Red Team Technical Lead CCSAS/CCRTS

We are seeking a highly skilled Red Team Technical Lead to join our Adversary Simulation business unit. This role requires a balance of hands-on offensive security expertise, strategic technical leadership, and mentorship of a skilled red team. The successful candidate will lead the execution of sophisticated red team engagements in mature, well-defended environments, ensuring high-impact, intelligence-driven adversary emulation.

Our team is dynamic, innovative, and dedicated to making a difference to our customers' security efforts. We are a close-knit team of passionate professionals committed to fostering a supportive, inclusive and collaborative environment. Career development and staff welfare is a priority for our company, and this is reflected in the opportunities presented to our team. Join us in making the digital world a safer place while enjoying a workplace where your growth, well-being, and creativity are celebrated.

Our customers demand high quality, expert advice. Our team works closely with our customers to ensure that our simulations provide valuable intelligence and actionable improvements. We ensure that the work we deliver adds value and makes a tangible difference in helping our customers achieve their wider security objectives.

Our business and customer work are consultant-led. As such you can expect to be heavily involved in the lifecycle of your work, to engage with and delight our customers, to work autonomously, and as part of our team, to achieve great outcomes, and high customer satisfaction.

Alongside red and purple teaming for our customers, opportunities to deliver training, research projects, and to participate in industry events and conferences are available. The role will be largely home-based. The ability to work from our office (South West) and work closely with us to help support and mentor less experienced consultants could be an advantage. The work may require travel to customer locations, UK wide. This is flexible and varies depending on customer requirements. Opportunities to travel internationally may be available.

Responsibilities

• Lead the design, planning, and execution of realistic, high-end adversary simulations (both red and purple teams) to test and enhance enterprise security posture in collaboration with experienced simulated attack managers.
• Ensure the red team operates safely, within the agreed rules of engagement, and with strict adherence to personal data restrictions.
• Develop and refine advanced tradecraft, tactics, techniques, and procedures (TTPs) to emulate sophisticated threat actors.
• Maintain oversight of threat intelligence to ensure that engagements align with real-world threats and security control validation.
• Identify and exploit security weaknesses in enterprise-class defences, bypassing modern security controls in cloud, hybrid, and on-prem environments.
• Stay ahead of emerging attack techniques and integrate them into red team operations.
• Act as a technical mentor to red team operators, fostering skill development and knowledge sharing.
• Provide guidance on attack methodologies, operational security (OPSEC), and ethical red teaming practices.
• Lead post-engagement debriefs, ensuring valuable insights and continuous improvement.
• Work with the Head of Adversary Simulation to refine long-term red team strategy.
• Partner with customer security operations, threat intelligence, and blue teams where appropriate during simulations to maximise impact and drive realistic, actionable improvements in detection and response.
• Contribute to tooling, automation, and infrastructure development to support engagements.
• Communicate findings, attack narratives, and risk insights effectively to technical and executive stakeholders.

Essential Attributes

• Proven experience in technical leadership within a red team or offensive security function.
• Deep expertise in adversary simulation, penetration testing, and offensive security methodologies.
• Strong background in exploiting enterprise environments, including Active Directory, cloud platforms (AWS/Azure/GCP), EDR evasion, and lateral movement techniques.
• Proficiency in custom tooling and exploit development (e.g., C2 frameworks, scripting, and automation).
• Understanding of defensive security controls and experience testing SOC/SIEM capabilities, EDR, and security monitoring.
• Strong operational security (OPSEC) mindset and experience running covert red team operations.
• Ability to clearly communicate complex attack chains and technical risks to both security teams and executive leadership.
• Experience working in mature, highly defended environments (e.g., financial sector, and critical infrastructure).
• Willingness to undergo UK government clearance process (SC minimum).
• Confident, dynamic, and enthusiastic about collaborating to provide effective security guidance and solutions.
• Ability to work autonomously in a fast-paced environment.
• CREST CCSAS or CREST CCRTS qualification.

Desirable Attributes

• Familiarity with CBEST, GBEST, TIBER-EU, STAR, STAR-FS or other red teaming frameworks.
• CREST CCSAM or Cyber Scheme CSRTM qualifications.
• Certifications such as OSEP, OSCE, CRTO, CRTL, GXPN, or equivalents are advantageous.
• Technical Research and Development skills and experience.
• Experience of successfully mentoring less experienced consultants.

Remuneration

• Excellent salary and benefits package.
• Salary negotiable depending on experience and qualifications.
• 5% matched company pension.
• Private healthcare.
• Employee Assistance Programme.
• 25 days annual holiday, increasing to 30 days after 3 years (in addition to Bank holidays in England and Wales).
• 3 x salary death in service.
• Excellent working conditions and environment.