Bulletproof from Worknest are looking for a new Red Team Specialist to join its growing dedicated Red Team. As a Red Team Specialist within Bulletproof you will be expected to deliver advanced simulated attack engagement to clients across numerous industries. You will be a part of every phase and aspect of Red Team delivery, from initial access to tailored impact scenarios. At Bulletproof we use a blend of cutting edge commercial and internally developed tooling to deliver our engagements. Innovation and a drive to deliver the best possible results for our clients is at the core of everything we do. You will act as one of or the sole delivery resource for Red Team engagements at Bulletproof. You will be expected to deliver, full red team engagements, purple teams, assumed breach engagements and look to achieve the required accreditations to join work on regulated projects in the future. You should be able to work independently and as part of a small team, following framework guidance and internal methodologies to deliver complex and bespoke red team engagements. Your responsibilities will include: · Delivering comprehensive red team operations by serving as the either the primary technical operator or one of a team on both threat intelligence-driven and standard adversarial engagements, where you'll be required to follow scenario execution plans, manage your resources and timelines, and make critical technical decisions that drive successful outcomes in complex, high-stakes environments. · Leverage deep technical expertise in operating systems, network architecture, and infrastructure fundamentals to execute sophisticated attack chains and navigate complex enterprise environments during red team operations. · Collaborate with external teams to deliver training and insights to enhance blue team capabilities, which requires in depth understanding of current tools and techniques, not just how to run them. · Help define, document, and continuously refine internal technical processes, service methodologies. · Contribute to ongoing tool development and research actions to help enhance our team capabilities and support the wider community where possible. · Support with various client pre-engagement interactions, including scoping activities and proposal drafting; · Provide well-written, concise, technical and non-technical reports in English; · Develop and deliver in house training where required; · Support the Marketing team with the development of content (including, but not limited to: Blogs, Social Media Posts, and Articles) to help raise the profile of Bulletproof's Penetration Testing and other services; · Support the QA process to ensure high quality client reports are delivered in accordance with applicable Service Level Agreement (SLA); · Perform formal and comprehensive penetration testing assessments if required; · Any other appropriate job duties in line with the associated skill and experience of the post holder. Skills, Experience and Qualities Required: - Be a UK citizen with a right to work in the UK, we are currently not accepting applications outside of the UK or considering visa sponsorship. - We are looking for someone to join the team and help us drive the service forward from the start, therefore a minimum of 2 years proven prior experience delivering Red Team engagements is essential. - Strong technical skills within your given specialism(s) e.g. Initial Access, EDR Bypass, Cloud Exploitation, Malware & Exploit Development etc. - Motivated, able to collaborate, work as part of a team or independently and communicate to clients clearly. - For UK operations, the ability to hold or maintain security clearance may be required - Knowledge of how modern offensive and defensive solutions are designed and deployed across different platforms; Highly Valuable Skills: - Experience operating on Red Teams within the regulated sector under frameworks such as TIBER-EU/DORA or STAR. - Strong coding abilities in your preferred language ideally C/C++, GO, Rust, or python. - Deep knowledge of C2 frameworks and supporting approaches such as operational security and extending functionality on both commercial and open-source frameworks. - Proven track record of tool development or contributions to open-source projects. - Deep technical familiarity with offensive and defensive concepts and protocols. - Extensive understanding of MITRE ATT&CK framework, and various security frameworks associated with red teaming such as TIBER-EU. Qualifications Required: Any of the following qualifications are preferred. - Recognised Red Team specific qualifications such as CCSAS/CCRTS, CRTO, CRTL, OSED, OSCE, CRTM/PACES - GXPN, GPEN, OSCP, GWAPT or similar certifications may also be considered Personal Attributes: - Excellent spoken and written communication skills with strong attention-to-detail and accuracy; - A passion for security and networks; - Analytical and problem-solving skills with a can-do attitude and the ability to think laterally; - Self-motivation with a commitment to continued development; - Ability to work independently and as part of a team; - Influencing and negotiation skills with the ability to build relationships at all levels; - Willingness to learn. Benefits: - Birthday holiday - Discounted Private Medical Insurance - Gym Membership - VITO days - X2 paid volunteer days - Enhanced Family Related Leave Pay - Standard Life Salary Sacrifice Pension - Social Events We understand that job descriptions provide only a brief overview of a role. If you would like more information, please feel free to reach out or submit an application, and we will be happy to share further details. WorkNest is an equal opportunity employer. We celebrate diversity and are committed to fostering an inclusive environment for all employees.

