Back to careers

Red Team Operator

Full time, permanent. Position available in either the UK or India.

We are looking for an experienced and keen ethical hacker to join our Red Team function. The successful candidate will work with our red team, delivering sophisticated attack simulation and purple team exercises for our clients across the globe. You will be part of a dynamic team working to help clients improve their overall security posture.

As a Red Team Operator, you will be considered as a highly skilled specialist in information security, working with both public and private sector clients. You will be part of a talented and collaborative international team, delivering sophisticated projects.

The role

  • Prepare and execute complex client engagements, such as adversary simulation and purple team exercises
  • Work closely with the defensive teams to deliver close down seminars, leveraging knowledge to improve security posture
  • Research tactics, techniques, and procedures (TTPs) and implement advanced evasion techniques to improve the overall team’s OPSEC
  • Develop in-house tools that help the team improve overall operations and efficiency

About you

  • Experienced in delivering application pen testing (mobile & web), internal pen testing and security of cloud environments (AWS, Azure, GCP)
  • Strong understanding of Active Directory, vulnerabilities, threats, design flaws and contextualise them to communicate to clients in a non-technical manner
  • Experienced in all phases of attack simulation, such as setting up infrastructure, OSINT, social engineering, post-exploitation and reporting
  • Ability to understand, assess and bypass clients’ cyber defences
  • Strong scripting abilities using PowerShell, Python, Ruby, and/or programming with compiled languages (C/C+ +, C#, Golang, etc.)
  • Strong understanding of the MITRE ATT&CK Framework or other similar frameworks
  • Ability and understanding of exploiting vulnerabilities in Linux, Windows, Mac, and embedded devices
  • Familiarity with common C2 frameworks (such as Cobalt Strike and Mythic) or SOC tools (e.g. Splunk/EDRs) is beneficial

The following certifications are desirable but not essential:

  • CCT INF/APP
  • CCSAS/CCSAM
  • OSEP
  • OSCE
  • OSED
  • CRTO

The person

We are looking for for a candidate with a keen interest in technology and who understands the value of cyber security. You will possess excellent time management, organisational and communication skills. You will be comfortable conversing on the phone and be a good oral and written communicator, and able to support the team in writing business documents. 

The right person will be flexible in their approach, be bright and an initiative taker.

The person must have the right to work in their country of employment. Due to the nature of some of our work and exposure to sensitive information, the candidate will be required to complete Government SC vetting or equivalent. You can find out more about vetting and the process here.

Full training will be given on company and service portfolio and any internal software programs as part of the induction program.

Want to be part of the team?

Apply by sending your CV and cover letter to careers@commissum.com