To apply: please send a brief cover letter and your CV to
Please note: this is a UK role and you must be able to legally live and work in the UK. Sponsorship is not an option for this role. Keep an eye out for similar roles in our other locations in the future.
Each year, we deliver a large number of red teaming engagements for a variety of prestigious clients around the world.
The typical delivery time frame is in the region of weeks to months. We start with a threat intelligence phase in order to ensure maximum realism. Then, we move on to a multi scenario attack phase – the red teaming element. Finally, we place great emphasis on detection, response and recovery. We see the blue team as our customer and so we go on site to conduct an incident response maturity assessment with the blue team, at the end of the engagement.


We are looking for the right individual to oversee and manage some of our top tier red teaming engagements (including, but not limited to, STAR, CBEST, GBEST, TBEST, TIBER-EU, iCAST, etc.) from a planning and risk management perspective, with elements of technical project leadership. This is a full time position on our red team, in a CCSAM capacity. You will work alongside some of the industry’s most capable red teamers.


The following qualifications and certifications are expected from the successful candidate:

  • The CREST CCSAM certification is strongly preferred. For the right candidate, we may opt to forego this and provide support to quickly attain it instead, particularly if it was previously held.
  • An existing SC or DV clearance, or the ability to attain at least SC clearance, is required.
  • One or more relevant technical certifications are preferred, but not required. Examples include OSCP, OSCE, CCT, etc.
  • An undergraduate degree is preferred, but not required.


The attributes possessed by successful candidates include:

  • The ability to perform under pressure with challenging expectations. We have to outfox and outrun sophisticated blue teams while maintaining complete integrity.
  • A willingness to occasionally work unsociable working hours – attackers don’t just work 9-5 and sometimes we need to emulate that. The occasional evening phone call with a client undergoing a simulated attack is not unheard of.
  • An enthusiastic approach and the ability to work well within a high performing team, as well as perform to a high standard autonomously, is highly valued.
  • The ability to manage complex engagements and communicate externally at all levels; technical, managerial, executive, etc.
  • An empathetic approach to colleagues and clients. We leave our ego at the door.
  • The ability to multi task. The successful candidate will be working on more than one project at a time.
  • The ability to write high quality technical test plans, executive focused reports, debrief presentations, etc.
  • Advanced speaking and presentation skills.
  • A genuine interest in cyber security as a whole. The successful candidate will keep themselves up to date with this fast paced industry, and enjoy doing so.


Of course, wider security skills and experience are extremely important. The following non-exhaustive list illustrates the type of skills and experience we’re looking for.

  • A background in technical “hands on” elements of the industry, e.g. penetration testing, is preferred. Although this isn’t a heavily technical role, a reasonable level of practical offensive security knowledge and experience is very beneficial.
  • An in depth understanding of risk and governance.
  • Experience managing and/or delivering CBEST and STAR style engagements, many of which have regulatory involvement.
  • A strong understanding of the laws relevant to running simulated attack engagements. As a minimum, familiarity with UK laws is required.
  • A strong understanding of an array of known threat actors, their sophistication levels and their tactics, techniques and procedures for a typical campaign.
  • A strong level of understanding on how different levels of blue team operate, including knowledge of the cyber kill chain, MITRE ATT&CK framework and associated TTPs.
  • 5+ years in the cyber security industry with a demonstrable understanding of current simulated attack frameworks such as CBEST, TIBER-EU, iCAST, STAR, etc.
  • Experience in client facing operations such as scoping, kick off meetings and debriefing at the highest levels for some of the largest organisations in the world.
  • The ability to develop client relationships both inside and outside of Nettitude.

This is a demanding role and competitive remuneration will be offered to the right candidate. If this role sounds exciting to you, apply today and we’ll get back to you with feedback quickly.
To apply: Please send a brief cover letter and your resume to