Internal Red Team Consultant in London

A global leader in digital services, recognised for innovation, sustainability and a people-first culture. At Ricoh, we believe people do their best work when they feel valued and supported. We create inclusive workplaces where you can grow, contribute, and make a positive impact while helping to build a more sustainable future.

Our purpose is centred on understanding and improving how people work. By focusing on real working experiences, we support individuals to develop their skills, realise their potential and do work that feels meaningful. This belief sits at the heart of The Ricoh Promise. It guides how we recruit, how we support our people, and how we work together every day, creating an environment where you can grow, feel valued and make a difference.

We’re hiring an Internal Red Team Consultant in London to design and lead high‑fidelity adversary simulations, validate our detection and response maturity, and provide actionable insights that materially reduce risk. This role operates at the intersection of threat intelligence, offensive security, and enterprise risk, partnering closely with senior stakeholders across Europe.

What you will be doing:

• Plan and execute realistic, risk‑aligned red team engagements across digital, physical, and social domains.
• Emulate sophisticated threat actors, assess resilience across cloud and on‑prem environments, and translate technical findings into clear business risk and remediation priorities.
• Provide virtual, cross‑functional leadership, coordination of internal and external operators, mentoring practitioners, and integrating outcomes with blue teams, SOC, and incident response.
• Deliver second‑line assurance that is rigorous, safe, and business‑relevant.

Key Responsibilities Include:

• Plan and lead red team campaigns that assess enterprise detection and response, aligned to current threat intelligence and business risk.
• Develop and execute adversary playbooks mapped to frameworks such as MITRE ATT&CK, including digital, physical, and social engineering vectors.
• Coordinate internal and external resources to run covert, goal‑oriented engagements across cloud, on‑prem, and hybrid environments.
• Conduct controlled exploitation (web, infrastructure, identity, cloud) and demonstrate attack chains, lateral movement, persistence, and exfiltration.
• Partner with blue teams and SOC on purple‑team exercises, tuning detections, improving SIEM/SOAR use cases, and reducing dwell time and MTTR.
• Produce clear, actionable reporting for technical and executive audiences—prioritising business impact, risk, and pragmatic remediation.
• Maintain strict OPSEC and governance, ensuring legal/ethical compliance, ROE adherence, data handling discipline, and auditability.
• Evolve tools, techniques, and procedures (TTPs), maintain adversary emulation kits, and stay current with APT tradecraft and emerging threats.
• Define KPIs and dashboards to track detection coverage, campaign outcomes, control efficacy, and remediation progress.
• Act as subject matter expert in the CIRT, supporting incident readiness, simulations, and executive briefings.
• Provide virtual leadership and mentorship, fostering a high‑performing, psychologically safe culture of continuous improvement.

You will ideally have:

• Deep hands‑on experience in red team operations and adversary simulation across Windows, Linux, macOS, and cloud (AWS, Azure, GCP).
• Proficiency with red team frameworks and C2 platforms (e.g., Cobalt Strike, Mythic, Sliver) and custom payload/tooling development.
• Strong scripting skills (Python, PowerShell, Bash) and experience automating tradecraft and infrastructure.
• Mastery of OPSEC, detection evasion, OSINT, network discovery, and physical/social engineering techniques.
• Fluency with security testing frameworks and models (MITRE ATT&CK, NIST, Cyber Kill Chain) and mapping findings to detections and controls.

Business and regulatory acumen:

• Ability to translate technical attack paths into business risk, articulating financial, operational, and regulatory impact.
• Familiarity with ISO 27001, NIST, GDPR and sector‑specific compliance (e.g., PCI DSS, HIPAA, NERC CIP).
• Experience integrating outcomes with governance, audit, risk registers, and board‑level reporting.

Leadership and interpersonal skills:

• Proven experience leading virtual, cross‑functional teams and influencing without direct authority.
• Clear, concise communicator—capable of executive‑level briefings and collaborative debriefs with technical teams.
• High discretion, professionalism, and emotional intelligence when handling sensitive findings.
• Calm under pressure, balanced judgement in live engagements, and a continuous‑improvement mindset.

Qualifications and experience:

• Bachelor’s degree in Cyber Security, Computer Science, Information Security, Network Engineering, Digital Forensics, or related field.
• Offensive security certifications—OSCP (minimum), plus one or more of: CRTO, CREST CRT/CCT, GIAC GPEN/GXPN/Red Team Professional; CEH optional.
• Baseline or enhanced security clearance (vetting) will be required.
• Proven career history in cyber security, including 3–5 years in offensive roles (red team, penetration testing, ethical hacking) and experience leading virtual teams or red team delivery in enterprise environments.
• Experience collaborating with blue teams/SOCs and running purple‑team exercises; familiarity with SIEM, EDR, and SOAR.

In return for your commitment, you can expect:

• Work should feel meaningful, supportive and fulfilling.
• Access to learning pathways, mentoring and career opportunities across functions and countries.
• Opportunities to make a difference through volunteering, sustainability initiatives and community programmes.
• Fair rewards, flexible working, wellbeing resources and real recognition.

We are an equal opportunities employer. We believe that diverse perspectives make us stronger, and we welcome applications from people of all backgrounds, identities, and experiences. Our hiring decisions are based on skills, experience and potential, and we are committed to creating a fair and inclusive recruitment process.

If you require any reasonable adjustments at any stage of the recruitment journey, please let us know and we will support you to bring your best self forward.

Ready to love what you do? Apply now and help us shape what comes next.