Red Team Lead

Red Team Lead | Remote (UK Only)

This is a senior technical position for someone who thrives at the intersection of offensive security, threat research, and client advisory. You'll work closely with senior leadership to shape engagements, influence testing methodology, and deliver realistic, intelligence-driven adversary emulation across complex enterprise environments.

This opportunity goes far beyond traditional penetration testing. The successful candidate will play a key role in designing sophisticated attack scenarios, researching emerging threats, and translating real-world attacker behaviour into impactful red team operations

The Opportunity:

As a Red Team Lead, you'll take ownership of advanced adversary simulation engagements from initial planning through to execution and reporting. You'll help define attack hypotheses, model realistic threat actor behaviour, and challenge client assumptions through carefully crafted offensive operations.

You'll be trusted to operate autonomously while collaborating closely with senior technical stakeholders, helping to maintain exceptionally high delivery standards across all engagements.

Key Responsibilities:

• Lead and deliver complex red team and adversary emulation engagements
• Design realistic attack scenarios based on current threat intelligence and adversary tradecraft
• Support engagement planning, attack path development, and operational execution
• Research emerging threat actors, attack techniques, and offensive tooling
• Develop and refine bespoke tactics, techniques, and procedures (TTPs) for client engagements
• Conduct phishing, social engineering, and human-layer attack simulations
• Execute attacks across enterprise and hybrid environments including:
  • Active Directory
  • Microsoft 365
  • Azure
  • AWS
  • Google Cloud
  • Identity platforms and SaaS ecosystems
• Assess and bypass modern security controls using stealth-focused methodologies
• Develop, modify, or enhance offensive tooling and command-and-control infrastructure
• Support purple team exercises and collaborative defensive improvement initiatives
• Produce clear, technically accurate reports that provide meaningful attacker insight and business value

About You:

We're interested in individuals who combine deep technical capability with strong research instincts and client-facing credibility.

You'll likely have:

• Extensive experience delivering or leading red team engagements within large enterprise, government, financial services, or other regulated environments
• Strong understanding of adversary emulation and threat intelligence-led testing
• Experience researching vulnerabilities, attack paths, and exploitation opportunities
• Deep knowledge of Active Directory, hybrid identity, cloud security, and modern enterprise attack surfaces
• The ability to develop or adapt offensive techniques beyond standard frameworks and playbooks
• Experience communicating complex attack scenarios to both technical and executive audiences
• Strong stakeholder management and consulting skills

As a senior member of the team, you'll be expected to:

• Maintain and promote high technical and ethical standards
• Mentor and support the development of less experienced consultants
• Demonstrate sound judgement during complex engagements
• Build trusted relationships with colleagues and clients
• Take ownership of outcomes and drive work to completion
• Contribute to internal research, capability development, and knowledge sharing initiatives

Desirable Experience:

Any of the following would be advantageous:

• Experience emulating named threat actors or advanced persistent threats
• Vulnerability research or proof-of-concept development
• Contributions to open-source security projects
• Conference speaking, technical blogging, or published research
• Experience working within frameworks such as CBEST, GBEST, TIBER-EU, or equivalent threat-led testing methodologies
• Industry-recognised offensive security certifications

If you're passionate about realistic adversary simulation, enjoy pushing beyond conventional testing approaches, and want to influence how offensive security engagements are designed and delivered, we'd be keen to hear from you.

Oscar Associates (UK) Limited is acting as an Employment Agency in relation to this vacancy.

To understand more about what we do with your data please review our privacy policy in the privacy section of the Oscar website.