Title: Senior Consultant, Red Team, Offensive Security Locations London, United Kingdom - Job Identification 21014120 - Job Category Cyber Security - Job Schedule Full time Job Description: In a world of disruption and increasingly complex business challenges, our professionals bring truth into focus with the Kroll Lens. Our sharp analytical skills, paired with the latest technology, allow us to give our clients clarity—not just answers—in all areas of business. We embrace diverse backgrounds and global perspectives, and we cultivate diversity by respecting, including, and valuing one another. As part of One team, One Kroll, you’ll contribute to a supportive and collaborative work environment that empowers you to excel. Our Offensive Security professionals are on a mission to make the world a safer place, one company at a time. We help our clients discover, understand, and remediate security risks across their networks, systems, applications, cloud environments, and identity platforms. Our clients trust us to use advanced offensive security tools, creativity, imagination, and expert knowledge to identify realistic attack paths and improve cyber resilience. We are looking to grow our UK Red Team capability with a Senior Consultant / L3 Red Team Operator. Our expertise in red team operations, purple team engagements, assumed-breach testing, adversary emulation, and threat intelligence-led penetration testing is in high demand. Our collaborative ties to our forensic and incident response team, detection engineering team, threat intelligence team, and wider Cyber Risk practice enable us to deliver high-impact offensive security engagements for clients across a range of sectors. This role will be based in the UK, with a hybrid working model requiring two days per week in one of our UK offices: London, Leeds, or Birmingham. Apply now to join One team, One Kroll. What you’ll do As a Senior Consultant, Red Team Operator, you will support the delivery of complex red team, purple team, assumed-breach, and adversary emulation engagements. You will work with clients to understand their environments, help define realistic attack objectives, develop attack paths, and execute authorised offensive security activity within agreed rules of engagement. You will be expected to operate across a range of attack surfaces, including enterprise networks, Active Directory, Microsoft Entra ID, Microsoft 365, cloud platforms, endpoints, externally exposed services, and, where authorised, social engineering scenarios. You will also help clients understand the business impact of identified attack paths and provide clear, actionable recommendations to improve prevention, detection, and response. In summary, you will: - Deliver red team, purple team, assumed-breach, and adversary emulation engagements for clients across multiple sectors - Support engagement planning, including threat-informed scenarios, attack objectives, rules of engagement, operational security considerations, and success criteria - Execute hands-on offensive activity across enterprise environments, including Active Directory exploitation, credential access, privilege escalation, lateral movement, and objective-based testing - Assess and exploit attack paths across Microsoft Entra ID, Microsoft 365, hybrid identity environments, AWS, Azure, GCP, and other cloud platforms, where in scope - Build, adapt, and operate red team infrastructure, command-and-control tooling, payloads, and scripts during authorised client engagements - Apply detection-aware tradecraft and understand how EDR, SIEM, identity protection, conditional access, email security, and network monitoring can affect red team operations - Support purple team engagements by executing agreed TTPs, working with client security teams, validating detection logic, and helping clients improve response capability - Conduct authorised social engineering activity, including reconnaissance, phishing, vishing, pretext development, and controlled initial access scenarios - Conduct research and development to improve Kroll’s red team tooling, tradecraft, methodology, and reporting - Produce clear, evidence-based reporting that explains attack paths, business impact, detection and response observations, and prioritised remediation actions - Present technical findings to security teams and communicate business risk to senior stakeholders - Mentor junior consultants, support technical delivery, and contribute to peer review and quality assurance - Work collaboratively with Kroll’s wider Cyber Risk teams, including incident response, threat intelligence, cloud security, and detection engineering What you’ll need to succeed - 5+ years in offensive cybersecurity, including experience delivering red team, purple team, adversary emulation, or assumed-breach engagements - Existing SC clearance, or the ability and willingness to obtain SC clearance - A relevant CREST red team certification aligned to CBEST-style delivery, such as CREST Certified Red Team Specialist, formerly CCSAS, or the ability to obtain this within the probation period - Strong experience with Windows enterprise environments, Active Directory exploitation, privilege escalation, and lateral movement - Experienced and comfortable with performing social engineering techniques in support of red team operations, including email and voice phishing - Experience operating command-and-control frameworks such as, Mythic, Cobalt Strike, or similar tooling in authorised client engagements - Experience developing, modifying, or extending offensive security tooling, scripts, or payloads - Working knowledge of at least one of C, C#, Python, PowerShell, and/or JavaScript, to support offensive security objectives - Practical understanding of evasion techniques, endpoint security controls, operational security, and detection-aware tradecraft - Strong understanding of networking and web protocols, including TCP/IP, DNS, HTTP, HTTPS, and authentication flows - Experience conducting reconnaissance, attack path development, and objective-based testing - Excellent written and verbal communication skills, with the ability to explain complex technical issues clearly to technical and non-technical audiences - The ability to manage risk during live client engagements and operate within agreed rules of engagement - Work remote, but have the ability to come into the office at either London, Leeds, or Birmingham, on occasion for team building or administration Nice to have - CREST Certified Red Team Specialist, OSEP, OSCE3, CRTO, CRTL, GPEN, GXPN, or equivalent experience - Experience delivering CBEST, STAR-FS, TIBER, DORA-aligned, TLPT, or regulated financial-sector red team engagements - Strong working knowledge of Microsoft Entra ID, Microsoft 365, and hybrid identity attack paths - Working knowledge of cloud platforms such as AWS, Azure, or GCP, including identity, privilege escalation, misconfiguration abuse, and cloud-native attack paths - Experience with exploit development, reverse engineering, malware analysis, or assembly-level debugging - Experience with macOS or Linux endpoint tradecraft - Experience with Kubernetes, Docker, CI/CD platforms, DevOps environments, or containerised workloads - Experience with physical security - Experience with employing modern AI tooling to support offensive engagements - Threat intelligence, detection engineering, or incident response experience - Experience writing blogs, presenting at industry events, publishing research, or contributing to offensive security tooling - Experience leading small teams or technical workstreams during complex offensive security engagements In order to be considered for a position, you must formally apply via careers.kroll.com. Kroll is committed to creating an inclusive work environment. We are proud to be an equal opportunity employer and will consider all qualified applicants regardless of gender, gender identity, race, religion, colour, nationality, ethnic origin, sexual orientation, marital status, veteran status, age, or disability.