Red Team Penetration Tester

At CCL Solutions Group, we don’t just simulate adversaries — we think like them.

Home based

We’re looking for an experienced and highly motivated Red Team Operator to join our growing offensive security capability. You will play a central role in simulating sophisticated adversaries against some of the UK's most secure and critical infrastructures. This includes assumed breach testing, phishing operations, custom tooling, Active Directory abuse, and advanced detection evasion.

As part of the Red Team, you’ll help shape our tooling, infrastructure, and methodologies while working directly with the Technical Director and high-performance teams across the business.

The successful candidates will have a proven track record in conducting network exploitation operations, to include Red Team operations. Additionally, the candidate will be able to demonstrate in-depth knowledge and experience around computer networking fundamentals, modern threats and vulnerabilities, attack methodologies, and penetration testing tools.

Your key responsibilities for this role will include:

• Deliver full-scope red team operations including initial access, lateral movement, C2 infrastructure deployment, and domain compromise.
• Execute phishing campaigns, payload delivery, and obfuscation techniques tailored to client environments.
• Build and maintain red team infrastructure (redirectors, C2 channels, staging servers).
• Develop or customise offensive tooling, implants, and scripts to bypass EDR/AV and avoid detection.
• Contribute to adversary emulation plans based on TTPs from threat intel (e.g. MITRE ATT&CK, APT profiles).
• Produce clear, detailed, and high-value reports and debriefs for both technical and executive audiences.
• Collaborate with purple/blue teams during detection & response testing phases.
• Assist in building internal training labs, mentoring junior operators, and improving red team SOPs.
• Experience with CBEST/CSTAR or similar threat-led engagements.

This role requires a senior and mature person who can demonstrate the following capabilities:

• Minimum 2 years of experience in red team or adversary simulation operations.
• Strong background in infrastructure penetration testing, Active Directory exploitation, and post-exploitation.
• Demonstrable experience using and modifying C2 frameworks such as Cobalt Strike, Mythic, Brute Ratel, or Sliver.
• Working knowledge of OPSEC principles, egress control evasion, staging techniques, and payload delivery chains.
• Proficiency with PowerShell, Python, C#, or similar for tool creation or adaptation.
• Experience with initial access vectors (phishing, drop boxes, USB attacks) and payload delivery techniques.
• Hands-on knowledge of Active Directory abuse (Kerberoasting, delegation abuse, Golden/Silver ticket attacks).
• Ability to produce client-ready reports and document reproduction steps, risk, and remediation.

Please understand this is not an entry-level role; this is a chance to join a team and lead from the front, developing tool sets, and mentoring junior operatives.

You will thrive in this role if you:

• Think like an adversary and constantly stay ahead of defenders through research, creativity, and adaptability.
• Can plan and execute covert operations with minimal detection, demonstrating strong OPSEC awareness and C2 infrastructure management.
• Have a strong desire to understand and exploit complex enterprise environments — from cloud misconfigurations to AD forests.
• Can articulate complex attack chains in clear, structured documentation and communicate impact to technical and non-technical audiences.
• Are proactive, self-motivated, and comfortable working independently or as part of a highly skilled offensive security team.
• Enjoy mentoring others, contributing to tool development, and pushing the team forward with new tactics, techniques, and procedures.
• Stay calm under pressure, especially during live engagements with executive oversight or defensive team involvement.
• Certifications such as OSCP, OSEP, CRTO, CCT INF, or CCSAS.
• Familiarity with cloud-based exploitation (Azure, AWS IAM misconfigurations, token abuse).
• Experience running phishing campaigns using GoPhish, King Phisher, or custom tooling.
• Malware development or binary modification experience (stagers/loaders).
• Previous blue team collaboration or purple team experience.

• Minimum 5 years UK residency
• Full driving licence
• Satisfactorily pass pre-hire and annual security clearance procedures in accordance with the ACPO(Association of Chief Police Officers) National Vetting Scheme.
• Must hold SC or DV – OR - can attain and hold SC or DV (individuals must hold a minimum of SC (non-negotiable)
• Willing to travel for critical and on-site engagements or client meetings Travel is within the United Kingdom.

CCL is an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, gender reassignment, religion or belief, marital status, or pregnancy and maternity. In applying for a role you acknowledge that your personal data is necessary to consider you for the advertised role. Your information will be processed in accordance with the CCL Group Privacy Notice and retained for a maximum period of 12 months.

If you would like to apply for this role please send us your current cv and a covering email.

CCL Solutions Group is made up of the following companies: CCL (Solutions) Group Ltd (company number 08128980), CCL-Forensics Ltd (company number 05314495), Evidence Talks Limited (company number 04611669), CCL Cyber Solutions Ltd (company number 11316398), CCL (Computer Consultants) Ltd (company number 02049601)