Bulletproof are looking for a new Red Team Specialist to join its growing dedicated Red Team. As a Red Team Specialist within Bulletproof you will be expected to deliver advanced simulated attack engagement to clients across numerous industries. You will be a part of every phase and aspect of Red Team delivery, from initial access to tailored impact scenarios. At Bulletproof we use a blend of cutting edge commercial and internally developed tooling to deliver our engagements. Innovation and a drive to deliver the best possible results for our clients is at the core of everything we do.

SKILLS, EXPERIENCE & QUALTIES REQUIRED

• Be a UK citizen with a right to work in the UK, we are currently not accepting applications outside of the UK or considering visa sponsorship.
• We are looking for someone to join the team and help us drive the service forward from the start, therefore a minimum of 2 years proven prior experience delivering Red Team engagements is essential.
• Strong technical skills within your given specialism(s) e.g. Initial Access, EDR Bypass, Cloud Exploitation, Malware & Exploit Development etc.
• Motivated, able to collaborate, work as part of a team or independently and communicate to clients clearly.
• For UK operations, the ability to hold or maintain security clearance may be required
• Knowledge of how modern offensive and defensive solutions are designed and deployed across different platforms;

HIGHLY VALUABLE SKILLS

• Experience operating on Red Teams within the regulated sector under frameworks such as TIBER-EU/DORA or STAR.
• Strong coding abilities in your preferred language ideally C/C++, GO, Rust, or python.
• Deep knowledge of C2 frameworks and supporting approaches such as operational security and extending functionality on both commercial and open-source frameworks.
• Proven track record of tool development or contributions to open-source projects.
• Deep technical familiarity with offensive and defensive concepts and protocols.
• Extensive understanding of MITRE ATT&CK framework, and various security frameworks associated with red teaming such as TIBER-EU.

QUALIFICATIONS

Any of the following qualifications are preferred.

• Recognised Red Team specific qualifications such as CCSAS/CCRTS, CRTO, CRTL, OSED, OSCE, CRTM/PACES
• GXPN, GPEN, OSCP, GWAPT or similar certifications may also be considered

You will act as one of or the sole delivery resource for Red Team engagements at Bulletproof. You will be expected to deliver, full red team engagements, purple teams, assumed breach engagements and look to achieve the required accreditations to join work on regulated projects in the future. You should be able to work independently and as part of a small team, following framework guidance and internal methodologies to deliver complex and bespoke red team engagements. Your responsibilities will include:

• Delivering comprehensive red team operations by serving as the either the primary technical operator or one of a team on both threat intelligence-driven and standard adversarial engagements, where you’ll be required to follow scenario execution plans, manage your resources and timelines, and make critical technical decisions that drive successful outcomes in complex, high-stakes environments.
• Leverage deep technical expertise in operating systems, network architecture, and infrastructure fundamentals to execute sophisticated attack chains and navigate complex enterprise environments during red team operations.
• Collaborate with external teams to deliver training and insights to enhance blue team capabilities, which requires in depth understanding of current tools and techniques, not just how to run them.
• Help define, document, and continuously refine internal technical processes, service methodologies.
• Contribute to ongoing tool development and research actions to help enhance our team capabilities and support the wider community where possible.
• Support with various client pre-engagement interactions, including scoping activities and proposal drafting;
• Provide well-written, concise, technical and non-technical reports in English;
• Develop and deliver in house training where required;
• Support the Marketing team with the development of content (including, but not limited to: Blogs, Social Media Posts, and Articles) to help raise the profile of Bulletproof’s Penetration Testing and other services;
• Support the QA process to ensure high quality client reports are delivered in accordance with applicable Service Level Agreement (SLA);
• Perform formal and comprehensive penetration testing assessments if required;
• Any other appropriate job duties in line with the associated skill and experience of the post holder.