Senior Security Consultant in Cheltenham

ABOUT THE COMPANY: Prism Infosec is an established cybersecurity company that has created a working environment driven by people passionate about information/cyber security and technology. Through collaboration and teamwork, Prism Infosec strives to ensure that new skills can be learnt and knowledge and experiences shared.

TYPE OF INDIVIDUAL WE ARE LOOKING FOR: We are seeking an experienced Senior Security Consultant to join our Red Team and help clients understand their true security posture beyond traditional penetration testing. You will lead and deliver sophisticated Red Team engagements, support blended offensive operations with our Penetration Testing team, and contribute directly to the continual evolution of Prism Infosec’s offensive security methodologies, tooling, and tradecraft. This position is ideally suited to someone who thrives on adversarial thinking, technical depth, autonomy, and creativity.

KEY AREAS OF RESPONSIBILITY:

• Red Team Engagement Delivery: End-to-end ownership of covert and overt offensive security operations, ensuring engagements meet defined objectives and maintain operational security.
• Infrastructure & Tooling Management: Deployment, maintenance, and secure operation of Red Team infrastructure, C2 systems, custom tooling, and automation capabilities.
• Technical Execution Across Attack Lifecycles: Reconnaissance, initial access, exploitation, privilege escalation, credential harvesting, lateral movement, cloud persistence, and data access.
• Reporting & Communication: Production of high-quality technical and executive-level reports, and delivery of clear verbal debriefs to varied audiences.
• Collaboration & Knowledge Sharing: Working with internal security teams—Penetration Testing, OT, and IR—to support joint assessments, share offensive insights, and improve overall defensive posture.
• Research & Development: Continuous investigation of new techniques, vulnerabilities, adversary tradecraft, cloud attack paths, and contributions to internal Red Team methodology and tooling.
• Team Development & Mentorship: Supporting growth of colleagues through technical guidance, knowledge sharing, review, and encouragement of offensive security skill development.

KEY TASKS:

• Work with the red team manager to plan, design, and deliver full-scope Red Team engagements, from reconnaissance through to achieving agreed objectives.
• Build, configure, and operate Red Team infrastructure, including command-and-control frameworks such as Mythic, Cobalt Strike, or Havoc.
• Conduct exploitation, post-exploitation, lateral movement, and persistence activities across on-premises, hybrid, and cloud estates.
• Identify weaknesses across infrastructure, Active Directory, cloud platforms (Azure/AWS/GCP), and application layers.
• Develop or modify offensive tooling, scripts, payloads, and automation to support engagements.
• Produce clear, detailed, and technically accurate Red Team reports, including findings, impact assessments, and remediation advice.
• Support client briefings and debriefings, explaining attack paths and defensive recommendations to both technical and non-technical stakeholders.
• Collaborate with penetration testers during blended or purple team operations.
• Stay current with emerging attacker TTPs, threat intelligence, cloud exploitation techniques, and novel abuse paths.
• Mentor junior consultants and support capability development across the offensive security team.

KEY RESULTS/OBJECTIVES:

• Successfully deliver full-scope Red Team engagements that meet defined objectives, maintain operational security, and provide meaningful, actionable outcomes for clients.
• Consistently produce high-quality technical and executive reporting that clearly communicates attack paths, business impact, and remediation priorities.
• Demonstrate measurable improvements in client detection, response, and resilience through collaborative purple team activities and post-engagement reviews.
• Enhance Prism Infosec’s offensive capability by contributing to methodology development, tooling improvements, research, and internal knowledge sharing.
• Maintain a strong understanding of emerging attacker techniques, cloud exploitation paths, and relevant threat intelligence, applying this knowledge to ongoing operations.
• Support the delivery of penetration testing engagements when required, ensuring the same high standard of technical execution and reporting.
• Promote a culture of continuous learning by mentoring junior consultants, participating in internal training sessions, and contributing to team development.
• Strengthen client relationships through professionalism, technical credibility, and consistent delivery excellence.
• Achieve or maintain CCRTS/CCRTM qualifications to support regulated testing in the UK.

RESPONSIBLE FOR STAFF/EQUIPMENT: Any assets provided by the company e.g. Laptop, hard drives etc. Testing and lab systems, Office keys and entry fob.

CONSULTS WITH: Head of Red Team, members of the test team.

TERM OF EMPLOYMENT: Permanent Full Time.

WORKPLACE TYPE: Based in the UK - Remote, able to travel into Cheltenham office sporadically.

QUALIFICATION:

• 2+ years of hands-on experience delivering Red Team operations, advanced penetration testing, or adversary simulation engagements.
• Strong proficiency with at least one major C2 framework (e.g., Mythic, Cobalt Strike, Havoc) and a solid understanding of operational security and detection evasion.
• Demonstrable ability to conduct end-to-end offensive operations: reconnaissance, exploitation, post-exploitation, privilege escalation, lateral movement, and persistence.
• Practical experience targeting cloud environments including Azure, AWS, and/or GCP, with understanding of hybrid identity and cloud-native attack paths.
• Strong technical knowledge of Active Directory, identity abuse, Kerberos-based attacks, and common enterprise exploitation routes.
• Experience writing or modifying offensive tools, scripts, payloads, automation, or implants in languages such as Python, PowerShell, or C#.
• Excellent written and verbal communication skills, capable of producing high-quality reports and presenting findings to technical and non-technical stakeholders.
• Ability to work within a team environment, collaborate effectively with penetration testers, and support blended offensive engagements.
• Willingness and capability to conduct traditional penetration testing engagements when required.
• Strong analytical thinking, creativity, and a proven ability to approach problems from an adversary’s perspective.
• Industry recognised certifications such as CCT-APP, CCT-INF, CCRTS, OSCP, OSEP, OSCE, RTO / RTO-II, CREST-equivalent quals, or similar high‑rigour offensive credentials.
• Experience delivering or supporting intelligence‑led or regulatory‑driven assessments such as CBEST, STAR‑FS, TIBER‑EU, or iCAST.
• Knowledge of containerisation and orchestration technologies (e.g., Docker, Kubernetes) from both an attacker and defender perspective.
• Experience contributing to open‑source offensive tooling, blog posts, conference talks, or broader community engagement.
• Understanding of defensive operations, detection engineering, logging pipelines, and SOC methodologies, particularly in purple team scenarios.
• Experience operating within consultancy environments where autonomy, breadth of skill, and adaptability are highly valued.