We are a fast-growing Series A startup building cutting-edge technology to revolutionize cloud development processes and support highly efficient dev&test feedback loops. We’ve closed our last $25mil round in Q4 2024, led by Notable Capital, CRV and Heavybit. At its core, LocalStack provides a high-fidelity emulator and local cloud development platform. Imagine developing cloud applications and data pipelines entirely on your local machine within a lightweight cloud sandbox, running in Docker! Our mission is to empower developers to rapidly build and test their cloud applications, allowing for a more enjoyable dev experience, and saving valuable time and resources. LocalStack has a large and active developer community with over 100k active users worldwide and 290M+ downloads to date. Our customer base ranges from SMBs to Global Fortune 500 companies. We are sustainably growing our globally distributed team across sectors LocalStack is headquartered in Zurich/Switzerland 🇨🇭, with a main engineering office in Vienna/Austria 🇦🇹 and remote team members from 🇺🇸the US, 🇫🇷FR, 🇬🇧UK, 🇨🇦CA, 🇪🇸ES, and many more countries. 👉Check our Notion Candidate Handbook and our GitHub! This is the right opportunity for a person with 7+ years in a security engineering or security compliance role, experience leading vendor risk assessments and building compliance frameworks from the ground up, a strong background in API design and build, as well as a strong background in DevSecOps, incident response, and pragmatic, risk-driven security leadership.

We are a fast-growing Series A startup building cutting-edge technology to revolutionize cloud development processes and support highly efficient dev&test feedback loops. We’ve closed our last $25mil round in Q4 2024, led by Notable Capital, CRV and Heavybit. At its core, LocalStack provides a high-fidelity emulator and local cloud development platform. Imagine developing cloud applications and data pipelines entirely on your local machine within a lightweight cloud sandbox, running in Docker! Our mission is to empower developers to rapidly build and test their cloud applications, allowing for a more enjoyable dev experience, and saving valuable time and resources. LocalStack has a large and active developer community with over 100k active users worldwide and 290M+ downloads to date. Our customer base ranges from SMBs to Global Fortune 500 companies. We are sustainably growing our globally distributed team across sectors LocalStack is headquartered in Zurich/Switzerland 🇨🇭, with a main engineering office in Vienna/Austria 🇦🇹 and remote team members from 🇺🇸the US, 🇫🇷FR, 🇬🇧UK, 🇨🇦CA, 🇪🇸ES, and many more countries. 👉Check our Notion Candidate Handbook and our GitHub! This is the right opportunity for a person with 7+ years in a security engineering or security compliance role, experience leading vendor risk assessments and building compliance frameworks from the ground up, a strong background in API design and build, as well as a strong background in DevSecOps, incident response, and pragmatic, risk-driven security leadership.

We are a fast-growing Series A startup building cutting-edge technology to revolutionize cloud development processes and support highly efficient dev&test feedback loops. We’ve closed our last $25mil round in Q4 2024, led by Notable Capital, CRV and Heavybit. At its core, LocalStack provides a high-fidelity emulator and local cloud development platform. Imagine developing cloud applications and data pipelines entirely on your local machine within a lightweight cloud sandbox, running in Docker! Our mission is to empower developers to rapidly build and test their cloud applications, allowing for a more enjoyable dev experience, and saving valuable time and resources. LocalStack has a large and active developer community with over 100k active users worldwide and 290M+ downloads to date. Our customer base ranges from SMBs to Global Fortune 500 companies. We are sustainably growing our globally distributed team across sectors LocalStack is headquartered in Zurich/Switzerland 🇨🇭, with a main engineering office in Vienna/Austria 🇦🇹 and remote team members from 🇺🇸the US, 🇫🇷FR, 🇬🇧UK, 🇨🇦CA, 🇪🇸ES, and many more countries. 👉Check our Notion Candidate Handbook and our GitHub! This is the right opportunity for a person with 7+ years in a security engineering or security compliance role, experience leading vendor risk assessments and building compliance frameworks from the ground up, a strong background in API design and build, as well as a strong background in DevSecOps, incident response, and pragmatic, risk-driven security leadership.