Title: Senior Consultant, Red Team, Offensive Security Locations London, United Kingdom - Job Identification 21014120 - Job Category Cyber Security - Job Schedule Full time Job Description: In a world of disruption and increasingly complex business challenges, our professionals bring truth into focus with the Kroll Lens. Our sharp analytical skills, paired with the latest technology, allow us to give our clients clarity—not just answers—in all areas of business. We embrace diverse backgrounds and global perspectives, and we cultivate diversity by respecting, including, and valuing one another. As part of One team, One Kroll, you’ll contribute to a supportive and collaborative work environment that empowers you to excel. Our Offensive Security professionals are on a mission to make the world a safer place, one company at a time. We help our clients discover, understand, and remediate security risks across their networks, systems, applications, cloud environments, and identity platforms. Our clients trust us to use advanced offensive security tools, creativity, imagination, and expert knowledge to identify realistic attack paths and improve cyber resilience. We are looking to grow our UK Red Team capability with a Senior Consultant / L3 Red Team Operator. Our expertise in red team operations, purple team engagements, assumed-breach testing, adversary emulation, and threat intelligence-led penetration testing is in high demand. Our collaborative ties to our forensic and incident response team, detection engineering team, threat intelligence team, and wider Cyber Risk practice enable us to deliver high-impact offensive security engagements for clients across a range of sectors. This role will be based in the UK, with a hybrid working model requiring two days per week in one of our UK offices: London, Leeds, or Birmingham. Apply now to join One team, One Kroll. What you’ll do As a Senior Consultant, Red Team Operator, you will support the delivery of complex red team, purple team, assumed-breach, and adversary emulation engagements. You will work with clients to understand their environments, help define realistic attack objectives, develop attack paths, and execute authorised offensive security activity within agreed rules of engagement. You will be expected to operate across a range of attack surfaces, including enterprise networks, Active Directory, Microsoft Entra ID, Microsoft 365, cloud platforms, endpoints, externally exposed services, and, where authorised, social engineering scenarios. You will also help clients understand the business impact of identified attack paths and provide clear, actionable recommendations to improve prevention, detection, and response. In summary, you will: - Deliver red team, purple team, assumed-breach, and adversary emulation engagements for clients across multiple sectors - Support engagement planning, including threat-informed scenarios, attack objectives, rules of engagement, operational security considerations, and success criteria - Execute hands-on offensive activity across enterprise environments, including Active Directory exploitation, credential access, privilege escalation, lateral movement, and objective-based testing - Assess and exploit attack paths across Microsoft Entra ID, Microsoft 365, hybrid identity environments, AWS, Azure, GCP, and other cloud platforms, where in scope - Build, adapt, and operate red team infrastructure, command-and-control tooling, payloads, and scripts during authorised client engagements - Apply detection-aware tradecraft and understand how EDR, SIEM, identity protection, conditional access, email security, and network monitoring can affect red team operations - Support purple team engagements by executing agreed TTPs, working with client security teams, validating detection logic, and helping clients improve response capability - Conduct authorised social engineering activity, including reconnaissance, phishing, vishing, pretext development, and controlled initial access scenarios - Conduct research and development to improve Kroll’s red team tooling, tradecraft, methodology, and reporting - Produce clear, evidence-based reporting that explains attack paths, business impact, detection and response observations, and prioritised remediation actions - Present technical findings to security teams and communicate business risk to senior stakeholders - Mentor junior consultants, support technical delivery, and contribute to peer review and quality assurance - Work collaboratively with Kroll’s wider Cyber Risk teams, including incident response, threat intelligence, cloud security, and detection engineering What you’ll need to succeed - 5+ years in offensive cybersecurity, including experience delivering red team, purple team, adversary emulation, or assumed-breach engagements - Existing SC clearance, or the ability and willingness to obtain SC clearance - A relevant CREST red team certification aligned to CBEST-style delivery, such as CREST Certified Red Team Specialist, formerly CCSAS, or the ability to obtain this within the probation period - Strong experience with Windows enterprise environments, Active Directory exploitation, privilege escalation, and lateral movement - Experienced and comfortable with performing social engineering techniques in support of red team operations, including email and voice phishing - Experience operating command-and-control frameworks such as, Mythic, Cobalt Strike, or similar tooling in authorised client engagements - Experience developing, modifying, or extending offensive security tooling, scripts, or payloads - Working knowledge of at least one of C, C#, Python, PowerShell, and/or JavaScript, to support offensive security objectives - Practical understanding of evasion techniques, endpoint security controls, operational security, and detection-aware tradecraft - Strong understanding of networking and web protocols, including TCP/IP, DNS, HTTP, HTTPS, and authentication flows - Experience conducting reconnaissance, attack path development, and objective-based testing - Excellent written and verbal communication skills, with the ability to explain complex technical issues clearly to technical and non-technical audiences - The ability to manage risk during live client engagements and operate within agreed rules of engagement - Work remote, but have the ability to come into the office at either London, Leeds, or Birmingham, on occasion for team building or administration Nice to have - CREST Certified Red Team Specialist, OSEP, OSCE3, CRTO, CRTL, GPEN, GXPN, or equivalent experience - Experience delivering CBEST, STAR-FS, TIBER, DORA-aligned, TLPT, or regulated financial-sector red team engagements - Strong working knowledge of Microsoft Entra ID, Microsoft 365, and hybrid identity attack paths - Working knowledge of cloud platforms such as AWS, Azure, or GCP, including identity, privilege escalation, misconfiguration abuse, and cloud-native attack paths - Experience with exploit development, reverse engineering, malware analysis, or assembly-level debugging - Experience with macOS or Linux endpoint tradecraft - Experience with Kubernetes, Docker, CI/CD platforms, DevOps environments, or containerised workloads - Experience with physical security - Experience with employing modern AI tooling to support offensive engagements - Threat intelligence, detection engineering, or incident response experience - Experience writing blogs, presenting at industry events, publishing research, or contributing to offensive security tooling - Experience leading small teams or technical workstreams during complex offensive security engagements In order to be considered for a position, you must formally apply via careers.kroll.com. Kroll is committed to creating an inclusive work environment. We are proud to be an equal opportunity employer and will consider all qualified applicants regardless of gender, gender identity, race, religion, colour, nationality, ethnic origin, sexual orientation, marital status, veteran status, age, or disability.

