Senior Consultant, Red Team Operator, Offensive Security, UK
In a world of disruption and increasingly complex business challenges, our professionals bring truth into focus with the Kroll Lens. Our sharp analytical skills, paired with the latest technology, allow us to give our clients clarity—not just answers—in all areas of business. We embrace diverse backgrounds and global perspectives, and we cultivate diversity by respecting, including, and valuing one another. As part of One team, One Kroll, you’ll contribute to a supportive and collaborative work environment that empowers you to excel.
Our Offensive Security professionals are on a mission to make the world a safer place, one company at a time. We help our clients discover, understand, and remediate security risks across their networks, systems, applications, cloud environments, and identity platforms. Our clients trust us to use advanced offensive security tools, creativity, imagination, and expert knowledge to identify realistic attack paths and improve cyber resilience.
We are looking to grow our UK Red Team capability with a Senior Consultant / L3 Red Team Operator. Our expertise in red team operations, purple team engagements, assumed-breach testing, adversary emulation, and threat intelligence-led penetration testing is in high demand. Our collaborative ties to our forensic and incident response team, detection engineering team, threat intelligence team, and wider Cyber Risk practice enable us to deliver high-impact offensive security engagements for clients across a range of sectors.
This role will be based in the UK, with a hybrid working model requiring two days per week in one of our UK offices: London, Leeds, or Birmingham.
Apply now to join One team, One Kroll.
What you’ll do
As a Senior Consultant, Red Team Operator, you will support the delivery of complex red team, purple team, assumed-breach, and adversary emulation engagements. You will work with clients to understand their environments, help define realistic attack objectives, develop attack paths, and execute authorised offensive security activity within agreed rules of engagement.
You will be expected to operate across a range of attack surfaces, including enterprise networks, Active Directory, Microsoft Entra ID, Microsoft 365, cloud platforms, endpoints, externally exposed services, and, where authorised, social engineering scenarios. You will also help clients understand the business impact of identified attack paths and provide clear, actionable recommendations to improve prevention, detection, and response.
In summary, you will:
Deliver red team, purple team, assumed-breach, and adversary emulation engagements for clients across multiple sectors
Support engagement planning, including threat-informed scenarios, attack objectives, rules of engagement, operational security considerations, and success criteria
Execute hands-on offensive activity across enterprise environments, including Active Directory exploitation, credential access, privilege escalation, lateral movement, and objective-based testing
Assess and exploit attack paths across Microsoft Entra ID, Microsoft 365, hybrid identity environments, AWS, Azure, GCP, and other cloud platforms, where in scope
Build, adapt, and operate red team infrastructure, command-and-control tooling, payloads, and scripts during authorised client engagements
Apply detection-aware tradecraft and understand how EDR, SIEM, identity protection, conditional access, email security, and network monitoring can affect red team operations
Support purple team engagements by executing agreed TTPs, working with client security teams, validating detection logic, and helping clients improve response capability
Conduct authorised social engineering activity, including reconnaissance, phishing, vishing, pretext development, and controlled initial access scenarios
Conduct research and development to improve Kroll’s red team tooling, tradecraft, methodology, and reporting
Produce clear, evidence-based reporting that explains attack paths, business impact, detection and response observations, and prioritised remediation actions
Present technical findings to security teams and communicate business risk to senior stakeholders
Mentor junior consultants, support technical delivery, and contribute to peer review and quality assurance
Work collaboratively with Kroll’s wider Cyber Risk teams, including incident response, threat intelligence, cloud security, and detection engineering
What you’ll need to succeed
5+ years in offensive cybersecurity, including experience delivering red team, purple team, adversary emulation, or assumed-breach engagements
Existing SC clearance, or the ability and willingness to obtain SC clearance
A relevant CREST red team certification aligned to CBEST-style delivery, such as CREST Certified Red Team Specialist, formerly CCSAS, or the ability to obtain this within the probation period
Strong experience with Windows enterprise environments, Active Directory exploitation, privilege escalation, and lateral movement
Experienced and comfortable with performing social engineering techniques in support of red team operations, including email and voice phishing
Experience operating command-and-control frameworks such as, Mythic, Cobalt Strike, or similar tooling in authorised client engagements
Experience developing, modifying, or extending offensive security tooling, scripts, or payloads
Working knowledge of at least one of C, C#, Python, PowerShell, and/or JavaScript, to support offensive security objectives
Practical understanding of evasion techniques, endpoint security controls, operational security, and detection-aware tradecraft
Strong understanding of networking and web protocols, including TCP/IP, DNS, HTTP, HTTPS, and authentication flows
Experience conducting reconnaissance, attack path development, and objective-based testing
Excellent written and verbal communication skills, with the ability to explain complex technical issues clearly to technical and non-technical audiences
The ability to manage risk during live client engagements and operate within agreed rules of engagement
Work remote, but have the ability to come into the office at either London, Leeds, or Birmingham, on occasion for team building or administration
Nice to have
CREST Certified Red Team Specialist, OSEP, OSCE3, CRTO, CRTL, GPEN, GXPN, or equivalent experience
Experience delivering CBEST, STAR-FS, TIBER, DORA-aligned, TLPT, or regulated financial-sector red team engagements
Strong working knowledge of Microsoft Entra ID, Microsoft 365, and hybrid identity attack paths
Working knowledge of cloud platforms such as AWS, Azure, or GCP, including identity, privilege escalation, misconfiguration abuse, and cloud-native attack paths
Experience with exploit development, reverse engineering, malware analysis, or assembly-level debugging
Experience with macOS or Linux endpoint tradecraft
Experience with Kubernetes, Docker, CI/CD platforms, DevOps environments, or containerised workloads
Experience with physical security
Experience with employing modern AI tooling to support offensive engagements
Threat intelligence, detection engineering, or incident response experience
Experience writing blogs, presenting at industry events, publishing research, or contributing to offensive security tooling
Experience leading small teams or technical workstreams during complex offensive security engagements
In order to be considered for a position, you must formally apply via careers.kroll.com.
Kroll is committed to creating an inclusive work environment. We are proud to be an equal opportunity employer and will consider all qualified applicants regardless of gender, gender identity, race, religion, colour, nationality, ethnic origin, sexual orientation, marital status, veteran status, age, or disability.
#LI-TM1
#LI-Remote
