Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead advanced security testing initiatives and manage ethical hacking campaigns.
- Company: Join a pioneering international organisation focused on making a real difference.
- Benefits: Engaging work culture, diverse team, and opportunities for professional growth.
- Why this job: Make an impact in cybersecurity while collaborating with experts across various sectors.
- Qualifications: Experience in cybersecurity, Red/Purple Team operations, and strong communication skills.
- Other info: Dynamic environment prioritising sustainability, equality, and digital transformation.
The predicted salary is between 36000 - 60000 £ per year.
We are seeking a highly skilled Information Security Consultant to lead the scoping, planning, and execution of advanced security testing initiatives, including Red Team and Purple Team engagements. We are looking for a specialist experienced in managing and delivering ethical hacking campaigns, Red/Purple team assessments and technical risk assessments. This role validates defensive capabilities, synthesises complex findings to provide actionable guidance for improvement of cyber posture and resilience.
This role bridges technical security and security risk management and requires knowledge of risk assessment methodologies, an ability to produce metrics, reporting and dashboards as well as translate and present technical language, concepts and impacts into language that facilitates business decision making.
Key Responsibilities- Scoping & Planning
- Define objectives, scope, and success criteria for Red Team and Purple Team exercises.
- Develop detailed test plans aligned with organizational risk priorities and compliance requirements.
- Coordinate scheduling and resource allocation for internal and external stakeholders.
- Engagement Management
- Act as the primary liaison between internal teams and external MSSPs/consultants.
- Ensure testing activities adhere to agreed timelines, methodologies, and ethical guidelines.
- Monitor progress and provide status updates to senior leadership.
- Technical Oversight
- Review and validate attack scenarios, tactics, techniques, and procedures (TTPs) used during engagements.
- Ensure Purple Team exercises effectively integrate offensive and defensive teams for collaborative improvement to enhance detection and response.
- Analysis & Reporting
- Analyse findings from Red and Purple Team engagements.
- Prepare comprehensive reports detailing vulnerabilities, attack paths, and defensive gaps.
- Prepare and present results to technical and non-technical stakeholders, including reporting for EBRD senior leadership.
- Incorporate technical findings and outcomes into information security risk reporting templates.
- Implementation Guidance
- Provide actionable remediation steps and strategic recommendations based on findings.
- Collaborate with IT security, security engineering, architecture and operations teams to guide implementation improvements.
- Track remediation progress and validate effectiveness through follow-up testing.
- Technical Expertise
- Strong understanding of adversarial tactics (MITRE ATT&CK framework) and threat emulation.
- Experience with penetration testing, exploit development, and detection engineering.
- Familiarity with SIEM, EDR, and threat-hunting tools.
- Commitment to staying up to date with emerging threats and remedies.
- Reporting & Presentation
- Ability to translate technical concepts, including technical risk, into business language and business impact.
- Experience in proposing actionable remedial steps to address findings.
- Experience of reporting meaningful metrics to a variety of internal technical and non-technical audiences.
- Collaboration
- Proven ability to work with external MSSPs and consultants.
- Experience in overseeing and managing testing campaigns with a variety of internal stakeholders.
- Excellent communication skills for cross-functional engagement.
- Certifications (Preferred)
- OSCP, OSCE, CRTO, or similar offensive security certifications.
- GIAC certifications (e.g., GCTI, GPEN, GCFA) or equivalent.
- Experience
- Extensive background in cybersecurity, covering all major security domains, with solid hands-on experience in Red and Purple Team operations.
- Hands-on experience in scoping and managing security testing engagements.
- Solid experience in metrics and reporting.
- Strategic thinker with strong analytical skills.
- Ability to translate technical findings into business risk language.
- Ability to partner with a wide range of technical and non-technical stakeholders.
Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.
The EBRD environment provides you with:
- Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in;
- A working culture that embraces inclusion and celebrates diversity;
- An environment that places sustainability, equality and digital transformation at the heart of what we do.
Information Security Consultant in London employer: The European Bank for Reconstruction and Development
Contact Detail:
The European Bank for Reconstruction and Development Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Information Security Consultant in London
✨Tip Number 1
Network like a pro! Reach out to your connections in the cybersecurity field, attend industry events, and join relevant online communities. The more people you know, the better your chances of hearing about job openings before they’re even advertised.
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your past Red Team and Purple Team engagements, including any reports or metrics you've produced. This will give potential employers a clear view of what you can bring to the table.
✨Tip Number 3
Prepare for interviews by brushing up on your technical knowledge and communication skills. Be ready to explain complex concepts in simple terms, as you'll need to bridge the gap between technical and non-technical stakeholders.
✨Tip Number 4
Don’t forget to apply through our website! We’ve got loads of opportunities that might be perfect for you. Plus, it’s a great way to show your enthusiasm for joining our team at StudySmarter.
We think you need these skills to ace Information Security Consultant in London
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter to highlight your experience with Red Team and Purple Team engagements. We want to see how your skills align with the specific responsibilities mentioned in the job description.
Showcase Your Technical Skills: Don’t hold back on detailing your technical expertise! Mention your familiarity with the MITRE ATT&CK framework, penetration testing, and any relevant certifications. We love seeing candidates who are passionate about staying updated with emerging threats.
Communicate Clearly: Remember, you’ll need to translate complex technical findings into business language. Use clear and concise language in your application to demonstrate your ability to communicate effectively with both technical and non-technical stakeholders.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for this exciting opportunity. Plus, it shows you’re keen on joining our team!
How to prepare for a job interview at The European Bank for Reconstruction and Development
✨Know Your Stuff
Make sure you brush up on your knowledge of the MITRE ATT&CK framework and adversarial tactics. Be ready to discuss your hands-on experience with penetration testing and how you've applied it in real-world scenarios. This will show that you're not just familiar with the theory but can also put it into practice.
✨Speak Their Language
Practice translating complex technical concepts into business language. During the interview, you'll need to demonstrate your ability to communicate findings and recommendations clearly to both technical and non-technical stakeholders. Use examples from your past experiences to illustrate how you've done this successfully.
✨Show Your Strategic Thinking
Prepare to discuss how you've approached scoping and planning for Red Team and Purple Team exercises in the past. Highlight your strategic thinking and analytical skills by sharing specific examples of how you've defined objectives and success criteria that align with organisational risk priorities.
✨Engagement Management Skills
Be ready to talk about your experience managing testing campaigns and liaising with external MSSPs or consultants. Share how you've coordinated resources and ensured adherence to timelines and ethical guidelines. This will demonstrate your ability to manage complex engagements effectively.
