Red Team Operations Manager

• Lead, oversee, and quality assure the execution of Red Team engagements end-to-end from scoping & planning, through execution, reporting, to debrief and capability development
• Ensure that all operations are safe, legal, technically robust, aligned with threat intelligence, compliance frameworks, and deliver high value to customers
• Act as a subject-matter expert and manager for both operations and sales / client-facing aspects of Red Team services
• Lead multiple concurrent Red Team engagements across industries
• Define, negotiate and document scope, objectives, rules of engagement, deliverables, constraints, escalation & approval pathways
• Oversee milestone planning e.g. kick-offs, stand-ups, wash-ups, strategic debriefs
• Manage resources e.g. operator assignments, tooling, support functions
• Track engagement progress vs objectives, adjust as needed
• Assess and manage technical risk ensuring that any red team activity minimises risk to customer operations, data, systems
• Real-time decision making during operations around TTP deployment, bypass of defenses, managing detections or unexpected discovery
• Review and approve attack plans, threat modelling, intelligence
• Ensure operators employ strong operational security (OpSec), safe tradecraft, evidence collection, clean up post-engagement
• Maintain up-to-date knowledge of Red Team tools, adversary TTPs, defensive controls, detection systems
• Ensure engagements comply with relevant legislation
• Ensure proper RoE, Authorisation, NDAs etc are in place
• Ethical boundaries are defined and respected
• Ensure client teams are appropriately engaged / informed while preserving operational effectiveness
• Ensure verifiable trail of evidence, documentation of decisions
• Ingest threat intelligence to design realistic adversary scenarios
• Analyse likely threat actors relevant to the client’s sector, geography, technology stack
• Ensure mapping of TTPs to enterprise defensive controls so that bypass or detection assumptions are realistic
• Define high-level & detailed attack scenarios, get buy-in from stakeholders
• Review deliverables for technical quality, completeness, clarity
• Approve final reports, attack paths and recommendations
• Ensure reports are actionable, mapped to risks, business impact, prioritisation and are defensible
• Lead strategic debriefs with clients showing what worked, what was detected and what needs improvement
• Post engagement “wash-up” with lessons learned, replay / walkthrough and remediation tracking
• Mentor Red Team operators in skills, tradecraft and OpSec
• Drive internal research, new tools, detection evasion, environment emulation in cloud, OT etc
• Keep up with CREST (and other) certification standards / best practices
• Build / maintain knowledge base of TTPs, failed vs successful techniques and case studies
• Input into training, playbooks, standard operating procedures (SOPs)
• Maintain and evolve capability libraries
• Assist in scoping and proposal of Red Team engagements for prospects
• Provide subject-matter expert support during sales cycles
• Help clients understand trade-offs
• Help articulate the value of Red Team exercises vs other security activities
• Part of “White Team” / engagement control group so monitoring risk, ensuring escalation and maintaining safety boundaries
• Liaise with clients’ internal stakeholders, Security, Legal, Compliance, Business Risk, IT / DevOps / Ops / Cloud teams
• Escalate issues when engagements encounter risk, detection, or adverse business impact
• Manage communications & approval flows using Attack Approval Chains and Comms Channels
• Ensure engagements satisfy frameworks/regulatory/compliance requirements applicable to client

• Extensive experience leading and/or managing Red Team engagements in enterprise environments, preferably across multiple industries (e.g. finance, critical infrastructure, cloud / SaaS / OT)
• Deep technical knowledge of exploitation, post-exploitation, lateral movement, persistence, command & control, evasion, privilege escalation
• Good knowledge and experience with Blue Team controls e.g. IDS/IPS, SIEM, EDR, NGFW, log analysis, detection engineering, ideally experience in bypassing or evading them safely
• Solid experience with modern cloud environments (Azure, AWS, GCP), hybrid / on-premise networks, potentially OT/IoT/industrial environments
• Strong tradecraft / OpSec awareness around how to avoid detection and conduct operations with minimal operational risk
• Familiarity with CREST / STAR / TIBER etc. and regulatory / compliance requirements in relevant geographies
• Proven experience in threat intelligence ingestion, scenario design, mapping to relevant threat actors
• Excellent written and verbal communication skills and able to produce high quality reports, executive summaries, interact with senior leadership, legal, compliance etc.
• Good project / operations management skills with an eye for budgeting, scheduling, resource allocation, interfacing external/internal teams
• Ability to make real-time decisions under pressure, to balance risk vs reward

Certifications (nice-to-have): CREST Certified Simulated Attack Manager / Red Team Manager (CCSAM / CCRTM), CREST Certified Red Team Specialist (CCRTS), etc. Plus, perhaps technical offensive certs