Red Team Consultant; Senior

To do this, we work hard to understand our clients and the challenges they face to create tailored solutions and avoid generic, off-the-shelf products and services.

We’re looking for an experienced Red Team Operator to join our adversary simulation team, delivering high-impact operations against some of the most complex enterprise environments in the UK and beyond. This isn’t a typical penetration testing role. You’ll be leading tailored campaigns that emulate real-world threat actors — from phishing initial access through to cloud-native post-exploitation and domain-level compromise in hybrid estates.

We focus on intelligence-led engagements, simulating TTPs derived from current threat actors, helping our clients uncover blind spots and prepare for the attacks that actually matter.

We value curiosity, creativity, and diverse experience — some of our team came from medicine, others from blue team, IT, or non-technical backgrounds. If you’re an experienced operator looking to work on challenging problems alongside a strong and supportive team, we’d love to hear from you.

• Planning and executing full-spectrum red team operations against large-scale organisations.
• Designing and delivering targeted phishing and social engineering campaigns with behavioural realism.
• Performing advanced Active Directory enumeration and abuse, including trust path abuse, delegation exploitation, and credential material extraction.
• Simulating adversary behaviour based on threat intelligence and frameworks (MITRE ATT&CK, TIBER, etc.).
• Identifying and exploiting weaknesses in cloud environments (Microsoft 365, Azure AD, AWS, GCP, Okta).
• Bypassing modern detection controls (EDR/XDR, MFA etc) with solid operational security.
• Developing custom tooling for payload delivery, evasion, and C2 communications.
• Collaborating with defensive teams during purple team exercises to enhance detection and response.

• Demonstrable experience delivering red or purple team engagements in large enterprise or regulated environments.
• Strong understanding of both Windows and cloud infrastructure attack surfaces.
• Fluency in one or more scripting languages (Power Shell, Python, Bash) for tooling and automation.
• Proficient with modern red team infrastructure and frameworks (e.g. Cobalt Strike, Mythic, Sliver, custom C2).
• Solid grasp of Active Directory and Azure AD internals, and related abuse paths.
• Familiarity with common social engineering tactics and phishing techniques, from initial contact to payload execution.
• Ability to think like an attacker, document like a consultant, and communicate like a trusted advisor.

• Experience crafting custom payloads or tooling for evasion and post-exploitation.
• Knowledge of TTP simulation frameworks.
• Contributions to open-source security tools or published research/blogs.
• Understanding of adversary emulation in regulatory contexts (TIBER-EU, CBEST, GBEST, etc.)
• Certifications like OSCP, OSCE, CRTO, or equivalent hands-on experience (we care more about skill than certs).
• A competitive salary up to £65K depending upon experience
• 25 days annual leave, including your birthday off work
• 4 paid days for charity or community work
• Flexible hybrid working
• 24/7 access to our Employee Assistance Plan (EAP)
• Earn up to £2000 in our recruitment referral scheme
• Company pension

• Supportive and inclusive company culture that values diversity and encourages new ideas and perspectives
• High-autonomy environment with supportive, skilled peers.
• Annual training & research budget — use it for conferences, courses, or tooling.
• Access to red team labs, testing infrastructure, CTI, and sandbox environments.
• Opportunities to contribute to public research, tools, and community initiatives.
• Flexible work, sensible management, and zero micromanagement.

If you are interested in…