Senior Security Consultant - Red Team

Introduction:

Every year, we deliver a large number of red teaming engagements for a variety of prestigious clients. The typical delivery time frame is in the region of weeks to months. We start with a threat intelligence phase in order to ensure maximum realism and then we move on to a multi scenario attack phase. Finally, we place great emphasis on detection and response. We see the blue team as our customer and so we go on site to conduct an incident response maturity assessment with them at the end of the engagement.

What we are looking for:

We are looking for the right individuals to engage in top tier red teaming, STAR, CBEST & TIBER work.

The attributes possessed by successful candidates include:

• The ability to perform under pressure – we have to outfox and outrun the blue team!
• A willingness to occasionally work unsociable working hours – attackers don’t just work 9-5 and sometimes we need to replicate that!
• Strong knowledge of the cyber kill chain and common tactics, techniques and procedures often employed by a variety of threat actors.
• A good understanding of how a typical blue team operates.
• You will be enthusiastic and able to work well within a high performing team as well as perform to a high standard autonomously.
• You will have an in depth understanding of risk.
• The ability to write and deliver high quality reports.
• A thirst for research and being at the cutting edge of the industry.

The role involves:

Red team members are highly skilled professionals applying offensive security techniques to engagements with customers and working under direction of a Red Team Lead. Personal drive and commitment to be at the top of their field is a key personal characteristic for a Red Team Member.

Engagements worked on involve sophisticated attack simulations. Therefore, it is critical that you understand the legal requirements and industry regulatory frameworks (CBEST, GBEST, GCASE, TBEST, TIBER-EU, C-RAF iCAST, AASE, TIBER-FI, CORIE, FEER) that each environment operates under.

Red Team Members are expected to work within a team and be positive contributors to that team, both in technical skill and attitude.

A Red Team Member is expected to work in a number of complex environments, often hardened and monitored by Blue Teams. Therefore, they are expected to be creative, adept, and able to perform under pressure. The role focuses on a strong level of competence in technical delivery, but strong communication, organisational and professional skills are equally important.

Role responsibilities:

• Write high quality and detailed technical reports, appropriate to their intended audience.
• Execute Red and Purple Team engagements, Penetration Tests and Social Engineering Assessments for LRQA customers.
• Support the Global Red Team operation by being able to travel both domestically and internationally, and operating in different time zones where necessary.
• Maintain a strong knowledge of regulatory industry frameworks, local and international laws and their impact on Red Team operations.
• Carry out or support technical research that improves LRQA delivery capability, industry awareness, and brand reputation.
• Maintain a strong working knowledge of threat actors and their Tactics, Techniques and Procedures (TTP’s).
• Maintain a strong working knowledge of Blue Team tactics and capabilities, including people, processes and technologies. Support and delivery of Detection and Response (DRA) assessments, and reporting where necessary.
• Maintain and abide by the Red Team methodology and supporting documentation/processes.
• Create or improve existing tools and procedures in order to improve the execution of Red Team operations.
• Help maintain and further develop the LRQA brand reputation across the industry, this could be in the form of training, workshops, conference talks or blogs.

Skills/experience required:

Essential

• At least 3 years’ experience performing network and application penetration testing.
• Strong technical and presentation skills.
• Strong written and verbal communication skills.
• Creative thinking, strong analytical, problem solving and organisational skills.
• Keen learner and passionate about latest offensive security techniques.
• Knowledge of common defensive security controls used by organisations.
• Knowledge and experience in scripting or programming languages (e.g. Python, PowerShell, C, C#, Java) in order to develop custom scripts or tools.
• Strong knowledge of and experience in at least one Command and Control (C2) framework, including being capable of modifying or creating said tooling to evade common security controls such as Anti-Virus.
• Knowledge and ability to perform reconnaissance, exploitation and post-exploitation activities with minimal use of automated tools, in a safe and controlled manner.
• CREST CCT Infrastructure/Application, or equivalent level of cyber security related certification, knowledge and experience.
• Ability to work and travel to LRQA customers located both across the UK and worldwide.

Desirable

• Highly proficient with multiple C2 frameworks and capable of modifying or creating tooling to overcome technical challenges.
• Knowledge of adversary tactics against Apple (MACOS) heavy environment.
• Hold or be eligable to obtain UK SC and DV level clearances 
• Demonstrate strong analytical/problem solving skills.
• Demonstrate strong ability to lead, teach, present and inspire the wider team.
• CREST CCSAM/CCRTM, CCSAS/CCRTS or equivalent level of IT Security related certification/knowledge.