Principal Security Consultant (Red Team Operator)
Posted a month ago
- London, Greater London
- Any
- External
- Expires In 2 months
Title: Principal Security Consultant (Red Team Operator)
Locations: Remote, UK
NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance. We help secure the most trusted brands on Earth with our Penetration Testing as a Service (PTaaS), Attack Surface Management (ASM), and Breach and Attack Simulation (BAS) solutions. Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.
NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers.
We are seeking a highly experienced Red Team Operator with demonstrated technical depth and breadth in adversarial simulation as well as the soft skills to effectively communicate with executive and technical teams. Our Red Team operates globally in some of the largest and most well-defended networks. In this role, you’ll have the ability to work alongside a world-class team using top-tier custom tools. Applicants are expected to leverage strong problem-solving skills, as well as lead, collaborate, and innovate to deliver high-quality exercises and exceptional experiences for our customers.
A day in the life of a NetSPI Red Team Operator:
Plan, lead, and execute both regulated (threat intelligence-led), and non-regulated Red Team Operations.
Utilize sophisticated technologies and capabilities to simulate complex attacks against mature, highly defended networks.
Research and develop innovative techniques, tools, and methodologies in support of Red Team Operations.
Author and deliver narrative driven and findings-based reports to clients.
Deliver detection and response assessments (DRA Workshops), replay and/or purple team workshops for regulated testing types such as CBEST, TIBER and others.
Collaborate with clients to create remediation strategies that will help improve their detection and response capabilities.
Share technical expertise and best practices for various service lines aligned to NetSPI's overall proactive security services catalog.
Assist in providing technical and operational capability guidance to other team members as well as identifying areas of growth they should target to pass key exams or performance metrics.
Help define and document internal technical, and service processes as well as both novel TTPs and those used in the wider ecosystem.
Contribute to the information security community through the development of tools, presentations, white papers, and blogs.
Requirements:
Experience performing threat intelligence-led red teaming in accordance with a variety of regulatory frameworks (i.e., CBEST, GBEST, TIBER-XX, iCAST, CORIE, FEER, AASE, etc).
Due to the nature of the role, the applicant must hold and be able to maintain a current CCSAS certification.
Recognized Red Team or penetration testing specific qualifications such as CCSAM, CRTO, OSED, OSCE(3), etc.
For UK operations, the ability to hold or maintain security clearance may be required.
Minimum of 10 years combined in IT and information security experience.
Minimum of 5 years experience performing offensive/attack-oriented security assessments.
Strong communication, presentation and writing skills.
Expertise in both offensive and defensive security concepts.
Bachelor’s degree or higher with a concentration in computer science, engineering, maths, IT, or equivalent skills and experience.
Demonstrable knowledge in the following areas:
Windows and/or *nix administration within client and server architecture.
Networking concepts such as routing, switching, and transport layer protocols i.e., TCP/IP suite.
Common application layer protocols, HTTP/S, DNS, SSH, etc.
Active Directory, Microsoft Entra and related authentication/authorization technologies.
Modern attack strategies that use social engineering and technological abuse primitives.
Utilizing and customizing a variety of C2 frameworks and offensive toolkits used to deliver Red Team Operations as well as network and application testing.
Preferred Experience:
Programming experience in one or more of the following languages: Python, C, C++, C#, PowerShell, Go, Rust, Nim, and JavaScript.
Locations: Remote, UK
NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance. We help secure the most trusted brands on Earth with our Penetration Testing as a Service (PTaaS), Attack Surface Management (ASM), and Breach and Attack Simulation (BAS) solutions. Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.
NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers.
We are seeking a highly experienced Red Team Operator with demonstrated technical depth and breadth in adversarial simulation as well as the soft skills to effectively communicate with executive and technical teams. Our Red Team operates globally in some of the largest and most well-defended networks. In this role, you’ll have the ability to work alongside a world-class team using top-tier custom tools. Applicants are expected to leverage strong problem-solving skills, as well as lead, collaborate, and innovate to deliver high-quality exercises and exceptional experiences for our customers.
A day in the life of a NetSPI Red Team Operator:
Plan, lead, and execute both regulated (threat intelligence-led), and non-regulated Red Team Operations.
Utilize sophisticated technologies and capabilities to simulate complex attacks against mature, highly defended networks.
Research and develop innovative techniques, tools, and methodologies in support of Red Team Operations.
Author and deliver narrative driven and findings-based reports to clients.
Deliver detection and response assessments (DRA Workshops), replay and/or purple team workshops for regulated testing types such as CBEST, TIBER and others.
Collaborate with clients to create remediation strategies that will help improve their detection and response capabilities.
Share technical expertise and best practices for various service lines aligned to NetSPI's overall proactive security services catalog.
Assist in providing technical and operational capability guidance to other team members as well as identifying areas of growth they should target to pass key exams or performance metrics.
Help define and document internal technical, and service processes as well as both novel TTPs and those used in the wider ecosystem.
Contribute to the information security community through the development of tools, presentations, white papers, and blogs.
Requirements:
Experience performing threat intelligence-led red teaming in accordance with a variety of regulatory frameworks (i.e., CBEST, GBEST, TIBER-XX, iCAST, CORIE, FEER, AASE, etc).
Due to the nature of the role, the applicant must hold and be able to maintain a current CCSAS certification.
Recognized Red Team or penetration testing specific qualifications such as CCSAM, CRTO, OSED, OSCE(3), etc.
For UK operations, the ability to hold or maintain security clearance may be required.
Minimum of 10 years combined in IT and information security experience.
Minimum of 5 years experience performing offensive/attack-oriented security assessments.
Strong communication, presentation and writing skills.
Expertise in both offensive and defensive security concepts.
Bachelor’s degree or higher with a concentration in computer science, engineering, maths, IT, or equivalent skills and experience.
Demonstrable knowledge in the following areas:
Windows and/or *nix administration within client and server architecture.
Networking concepts such as routing, switching, and transport layer protocols i.e., TCP/IP suite.
Common application layer protocols, HTTP/S, DNS, SSH, etc.
Active Directory, Microsoft Entra and related authentication/authorization technologies.
Modern attack strategies that use social engineering and technological abuse primitives.
Utilizing and customizing a variety of C2 frameworks and offensive toolkits used to deliver Red Team Operations as well as network and application testing.
Preferred Experience:
Programming experience in one or more of the following languages: Python, C, C++, C#, PowerShell, Go, Rust, Nim, and JavaScript.
.webp "Apply4U | Sign Up")
.webp "Apply4U | Contact Us")
.webp "Apply4U | Sign up")
