Red Team Operations Manager in Brighton

Bugcrowd, a leading crowdsourced security company, invites applications for the Red Team Operations Manager position based in Brighton, England United Kingdom. This role is part of our Security Knowledge Platform and is designed for an experienced professional who can lead end‑to‑end Red Team engagements while ensuring safety, compliance, and high‑value outcomes for our customers.

Job Summary

• Lead, oversee, and quality‑assure the execution of Red Team engagements from scoping and planning through delivery, reporting, and debrief.
• Manage both operational and client‑facing aspects, ensuring all activities are safe, legal, and aligned with threat intelligence and compliance frameworks.

Essential Duties and Responsibilities

• Engagement & Project Management
  • Lead multiple concurrent Red Team engagements across a variety of industries.
  • Define, negotiate and document scope, objectives, rules of engagement, deliverables, constraints, escalation and approval pathways.
  • Oversee milestone planning (kick‑offs, stand‑ups, wash‑ups, strategic debriefs).
  • Manage resources (operator assignments, tooling, support functions).
  • Track engagement progress versus objectives, adjusting scope or strategy as needed.
• Technical Leadership Oversight
  • Assess and manage technical risk to ensure Red Team activities minimise risk to customer operations, data, and systems.
  • Make real‑time decisions around TTP deployment, defense bypass, detection handling, and unexpected discoveries.
  • Review and approve attack plans, threat modelling, and intelligence.
  • Ensure operators use strong operational security, safe tradecraft, proper evidence collection, and cleanup post‑engagement.
  • Maintain up‑to‑date knowledge of Red Team tools, adversary TTPs, defensive controls, and detection systems.
• Legal, Compliance & Ethical Oversight
  • Ensure all engagements comply with applicable legislation (computer misuse laws, data protection, cross‑border implications).
  • Verify proper authorisations, NDAs, and ROE are in place.
  • Define and enforce ethical boundaries, balancing disruptive and non‑disruptive operations.
  • Engage client teams (Blue, White, Leadership) while maintaining operational effectiveness.
  • Document decisions and maintain a verifiable trail of evidence.
• Threat Intelligence & Scenario Design
  • Ingest internal and external threat intelligence to design realistic adversary scenarios.
  • Analyse relevant threat actors, geography, and technology stack.
  • Map TTPs to defensive controls, ensuring realistic bypass and detection assumptions.
  • Define detailed attack scenarios and secure stakeholder buy‑in.
• Quality Assurance, Reporting & Debrief
  • Review deliverables for technical quality completeness, and clarity.
  • Approve final reports, attack paths, and recommendations.
  • Ensure reports map to risks, business impact, and prioritisation.
  • Lead strategic debriefs highlighting successes, detections, and improvement areas.
  • Conduct post‑engagement wash‑ups, lessons learned, and remediation tracking.
• Research, Development & Knowledge Sharing
  • Mentor operators in tradecraft and OpSec.
  • Drive internal research on new tools, detection evasion, and environment emulation.
  • Maintain and evolve capability libraries and knowledge bases.
  • Contribute to training, playbooks, and standard operating procedures.
• Sales / Pre‑sales & Customer Engagement
  • Assist in scoping and proposal of Red Team engagements for prospects.
  • Support sales cycles with subject‑matter expertise.
  • Help clients understand trade‑offs, value, and differentiation from other security activities.
• Governance & Stakeholder Management
  • Participate in the White Team to monitor risk and ensure escalation and safety boundaries.
  • Liaise with client stakeholders across Security, Legal, Compliance, IT, Ops, and Cloud teams.
  • Escalate issues affecting risk, detection, or business impact.
  • Manage communications and approval flows using established chains.
  • Ensure compliance with frameworks relevant to the client (FedRAMP, STAR, DORA, etc.).

Education, Experience, Skills, & Abilities

• Extensive experience leading Red Team engagements in enterprise environments across multiple industries (finance, critical infrastructure, cloud/SaaS/OT).
• Deep technical knowledge exploitation, post‑exploitation, lateral movement, persistence, command & control, evasion, and privilege escalation.
• Strong understanding of Blue Team controls (IDS/IPS, SIEM, EDR, NGFW, log analysis, detection engineering) and ability to bypass or evade them safely.
• Experience with modern cloud environments (Azure, AWS, GCP), hybrid/on‑premise networks, and OT/IoT/industrial environments.
• Awareness of CREST/STAR/TIBER regulations and other regional compliance requirements.
• Proven threat intelligence ingestion and scenario design capabilities.
• Excellent written and verbal communication; skilled at producing high‑quality reports and engaging senior leadership.
• Project and operations management skills, including budgeting, scheduling, and resource allocation.
• Ability to make real‑time decisions under pressure and balance risk vs reward.
• Certifications (desirable): CREST Certified Simulated Attack Manager/Red Team Manager (CCSAM/CCRTM), CREST Certified Red Team Specialist (CCRTS), and other offensive security credentials.

Working Conditions

• The role is fully remote (work‑from‑home 100%).
• Candidates must be able to sit or stand for 50% of the time and lift a laptop as needed.
• Reasonable accommodation will be provided where required.

Culture

Bugcrowd values diversity and inclusion and strives to make every person feel part of the team. Our culture includes a wide range of interests, from musicians and adventure sports enthusiasts to nature lovers and avid readers.

Disclaimer

This position involves access to highly confidential information. Applicants must maintain the strictest confidentiality and be subject to background checks covering social security, employment, references, education, and criminal history.

Equal Employment Opportunity

Bugcrowd is an EOE, Disability/Age Employer. We consider all candidates irrespective of race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.

Application

Apply at: https://www.bugcrowd.com/about/careers/

Job Details

• Seniority level: Director
• Employment type: Full‑time
• Job function: Management and Manufacturing
• Industries: Computer and Network Security