Red Team Lead
Location: UK (Remote-first with occasional in-person meetups)
At JUMPSEC, we focus on how real attackers operate and help our clients understand where they’re genuinely exposed. We take the time to understand each organisation — its people, environment, and how it actually works. This allows us to design red team engagements that are grounded in context. No generic payloads. No copy-and-paste attack paths. Just intelligence-led adversary simulation that is realistic, relevant, and useful.
We believe attack informs defence. Our work provides defenders with actionable insight into attacker behaviour, enabling them to prioritise detection and response where it matters most.
The Role
We’re looking for a Red Team Lead to play a key role in our adversary simulation capability, working closely with the Technical Director as a trusted technical, research, and consultative partner.
This is not a standard penetration testing role.
You’ll act as a senior technical right-hand, helping to steer delivery, shape engagements, support client relationships, and maintain a consistently high technical bar. You’ll be involved early in engagements—designing realistic attack paths, challenging assumptions, and influencing how adversaries are modelled and simulated.
This role suits someone who actively tracks emerging threat actors, researches new techniques, and enjoys translating real-world attacker behaviour into credible, high-impact red team operations.
Alongside this, you’ll lead full-spectrum, intelligence-led red team engagements across complex enterprise and hybrid environments—from phishing and social engineering through to advanced Active Directory and cloud-native compromise.
What you will be doing:
- Leading and executing end-to-end red team and adversary simulation engagements
- Acting as a technical and research partner to the Technical Director on complex client engagements
- Shaping engagement strategy, attacker hypotheses, and threat-led narratives
- Researching emerging threat actors, tools, and tradecraft, and translating these into realistic emulation
- Developing and refining custom TTPs based on real-world attacker behaviour
- Designing and delivering realistic phishing and social engineering campaigns
- Performing advanced attacks across: Active Directory and hybrid identity environments, Microsoft 365, Azure AD, AWS, GCP, Okta, and SaaS platforms
- Bypassing modern defensive controls (EDR/XDR, MFA) using low-noise, considered techniques
- Developing or adapting tooling for delivery, evasion, and C2
- Supporting purple team exercises to enhance detection and response capability
- Producing high-quality reporting with strong technical accuracy, attacker context, and clear narrative
What we are looking for?
- Proven experience delivering or leading red or purple team engagements in large or regulated environments
- Strong grounding in threat intelligence-led testing and adversary emulation
- Demonstrable experience researching vulnerabilities, abuse paths, or misconfigurations
- Deep understanding of Active Directory, cloud identity, and hybrid enterprise attack surfaces
- Comfortable developing or adapting novel TTPs, beyond standard frameworks
- Confidence acting as a technical authority and trusted advisor to clients
- Strong communication skills, with the ability to explain complex attacker behaviour to both technical and non-technical audiences
How we work:
- We prioritise quality over volume — engagements are carefully designed, not templated
- We operate with high trust and autonomy, with accountability for outcomes
- We take a research-led approach, staying ahead of adversaries
- Collaboration is central — working across red, blue, and leadership teams
- We maintain a low-ego, high-performance culture where ideas are constructively challenged
- Clear, effective communication is essential — internally and with clients
Leadership and behaviour expectations:
- Set and uphold a high technical and ethical standard
- Act as a mentor, supporting the development of others
- Demonstrate sound judgement under pressure
- Build strong, trusted relationships internally and externally
- Take ownership and drive work through to resolution
- Contribute to a culture of continuous improvement and knowledge sharing
What success looks like:
- We prioritise quality over volume — engagements are carefully designed, not templated
- We operate with high trust and autonomy, with accountability for outcomes
- We take a research-led approach, staying ahead of adversaries
- Collaboration is central — working across red, blue, and leadership teams
- We maintain a low-ego, high-performance culture where ideas are constructively challenged
- Clear, effective communication is essential — internally and with clients
Nice to have:
- Experience emulating real-world threat actors
- Hands-on vulnerability research or proof-of-concept development
- Contributions to open-source tools, blogs, whitepapers, or conference talks
- Familiarity with TIBER-EU, CBEST, GBEST, or similar frameworks
- Relevant certifications (e.g. CCRTS or equivalent) — valued but not essential
Growth and development:
- Dedicated training and research budget
- Access to internal labs, CTI, and tooling
- Opportunities to contribute to services, methodology, and tooling development
- Support for conference speaking, publishing, and community contributions
- Clear progression into technical leadership or research specialisation
- Dedicated training and research budget
Benefits:
- Competitive salary (dependent on experience)
- 25 days annual leave + your birthday off
- Annual training and research budget
- Access to red team labs and infrastructure
- Recruitment referral scheme (up to £2,000)
- Company pension
Candidate profile:
- Naturally curious and research-driven
- Comfortable working in complex, ambiguous environments
- Motivated by real-world impact, not checkbox testing
- A strong communicator and problem solver
- Committed to continuous learning and technical excellence
How to apply
If you are interested in applying for this role, please provide a short cover letter outlining your experience and why you would be a good fit for JUMPSEC to [email protected]. Please reference JSRedTeam Lead in the subject line.
For more information on who we are and what we do, please visit www.jumpsec.com.
Whilst we do our utmost to reply to each candidate, we are sometimes inundated with applications, and this can lead to slight delays in replies. If you do not hear back from us within 20 working days, please consider yourself unsuccessful and we thank you for your time and effort in applying for this role.
At JUMPSEC, we believe that great people drive our success, and we embrace diversity and inclusion as integral parts of our company culture. We welcome individuals from all backgrounds, ethnicities, cultures, and genders. Diverse perspectives and ideas contribute to the uniqueness of our brand and enable the creative problem-solving that our clients value. Join us on our mission to create a safer digital world!