• Monitor and ensure TPA compliance with operational standards, SLAs, and contractual requirements • Facilitate onboarding new clients and TPA partners • Build relationships with client and partners to ensure clear communication, expectation and align on performance standards. • Lead quarterly and ad-hoc TPA due diligence reviews. • Drive strategic and operational initiatives across internal and external partnerships. • Manage multiple priorities across TPAs and programs. • Collaborate cross-functionally with internal teams. • Serve as escalation point for operational issues with internal partners, vendors and 3rd party providers. • Prepare reports, dashboards, and presentations for review by multiple parties up to and including executive leadership. • Monitor claim funding accounts and reconciliation practices. • Analyze indemnity and expense trends for leakage. • Analyze existing claims data and identify trends or performance gaps (severity, cycle time, litigation rates). • Deliver insights to leadership and external TPA partners. • Facilitate client meeting preparation, reporting, and follow-up actions.

• This role is field-based, and candidates should live within a reasonable distance from the primary city • The Account Consultant position manages sales processes for AbbVie's therapeutic products in accordance with approved marketing plans • Assigned sales goals are achieved through consultative and value based selling techniques coupled with comprehensive account management while implementing the US Marketing Plan • Account Consultants provide technical product knowledge and support to ensure customer adoption of the product portfolio while delivering customer satisfaction • Effective use of sales and data resources will enhance productivity and provide growth to meet or exceed the franchise goals • Complies with required reports, requests, and promotional compliance and effectively manages AbbVie field assets • Promote a product to meet/exceed sales goals in community/private practices as well as hospitals/health systems • Identify/uncover customer needs (training, clinical, operational, reimbursement) and address with appropriate AbbVie resources • Expert delivery of anatomical/procedural information and training, including the appropriate use of anatomical terminology to train injection paradigms/postures while highlighting various anatomical and injection insights and considerations • Provide education and clinical/injection training for residents, fellows, and other key hospital personnel • Collaborate with other Account Specialist to promote the product for approved indications and execute individual, department, or group resident/fellow trainings within hospital/health system accounts • Comply with all company policies, required reports, requests and promotional compliance and effectively manages AbbVie field assets • Effectively utilize AbbVie's sales and data resources to enhance productivity and growth of AbbVie products while implementing U.S. Marketing Plan

Role Description As a YA Consultant, you will provide high quality consulting services relating to property restoration, property defects, casualty, and losses of significance for YA’s customers, which include insurance companies, third-party adjusters and independent businesses and insureds. YA Consultants are responsible for working independently on small projects or on a team in cases of larger losses in an effort to manage each of our clients’ business and operations in defining and controlling costs associated with damaged structures. Consultants are expected to use a large measure of independent judgement, considering, and weighing alternatives when appropriate, taking into account the financial and operational significance of the services you are performing. In This Role, You Will: - Schedule and conduct inspections and field assessments to evaluate structure and property damage for clients. - Review and synthesize relevant information to prepare damage estimates, scopes, and project reports. - Operate on behalf of clients to monitor and manage timelines, expenses, and other factors critical to operational efficiency and cost management during all phases of construction. - Communicate and correspond with clients, insurance companies, adjusters, and insureds. - Participate in regular client meetings and support business development initiatives. - Work independently on smaller projects and as part of a team on larger losses. - Maintain job files, documentation, and other relevant deliverables. - Perform other duties as assigned. Qualifications - Bachelor’s degree or equivalent experience - 3-5 years of relevant construction, restoration, project management or insurance experience - Xactimate experience preferred - Obtainment of WRT certification preferred, working towards industry certifications and credentials - Ability to travel required Benefits - Employee-focused culture - Strong commitment to work-life balance - 100% Remote work - Flexible vacation - Paid family care/sick leave - Parental leave - Comprehensive benefits - 401k w/match Fraudulent Recruitment Alert Please be vigilant against fraudulent recruitment attempts. YA will never ask for personal financial information (such as bank account numbers or identification numbers) via social media or chat-based apps. We also will not request money for the purchase of business equipment or conduct interviews solely via text message. All official email communications regarding your application will come from notify@dayforce.com or directly from a member of our talent team using an @yagroup.com domain name. If you suspect any fraudulent activity, please contact us directly at careers@yagroup.com.