Senior Consultant, Red Team, Offensive Security job at Kroll in London, United Kingdom

Job Description

Company: Kroll

Title: Senior Consultant, Red Team, Offensive Security

Locations London, United Kingdom

Job Identification 21014120
Job Category Cyber Security
Job Schedule Full time

Job Description:

In a world of disruption and increasingly complex business challenges, our professionals bring truth into focus with the Kroll Lens. Our sharp analytical skills, paired with the latest technology, allow us to give our clients clarity—not just answers—in all areas of business. We embrace diverse backgrounds and global perspectives, and we cultivate diversity by respecting, including, and valuing one another. As part of One team, One Kroll, you’ll contribute to a supportive and collaborative work environment that empowers you to excel.

Our Offensive Security professionals are on a mission to make the world a safer place, one company at a time. We help our clients discover, understand, and remediate security risks across their networks, systems, applications, cloud environments, and identity platforms. Our clients trust us to use advanced offensive security tools, creativity, imagination, and expert knowledge to identify realistic attack paths and improve cyber resilience.

We are looking to grow our UK Red Team capability with a Senior Consultant / L3 Red Team Operator. Our expertise in red team operations, purple team engagements, assumed-breach testing, adversary emulation, and threat intelligence-led penetration testing is in high demand. Our collaborative ties to our forensic and incident response team, detection engineering team, threat intelligence team, and wider Cyber Risk practice enable us to deliver high-impact offensive security engagements for clients across a range of sectors.

This role will be based in the UK, with a hybrid working model requiring two days per week in one of our UK offices: London, Leeds, or Birmingham.

Apply now to join One team, One Kroll.

What you’ll do

As a Senior Consultant, Red Team Operator, you will support the delivery of complex red team, purple team, assumed-breach, and adversary emulation engagements. You will work with clients to understand their environments, help define realistic attack objectives, develop attack paths, and execute authorised offensive security activity within agreed rules of engagement.

You will be expected to operate across a range of attack surfaces, including enterprise networks, Active Directory, Microsoft Entra ID, Microsoft 365, cloud platforms, endpoints, externally exposed services, and, where authorised, social engineering scenarios. You will also help clients understand the business impact of identified attack paths and provide clear, actionable recommendations to improve prevention, detection, and response.

In summary, you will:

Deliver red team, purple team, assumed-breach, and adversary emulation engagements for clients across multiple sectors

Support engagement planning, including threat-informed scenarios, attack objectives, rules of engagement, operational security considerations, and success criteria

Execute hands-on offensive activity across enterprise environments, including Active Directory exploitation, credential access, privilege escalation, lateral movement, and objective-based testing

Assess and exploit attack paths across Microsoft Entra ID, Microsoft 365, hybrid identity environments, AWS, Azure, GCP, and other cloud platforms, where in scope

Build, adapt, and operate red team infrastructure, command-and-control tooling, payloads, and scripts during authorised client engagements

Apply detection-aware tradecraft and understand how EDR, SIEM, identity protection, conditional access, email security, and network monitoring can affect red team operations

Support purple team engagements by executing agreed TTPs, working with client security teams, validating detection logic, and helping clients improve response capability

Conduct authorised social engineering activity, including reconnaissance, phishing, vishing, pretext development, and controlled initial access scenarios

Conduct research and development to improve Kroll’s red team tooling, tradecraft, methodology, and reporting

Produce clear, evidence-based reporting that explains attack paths, business impact, detection and response observations, and prioritised remediation actions

Present technical findings to security teams and communicate business risk to senior stakeholders

Mentor junior consultants, support technical delivery, and contribute to peer review and quality assurance

Work collaboratively with Kroll’s wider Cyber Risk teams, including incident response, threat intelligence, cloud security, and detection engineering

What you’ll need to succeed

5+ years in offensive cybersecurity, including experience delivering red team, purple team, adversary emulation, or assumed-breach engagements

Existing SC clearance, or the ability and willingness to obtain SC clearance

A relevant CREST red team certification aligned to CBEST-style delivery, such as CREST Certified Red Team Specialist, formerly CCSAS, or the ability to obtain this within the probation period

Strong experience with Windows enterprise environments, Active Directory exploitation, privilege escalation, and lateral movement

Experienced and comfortable with performing social engineering techniques in support of red team operations, including email and voice phishing

Experience operating command-and-control frameworks such as, Mythic, Cobalt Strike, or similar tooling in authorised client engagements

Experience developing, modifying, or extending offensive security tooling, scripts, or payloads

Working knowledge of at least one of C, C#, Python, PowerShell, and/or JavaScript, to support offensive security objectives

Practical understanding of evasion techniques, endpoint security controls, operational security, and detection-aware tradecraft

Strong understanding of networking and web protocols, including TCP/IP, DNS, HTTP, HTTPS, and authentication flows

Experience conducting reconnaissance, attack path development, and objective-based testing

Excellent written and verbal communication skills, with the ability to explain complex technical issues clearly to technical and non-technical audiences

The ability to manage risk during live client engagements and operate within agreed rules of engagement

Work remote, but have the ability to come into the office at either London, Leeds, or Birmingham, on occasion for team building or administration

Nice to have

CREST Certified Red Team Specialist, OSEP, OSCE3, CRTO, CRTL, GPEN, GXPN, or equivalent experience

Experience delivering CBEST, STAR-FS, TIBER, DORA-aligned, TLPT, or regulated financial-sector red team engagements

Strong working knowledge of Microsoft Entra ID, Microsoft 365, and hybrid identity attack paths

Working knowledge of cloud platforms such as AWS, Azure, or GCP, including identity, privilege escalation, misconfiguration abuse, and cloud-native attack paths

Experience with exploit development, reverse engineering, malware analysis, or assembly-level debugging

Experience with macOS or Linux endpoint tradecraft

Experience with Kubernetes, Docker, CI/CD platforms, DevOps environments, or containerised workloads

Experience with physical security

Experience with employing modern AI tooling to support offensive engagements

Threat intelligence, detection engineering, or incident response experience

Experience writing blogs, presenting at industry events, publishing research, or contributing to offensive security tooling

Experience leading small teams or technical workstreams during complex offensive security engagements

In order to be considered for a position, you must formally apply via careers.kroll.com.

Kroll is committed to creating an inclusive work environment. We are proud to be an equal opportunity employer and will consider all qualified applicants regardless of gender, gender identity, race, religion, colour, nationality, ethnic origin, sexual orientation, marital status, veteran status, age, or disability.

Source: Remote.co