Loading...
Share this Job

Lead Security Consultant - Red Team Lead

Apply now »

Date: 14-Jul-2021

Location: Leamington Spa, GB, CV31 3RZ

Company: Lloyds Register

About Nettitude

 

Nettitude, a Lloyd’s Register company, is an award-winning provider of Cyber Security and Assurance, Incident Response and Technology services to organizations across the world.  We are at a very exciting stage both in terms of our company but also in the Cyber Security marketplace. We are looking for the right people to join us as we embrace the challenges thrown up by the advancements within the IT industry and within the threats faced. Nettitude is at the forefront of this arena and we want to seek the right people to join the team and make it happen. Find out more about Nettitude at https://www.nettitude.com/ 

 

 

The role

 

We have a dedicated Red Team within our business and due to continued growth we are hiring a Lead Security Consultant to be part of our Red Team.

In this role you will be expected to be able to operate multiple engagements at once, orchestrating and supporting your team to deliver on agreed objectives. You will be expected to work in challenging environments and deliver under pressure, while maintaining good working relationships with customers. Whilst the role focuses on a high level of competence in technical delivery, it also requires an equally high level of aptitude for consultancy and management, influence and presentation skills. As a Lead Security Consultant - Red Team, you will be required to manage and mentor people while working with and debriefing executive teams, company boards or regulators such as the Bank of England (BoE) and Financial Conduct Authority (FCA).   

Every year, we deliver a large number of red teaming engagements for a variety of prestigious clients. The typical delivery time frame is in the region of weeks to months. We start with a threat intelligence phase in order to ensure maximum realism and then we move on to a multi scenario attack phase. Finally, we place great emphasis on detection and response. We see the blue team as our customer and so we go on site to conduct an incident response maturity assessment with them at the end of the engagement.

 

 

Location

 

This role is remote. We can support working from across the UK. All applicants will require residence in the UK.

 

What you’ll be doing in your role:

 

In your role you will:

  • Primarily be planning and executing complex Red and Purple Team engagements.
  • Delivering technical and management debriefs, up to executive level.
  • Contribute to and deliver a number of Nettitude training programmes, namely Nettitude’s Red Team training course, delivered privately and at conferences.
  • Develop tooling and attack methodology to support the red Team.
  • Support the Global Red Team operation by being able to travel both domestically and internationally, while operating in multiple time zones where necessary.
  • Support and delivery of Detection and Response (DRA) assessments post attack simulation.
  • Coach and mentor Red Team members, demonstrating strong leadership and providing support to all aspects of the job, technical, procedural and social.
  • Maintain a good working knowledge of Blue Team tactics/capabilities, specific to people, processes and technologies and of threat actors and their Tactics, Techniques and Procedures (TTP’s).
  • Maintain a proficient knowledge of regulatory frameworks, laws and their legal implications, operational security and its impacts on the team.
  • Reporting:
    • Create high quality technical and management reports.
    • Providing Quality Assurance services, confirming the relevant technical or management quality.
  • Create tools and procedures to assist in improving process, continuity and business growth.
  • Help maintain and develop the Nettitude brand reputation, this could be in the form of training, workshops, conference talks, technical research or blogs, or by driving internal initiatives through both request and observation, specific to improving the Red Team service.

 

 

Key skills:

 

  • Demonstrable strong technical, social, presentation and problem-solving skills.
  • Demonstrable strong ability to lead, teach, present, manage, influence and inspire the wider team.
  • Demonstrable strong written and speaking English skills.
  • High proficiency with multiple C2 frameworks and capability to customise them to overcome technical challenges.
  • CREST CCSAM, CCSAS or equivalent level of IT Security related certification/knowledge.
  • Ability to work and deliver under pressure in a worldwide organisation.

 

 

Desirable skills:

 

  • Knowledge and experience in development or programming languages (ex. Python, Perl, Ruby, PowerShell, C, C#, Java) in order to develop custom scripts or tools.
  • Knowledge of adversary tactics against Apple heavy environment.
  • SC and DV level clearances UK.
  • Understanding of global regulatory landscape for technology and cyber risk experience in any of the common regulated frameworks (such as CBEST, GBEST, GCASE, TBEST, TIBER-EU, C-RAF iCAST, AASE, TIBER-FI, CORIE, FEER)
  • Conducting threat modelling.
  • Experience of defining strategies, methodologies, processes and procedures required to create a successful security strategy.

 

 

What we offer:

 

We offer an exciting working environment with intellectual challenges, responsibility and high level of client interaction. An attractive remuneration package will be provided to the right candidate. The role provides a platform to work as part of a team simulating highly advanced attacks against enterprise businesses globally, using sophisticated tooling developed internally such as Photon (in-house c2) and PoshC2 Public and Private (Nettitude develop an internal private version also). To maintain the high standards of delivery, consultants will also be given research and development time to build new tooling and spend time in our lab environment testing against a number of EDR solutions. This opportunity along with the work that we do provides a chance to make a real difference and help businesses better defend themselves from future attacks.

So if you’re the kind of person who loves deep technical challenges and a fantastic work environment, we welcome your interest. Please do visit our website to understand more about how we develop our people, work on cutting edge engagements and offer multiple career progression paths.

 

Apply?

 

Are you interested in this job? Apply now via the ‘apply’ button and upload your C.V. and cover letter

 

 


Job Segment: Developer, Java, Quality Assurance, QA, Research, Technology, Quality