Join to apply for the Red Team Operator - Team Lead role at CoreTech Security.
At CoreTech we have a rich pedigree of conducting world‑class security research across a multitude of platforms. Having established and delivered many successful projects in this area over the years, we are expanding into adjacent areas. We are hiring a Red Team Lead to help shape, grow and manage a new service. You will lead a long‑term offensive security capability with backing, a clear mandate, and a roadmap for growth. Our Red Team will operate with a realistic adversary mindset, focusing on end‑to‑end attack simulation, stealth, and meaningful outcomes rather than checklist‑driven testing.
Responsibilities
* Plan, lead and execute full‑scope red team operations, simulating real‑world threat actors as well as honing your own tradecraft.
* Lead red team engagements across network infrastructure, cloud and AD environments, web applications and APIs, social engineering and phishing campaigns.
* Configure and use C2 frameworks for command and control.
* Use network and endpoint detection (EDR) evasion techniques.
* Perform post‑exploitation activities including privilege escalation, lateral movement, persistence and exfiltration.
* Develop and modify custom tooling, payloads and infrastructure.
* Produce high‑quality reports that tell the story of the attack and drive remediation.
Team Lead Duties
* Manage the team from all aspects of technical leadership and pastoral responsibility.
* Be actively involved in leading, planning and strategic engagements with our customers.
* Continuously develop and improve operational processes to increase the quality of engagement and promote knowledge sharing among the team.
* Ensure engagements comply with relevant legislation and that ethical boundaries are defined and respected.
Required Experience
* Commercial experience leading full‑scope engagements in a Red Team environment.
* Experience with regulatory‑driven engagements such as CBEST, TIBER or GBEST.
* Experience leading and managing a team.
* Experience using Infrastructure‑as‑Code to deploy infrastructure.
* Experience building and configuring an Active Directory environment.
* Understanding of common detection tools and services available to customers.
* Experience recommending relevant mitigations and detection techniques to customers.
* Ability to explain why an attack technique worked and how a customer can mitigate it in the future.
* Good knowledge of existing tools and techniques and how to customise them.
Desirable Experience
* Relevant certifications such as Offensive Security (OSEP, OSEE, OSWE), CREST (CCRTS, CCSAS, CCT), Cyber Scheme (CSTL, Red Team Manager) or SANS.
Benefits
* Promotions based on technical excellence and reviewed regularly.
* 25 days holiday per year (plus bank holidays), option to buy up to 5 days per year.
* Extra holiday days based on service length.
* Financial support for HMRC allowable relocation costs.
* Training and development opportunities.
* O'Reilly books subscription.
* Regular events including internal conferences, socials and lunchtime seminars.
* Free seasonal fruit, tea, coffee, milk, squash and hot chocolate.
Health Benefits
* Private online GP and helpline.
* Physiotherapy, osteopathy or chiropractic services.
* Mental health counselling and specialist consultations.
* Annual health assessment.
Financial Benefits
* Company bonus scheme based on company success.
* 8% company contribution to pension with no employee contribution minimum.
* Death in service cover of 4x base salary.
Lifestyle Benefits
* Maternity, paternity and adoption leave enhancements.
* Cycle‑to‑work scheme with ability to purchase e‑bikes and other cycles.
Salary
We reward staff based on technical excellence rather than years of experience. In your interview, we will discuss how your skills map to our grading system and determine the salary band that reflects your fit.
Location
We are based in the centre of Cheltenham in a contemporary new‑build office, five minutes walk from local shops and cafes.
Application Process
Our interview process is quick and to the point: if you appear to be a good fit, we’ll schedule a brief call to discuss further. If that goes well, we’ll arrange a technical interview to assess your experience. We aim to respond within a couple of days of the technical interview.
Seniority Level
Mid‑Senior level
Employment Type
Full‑time
Job Function
Management and Manufacturing
Industries
Computer and Network Security
Referrals increase your chances of interviewing at CoreTech Security by 2x.
#J-18808-Ljbffr