Red Team Operator in York

Purpose: You will lead efforts to validate the effectiveness of client security defences (people, process, and technology) by executing realistic, goal-oriented Adversary Emulation and full-scope Red Team campaigns. Your mission is to rigorously test security detection and response capabilities, identify true defensive gaps, and provide actionable intelligence based on real-world threat actor Tactics, Techniques, and Procedures (TTPs) to enhance the client's operational security posture.

You will work closely with senior members of the Offensive Security Services and technical teams to design and execute complex, covert offensive security campaigns, including Adversary Emulation, social engineering, and continuous assessment of defensive mechanisms, with a secondary focus on advanced penetration testing.

As an experienced offensive security specialist, you will combine strong hands-on technical expertise with a structured and analytical approach. You will translate technical findings into meaningful business risk, ensuring clients clearly understand both the implications and the path to remediation.

To succeed in this role:

• You will successfully plan and execute complex, multi-month Red Team and Adversary Emulation campaigns, ensuring strict adherence to stealth requirements and operational security (OPSEC) throughout the engagement lifecycle.
• You will leverage industry-recognized frameworks (e.g., MITRE ATT&CK) to accurately emulate realistic threat actors, focusing on demonstrating detection and response gaps, defining real-world exploitation paths, and articulating the meaningful business impact, rather than mere vulnerability identification.
• You will drive continuous improvement by contributing to the development and enhancement of advanced assessment methodologies, proprietary tooling, and offensive frameworks to ensure our consulting services remain industry-leading.
• You will proactively research emerging threats, vulnerabilities, and exploitation techniques to keep our services relevant and effective, and apply this knowledge to continuously refine client assessment strategies and risk management approaches.
• You will take ownership of engagements, ensuring timely delivery in accordance with manager instructions.
• You will collaborate closely with internal teams, including Offensive Security, CRS, and Sales, to deliver integrated cybersecurity services.
• You will embody the team spirit that defines us: everyone has a voice, and everyone can help shape the future of the company.

In this role, you will:

• Design, lead, and execute complex, multi-layered Red Team engagements and advanced penetration testing across diverse client environments, including network, infrastructure, cloud (AWS/Azure/GCP), and web application testing, to rigorously evaluate security controls and demonstrate the potential impact on business and operational risk.
• Develop, deploy, and maintain custom offensive tooling (covert payloads and specialised implants), resilient Command and Control (C2) infrastructure, and sophisticated defensive evasion techniques to bypass modern security controls (e.g., EDR, AV) and maintain persistent, stealthy access.
• Conduct in-depth research across a wide variety of cybersecurity domains, including new vulnerabilities and exploitation techniques, to inform and enhance both internal service offerings and client assessment strategies.
• Manage all client communications and expectations throughout the process. Produce comprehensive, high-quality final reports, including detailed technical findings and critical analysis (Post-Action Report - PAR) of the defensive team's performance, ensuring timely finalisation of the engagement.

You are expected to bring:

• Proven, 3+ years of hands-on experience leading Red Team or Adversary Emulation campaigns.
• Formal validation through relevant, hands-on industry certifications (e.g., Offensive Security, CREST, SANS, Zero-Point Security, Altered Security).
• Proven ability to identify and analyse systemic security or resiliency gaps across various client environments.
• Deep technical understanding of lateral movement, privilege escalation, and persistence techniques within complex enterprise environments.
• Demonstrable expertise in one or more critical enterprise offensive security domains, such as: Active Directory exploitation, Social Engineering, Cloud exploitation (AWS/Azure/GCP), physical security, web technologies, or DevOps environments.
• In-depth, practical experience deploying, managing, and utilising multiple Command and Control (C2) frameworks (e.g., Cobalt Strike, Covenant, or custom solutions), with a strict awareness of operational security (OPSEC) and detection evasion.
• Proficiency in at least one scripting language (e.g., Python, Ruby) and one programming language (e.g., C, C++, C#, Java), enabling custom tooling and automation.
• Active participation and genuine interest in the offensive security community (e.g., evidenced by contributions to open-source tools, security blogs, or conference participation), coupled with the ability to work autonomously and manage multiple high-stakes engagements effectively.
• Advanced level of English; working knowledge of French or German is a plus.

Advantageous Competencies:

• Direct experience operating across multiple regulated client environments (e.g., finance, government, healthcare), including familiarity or direct experience delivering regulatory-driven Red Team testing frameworks (e.g., CBEST, TIBER).
• Hands-on experience targeting and exploiting complex containerised technologies like Kubernetes and Docker.
• Demonstrated hands-on expertise in reverse engineering malware and defensive tools (AV/EDR agents) to identify detection methods and develop tailored bypasses.
• Exceptional communication and structured report writing skills, with the proven ability to influence and engage stakeholders at all organisational levels, including senior and C-level management, and translate technical vulnerabilities into clear business risk.
• Exposure to or practical experience in applying emerging AI/ML techniques within offensive security, such as prompt injection or other advanced methods.

Please note we only accept docs in PDF format.