Principal Red Team Specialist

One of the most exciting prospects in the UK cyber security sector today, Bridewell is a leading cyber security services company specialising in protecting and transforming critical business functions for some of the world's most trusted organisations. We are the trusted partner for operators of essential services and provide end-to-end cyber security capabilities that help our clients overcome their security challenges, allowing them to operate safely and securely.

Bridewell holds the Gold level, Investors in People award which we feel solidifies and reflects on the outstanding calibre that makes us truly one team.

Who are we looking for?

A passionate technology focused individual, with an honest and empathic approach to customer conversations and able to communicate with all levels of an organisation with appropriate technical content. You'll be an experienced Red Team Lead with solid involvement of leading and delivering offensive security engagements such as threat led penetration testing (TLPT), adversary simulation, adversary emulation, purple teaming and social engineering. This is an excellent opportunity for a highly motivated Red Team Lead to continue their development and work on a range of exciting projects.

Reporting to Head of Offensive Security, you'll be leading delivery sophisticated red and purple teaming engagements as part of Bridewell's Red Team services, providing guidance, mentorship and technical expertise across Bridewell and to our clients.

Further responsibilities include:

• Lead for complex red team engagements covering whole engagement lifecycle - scoping, project initiation, delivery, reporting and post-engagement debrief.
• Demonstrate advanced knowledge of attack methodologies, including privilege escalation, lateral movement, persistence, and exfiltration techniques.
• Prepare comprehensive reports detailing red team findings, including identified vulnerabilities, successful exploits, and recommendations for remediation.

• Support the sales team with pre-sales and assist with technical input into tenders and proposals.

• Conduct research and participate in knowledge-sharing activities to enhance the organisation's offensive security capabilities.

• Actively collaborating with Bridewell's Blue Team to share knowledge and techniques.
• Work with teams across the business, providing the latest technical knowledge to collaborate on interesting client projects.
• Stay up to date with the latest attack techniques, vulnerability trends, and industry best practices.
• Showcase Bridewell's capabilities in public speaking, webinars and other marketing initiatives.
• Continuously develop technical skills and expertise through training and certifications.
• Performing R&D to improve capability, development of payloads
• Line management including mentoring, coaching and upskilling of team members.

What we're looking for

• Minimum of 6 years' experience in a dedicated red teaming role

• Highly proficient in performing a variety of offensive security engagements such as adversary simulation, threat emulation, purple teaming and infrastructure assessments.

• Experience of performing regulated Threat Led Penetration Testing (TLPT), especially within Financial Services - CBEST, TIBER-EU frameworks.

• Hold industry recognised qualifications such as CREST CCT, CCSAS/CCRTS and CCSAM/CCRTM (or actively working towards)
• Proficiency in programming or scripting (Python, Bash, Powershell, C, C#)

• Demonstratable experience in threat simulations, phishing, social engineering and physical security.

• Advanced C2 framework knowledge (Cobalt Strike / Outflank OST)

• Blue team and defensive knowledge
• Experience with Cloud red teaming and identity-based attacks.
• Awareness of the Mitre ATT&CK framework and how it can be used to learn an adversary's tactics and techniques and focus incident response.
• Adept at infrastructure deployment, including Infrastructure as Code (IaC) – Terraform, Ansible.
• Malware Development
• Proficiency across a range of operating systems (Windows, Linux, macOS)

Our vision is to create a safe, inclusive digital world where people and organisations can thrive. Our values of Do the Right Thing, One Team and Above and Beyond emphasises the importance of the part we play in society, and our commitment to our people and clients.  Our story to-date has been phenomenal, but success doesn't end here and as we continue to grow and scale, we want to keep the same culture, passion and commitment to high quality that has enabled us to get this far. Bridewell will provide a great career opportunity with continual development as well as the following:

• 25 Days Holiday - Plus buy and sell options
• Flexible Working (around core office hours)
• Performance Incentive Bonus
• Company Pension
• Employee Shareholder Scheme
• Personal Day & Birthday Off - After 1 year of service

• Family Leave – After 1 year of service

• Enhanced Maternity based on length of service

• Dedicated Training Budget
• Life Assurance
• Electric Vehicle Scheme & Cycle to Work Scheme
• Private Healthcare (incl. Gym discounts and vison care)

Location: Bridewell operates a hybrid and flexible working policy, however you will be required to travel to different sites on occasion.

Note: To be eligible for this job you must either hold SC Clearance or be eligible and willing to go through security clearance.

Bridewell values diversity in the workplace and is a fair and equal opportunity employer. We are committed to creating an equal and inclusive working environment, with the aim that our employees will be truly representative of all sections of society and each person feels respected and able to give their best.