language (Python, C, JavaScript, Java, etc.)
• Related certifications such as the OSCP, OSEP, GPEN or CEH
• 3+ years of experience on coordination and execution of Web application, network, and system penetration tests with good understanding of OWASP TOP 10
• Knowledge of MITRE ATT&CK and its use within the cybersecurity community (e.g., open-source projects)
• Experience with encryption protocols (i.e., SSL/TLS) and algorithms (RSA, AES, etc.)
• Expertise on application security including web application penetration testing, debugging, and reverse engineering
• Experience in red teaming, penetration testing, exploitation
• Experience in incident response (hunt), blue teaming, and purple teaming
• Must be a strong technical leader in the analysis and communication of information security vulnerabilities and their risk to an enterprise
• Good project management skills and familiarity with ensuring security-by-design inside of a System Development Life Cycle (SDLC) process, GitHub Advanced Security experience is recommended
• Familiarity with attack emulation/penetration tools, Tenable Nessus, Kali Linux, Metasploit, Burp Suite, Cobalt Strike, etc.#LI-MC1

We offer an environment where we encourage personal and professional growth and where you will be rewarded for your performance and results. You will have the possibility to work with specialist on all fields to develop innovative solutions and to extend your national and international network. In addition, we offer you a competitive salary and benefits package.

LyondellBasell is committed to advancing diversity, equity & inclusion (DEI) to ensure a positive experience for all employees.

Application & Contact

Please send us your resume via the application button

If you would like to learn more, please feel free to contact Martyna Piechowiak, Talent Acquisition Specialist at

#LI-MP1 #LI-Hybrid