Internal Red Team Consultant

Ricoh Europe is strengthening its enterprise security posture and advancing an intelligence‑led security model across the organisation. We’re hiring an Internal Red Team Consultant in London to design and lead high‑fidelity adversary simulations, validate our detection and response maturity, and provide actionable insights that materially reduce risk. This role operates at the intersection of threat intelligence, offensive security, and enterprise risk, partnering closely with senior stakeholders across Europe and shaping how Ricoh anticipates, detects, and responds to advanced threats.

As the Internal Red Team Consultant, you will plan and execute realistic, risk‑aligned red team engagements across digital, physical, and social domains. You will emulate sophisticated threat actors, assess resilience across cloud and on‑prem environments, and translate technical findings into clear business risk and remediation priorities. You will provide virtual, cross‑functional leadership, coordination of internal and external operators, mentoring practitioners, and integrating outcomes with blue teams, SOC, and incident response. While the role is an individual contributor today, it is expected to evolve to include line management as the capability scales. Operating within legal, ethical, and ISO 27001‑governed parameters, you will deliver second‑line assurance that is rigorous, safe, and business‑relevant.

Responsibilities

• Plan and lead red team campaigns that assess enterprise detection and response, aligned to current threat intelligence and business risk.
• Develop and execute adversary playbooks mapped to frameworks such as MITRE ATT&CK, including digital, physical, and social engineering vectors.
• Coordinate internal and external resources to run covert, goal‑oriented engagements across cloud, on‑prem, and hybrid environments.
• Conduct controlled exploitation (web, infrastructure, identity, cloud) and demonstrate attack chains, lateral movement, persistence, and exfiltration.
• Partner with blue teams and SOC on purple‑team exercises, tuning detections, improving SIEM/SOAR use cases, and reducing dwell time and MTTR.
• Produce clear, actionable reporting for technical and executive audiences—prioritising business impact, risk, and pragmatic remediation.
• Maintain strict OPSEC and governance, ensuring legal/ethical compliance, ROE adherence, data handling discipline, and auditability.
• Evolve tools, techniques, and procedures (TTPs), maintain adversary emulation kits, and stay current with APT tradecraft and emerging threats.
• Define KPIs and dashboards to track detection coverage, campaign outcomes, control efficacy, and remediation progress.
• Act as subject matter expert in the CIRT, supporting incident readiness, simulations, and executive briefings.
• Provide virtual leadership and mentorship, fostering a high‑performing, psychologically safe culture of continuous improvement.

What We Are Looking For

Technical expertise

• Deep hands‑on experience in red team operations and adversary simulation across Windows, Linux, macOS, and cloud (AWS, Azure, GCP).
• Proficiency with red team frameworks and C2 platforms (e.g., Cobalt Strike, Mythic, Sliver) and custom payload/tooling development.
• Strong scripting skills (Python, PowerShell, Bash) and experience automating tradecraft and infrastructure.
• Mastery of OPSEC, detection evasion, OSINT, network discovery, and physical/social engineering techniques.
• Fluency with security testing frameworks and models (MITRE ATT&CK, NIST, Cyber Kill Chain) and mapping findings to detections and controls.

Business and regulatory acumen

• Ability to translate technical attack paths into business risk, articulating financial, operational, and regulatory impact.
• Familiarity with ISO 27001, NIST, GDPR and sector‑specific compliance (e.g., PCI DSS, HIPAA, NERC CIP).
• Experience integrating outcomes with governance, audit, risk registers, and board‑level reporting.

Leadership And Interpersonal Skills

• Proven experience leading virtual, cross‑functional teams and influencing without direct authority.
• Clear, concise communicator—capable of executive‑level briefings and collaborative debriefs with technical teams.
• High discretion, professionalism, and emotional intelligence when handling sensitive findings.
• Calm under pressure, balanced judgement in live engagements, and a continuous‑improvement mindset.

Qualifications And Experience

• Bachelor’s degree in Cyber Security, Computer Science, Information Security, Network Engineering, Digital Forensics, or related field.
• Offensive security certifications—OSCP (minimum), plus one or more of: CRTO, CREST CRT/CCT, GIAC GPEN/GXPN/Red Team Professional; CEH optional.
• Baseline or enhanced security clearance (vetting) will be required.
• Proven career history in cyber security, including 3–5 years in offensive roles (red team, penetration testing, ethical hacking) and experience leading virtual teams or red team delivery in enterprise environments.
• Experience collaborating with blue teams/SOCs and running purple‑team exercises; familiarity with SIEM, EDR, and SOAR.

In Return For Your Commitment, You Can Expect

• A competitive salary package
• Industry leading benefits
• Ricoh is an exceptional place to work, with a strong emphasis on career development for the right individuals.
• This is a role where you can excel within a fast-paced environment and succeed within a thriving organisation.
• This is an excellent opportunity to join a global company where you can truly capitalise and build on your own experience.

We Are An Equal Opportunities Employer

At Ricoh, we embrace and respect the collective and unique talents, experience, and perspectives of all people. Together we inspire remarkable innovation. That’s how we live the Ricoh Way.

Ricoh have removed the disclosure of convictions box from their application process (ban the box) offering equal opportunities to all. For all roles, we will judge each individual on their skills and ability before taking into account their history. However, some roles are subject to sensitive and restrictive information and, if successful, you may be required to undertake pre-employment vetting checks which include but are not limited to residency check, credit reference check, financial sanctions check and a DBS Check.