Consultant, Adversary Simulation

Despite its relatively young age, the cyber security industry has already picked up its fair share of commodified services and old school attitudes – doing things a certain way because that’s the way it is.

At JUMPSEC, we believe our clients should not be constrained by what has gone before. We want to help them to find novel and forward-thinking ways of meeting their cyber security needs in the face of a continuously evolving and growing cyber threats. To do this, we work hard to understand our clients and the challenges they face to create tailored solutions and avoid generic, off-the-shelf products and services.

This heavily involves our adversarial simulation team, which provide cutting edge offensive end to end operations to our clients helping to improve detection and response capabilities and uncover novel business risk. The successful candidate will have a couple of years red teaming experience, and will have operated inside hardened environments with modern and tightly configured defensive security solutions. If you’re someone who is always tinkering, and researching new TTPs, get in touch. JUMPSEC's adversarial simulation team has a mixture of on-premise experts and cloud-native specialist, this individual should feel comfortable operating in highly protected and secured environments in both fields.

The successful candidate will also have designed, scoped, and delivered multi-phase red team, purple team, threat-lead penetration testing and threat modelling engagements, and will have an understanding around regulatory testing requirements.

JUMPSEC prides itself on technical research and is seeking someone who will drive consultative research, be willing to contribute to and potentially speak at conferences, and is seeking to be a valued member of our industry. 

The successful candidate must have strong stakeholder management skills and proven adaptability, able to flex existing approaches as well as design and deliver custom solutions aligned to a client’s unique circumstances. At JUMPSEC, we do not choose between having elite technical skills and being an effective consultant, our consultants are expected to excel in both areas. The candidate must possess advanced knowledge of technical principles and a proven ability to problem solve – avoiding reliance on standard, conventional approaches.

Joining JUMPSEC is a fantastic opportunity to grow your professional skills and reputation by taking on some of the high-profile projects we have planned. These are going to be large-scale undertakings where you will lead some of our key clients through a process of security transformation, with a mixture of formal projects and deliverables as well as providing them with continuous support as their security partners. These projects will present a challenge both technically and operationally but are a great opportunity for you to hone and showcase your consulting skills. 

Joining JUMPSEC is an opportunity to establish yourself as a thought leader, championing new and improved ways of working to grow both your own and JUMPSEC's reputation within the cyber security industry and beyond.

Whilst this role will be mainly part of the adversarial simulation team, there will be times in which you are required to carry out penetration testing and other security assurance services as well.

Key requirements: 

• Lead and conduct comprehensive red and purple teaming exercises - we aren't just looking for someone who just reels off the MITRE Attack Framework, we need someone who is thinking how an attacker would operate and has the consultative skills to draw up a project that meets a client’s specific requirements. This also includes threat modelling and running post debrief workshops with technical and C-level individuals. 
• Simulate advanced persistent threats (APTs) and adversary tactics, techniques, and procedures (TTPs) to assess how well the organisation can detect and respond to these scenarios. 
• Leverage Threat Intelligence (TI) to perform Threat-Led Penetration testing and guidance based off of actionable TI.
• Exploit discovered vulnerabilities to gain access, maintain persistence, follow the cyber kill chain, and then document and report findings in a way that highlights the severity and potential business impact of vulnerabilities.
• Demonstrable technical credentials for a wide range of security assessments (in the adversarial simulation space), including leading, strategic planning and delivery.
• Ability to provide specific technical remediation in addition to properly articulating risk and business impact for non-technical individuals
• Provide detailed reports outlining attack vectors, exploitation steps, findings, and recommended mitigations for both technical and executive stakeholders.
• Work closely with the Blue Team, and other security teams, to improve detection capabilities, response strategies, and incident handling procedures.
• Continuously research and stay up-to-date with emerging threats, attack methodologies, and offensive security tools to refine and enhance red team capabilities.
• Define and lead comprehensive scoping strategies for diverse and complex adversarial assessments.
• Lead and maintain the quality assurance efforts for reports, ensuring accuracy, completeness, and high standards.
• Lead the development and refinement of methodologies, tools, and strategies for advanced penetration testing and red team operations.
• Act as a subject matter expert in offensive security practices, guiding teams and clients on complex security challenges.
• Mentor and coach junior and mid-level consultants, fostering their growth and skills development.
• Collaborate with senior management to set strategic goals and contribute to business development initiatives.

You will have: 

• Led project teams on consultative projects, with experience of delivering a range of adversarial and other security assurance solutions (e.g. Penetration Testing).
• Experience in designing projects with clients to meet a range of business requirements (not limited to transactional or compliance-driven testing).
• Proven ability to work closely with clients and deliver complex consultative projects both individually and working in a team environment.
• Experience assessing whether cyber security tools and processes have been configured and deployed effectively.
• Proven technical credentials and the ability to deliver technical assessments that include but are not limited to: applications, infrastructure, cloud, mobile, IoT, OT, source code review.
• Developing and modifying exploits using a range of offensive tooling.
• Experience delivering adversary simulation work in several major cloud providers. JUMPSEC has an ever increasing specialty in cloud-native red teaming and as such much of the work you will undertake will be across Azure, AWS and GCP environments. 
• Hold, have held or are working towards formal CREST / Cyber Scheme certifications penetration testing such as CTM/CTL or CRT/CCT (or equivalent) and ideally some red team certs such as CRTO, CRTL, CRTM, CARTP, GRTE, ARTE, etc.

Skills: 

• In depth understanding of security and operational risks, threat and vulnerabilities and the ability to provide remedial advice for a range of audiences with various levels of security and technical knowledge.
• Supporting and leading on technical support for the wider business in responding to client requests for information and proposals, and the development of consultancy services - Including scoping and design of complex projects across various technologies and sectors.
• The ability to contribute to internal tooling and open source tooling, research, articles and blog posts that build and demonstrate JUMPSEC’s credibility as a security partner and advisor.

Personal acumen:

• Must be confident and have the ability to hit the ground running.
• Consistently high standards of written and spoken communication and presentation skills (suitable for a board-level audience).
• Demonstrate a passion for and pride in what they do.
• Must drive initiatives to increase the effectiveness, efficiency and value of services.
• A flexible and forward-thinking mindset with regards to security assurance.
• An acumen for building out offensive capabilities within the team and design, build and lead offensive consultancy.

Salary

• Up to 50-70k depending on experience.