Red Team Operations Manager

3 days ago

Apply Now

Receive Emails with Similar Jobs

Bugcrowd

WebsiteLinkedInAll Job Openings

Cybersecurity • SaaS • Enterprise

Bugcrowd is a leading platform that provides continuous security testing solutions, enabling organizations to stay ahead of cyberthreats. By leveraging a global community of trusted security researchers, Bugcrowd offers services such as penetration testing as a service, vulnerability disclosure, bug bounty programs, and attack surface management. The company assists industries such as financial services, healthcare, and technology in identifying and prioritizing vulnerabilities, ensuring proactive protection against potential cyber attacks. Driven by data and AI, Bugcrowd's comprehensive approach integrates seamlessly with existing systems to streamline the remediation of security issues, enhancing the overall security posture of its clients.

201 - 500 employees

Founded 2012

🔒 Cybersecurity

☁️ SaaS

🏢 Enterprise

💰 $30M Series D on 2020-04

📋 Description

• Lead multiple concurrent Red Team engagements across industries. • Define, negotiate and document scope, objectives, rules of engagement, deliverables, constraints, escalation & approval pathways. • Oversee milestone planning e.g. kick-offs, stand-ups, wash-ups, strategic debriefs. • Manage resources e.g. operator assignments, tooling, support functions. • Track engagement progress vs objectives, adjust as needed (scope creep, technical roadblocks, changing risk posture). • Assess and manage technical risk ensuring that any red team activity minimises risk to customer operations, data, systems. • Real-time decision making during operations around TTP deployment, bypass of defenses, managing detections or unexpected discovery. • Review and approve attack plans, threat modelling, intelligence. • Ensure operators employ strong operational security (OpSec), safe tradecraft, evidence collection, clean up post-engagement. • Maintain up-to-date knowledge of Red Team tools, adversary TTPs, defensive controls, detection systems. • Ensure engagements comply with relevant legislation (Computer Misuse / cybercrime laws, data protection / privacy laws, cross-border implications). • Ensure proper RoE, Authorisation, NDAs etc are in place. • Ethical boundaries are defined and respected (non-disruptive vs destructive operations, safety, privacy). • Ensure client teams (Blue, White, Leadership) are appropriately engaged / informed while preserving operational effectiveness. • Ensure verifiable trail of evidence, documentation of decisions. • Ingest threat intelligence (both internal and external) to design realistic adversary scenarios. • Analyse likely threat actors relevant to the client’s sector, geography, technology stack. • Ensure mapping of TTPs to enterprise defensive controls so that bypass or detection assumptions are realistic. • Define high-level & detailed attack scenarios, get buy-in from stakeholders. • Review deliverables for technical quality, completeness, clarity. • Approve final reports, attack paths and recommendations. • Ensure reports are actionable, mapped to risks, business impact, prioritisation and are defensible. • Lead strategic debriefs with clients showing what worked, what was detected and what needs improvement. • Post engagement “wash-up” with lessons learned, replay / walkthrough and remediation tracking. • Mentor Red Team operators in skills, tradecraft and OpSec. • Drive internal research, new tools, detection evasion, environment emulation in cloud, OT etc. • Keep up with CREST (and other) certification standards / best practices. • Build / maintain knowledge base of TTPs, failed vs successful techniques and case studies. • Input into training, playbooks, standard operating procedures (SOPs). • Maintain and evolve capability libraries (TTPs, tooling, tradecraft, detection evasion). Dedicated time will be provided for this. • Assist in scoping and proposal of Red Team engagements for prospects. • Provide subject-matter expert support during sales cycles. • Help clients understand trade-offs (cost, risk, duration, impact). • Help articulate the value of Red Team exercises vs other security activities (pen testing, bug bounty etc.). • Part of “White Team” / engagement control group so monitoring risk, ensuring escalation and maintaining safety boundaries. • Liaise with clients’ internal stakeholders, Security, Legal, Compliance, Business Risk, IT / DevOps / Ops / Cloud teams. • Escalate issues when engagements encounter risk, detection, or adverse business impact. • Manage communications & approval flows using Attack Approval Chains and Comms Channels. • Ensure engagements satisfy frameworks/regulatory/compliance requirements applicable to client e.g. FedRAMP, STAR / CREST STAR, STAR-equivalent, DORA, TIBER, CBEST, AASE, etc. if applicable.

🎯 Requirements

• Extensive experience leading and/or managing Red Team engagements in enterprise environments, preferably across multiple industries (e.g. finance, critical infrastructure, cloud / SaaS / OT). • Deep technical knowledge of exploitation, post-exploitation, lateral movement, persistence, command & control, evasion, privilege escalation. • Good knowledge and experience with Blue Team controls e.g. IDS/IPS, SIEM, EDR, NGFW, log analysis, detection engineering, ideally experience in bypassing or evading them safely. • Solid experience with modern cloud environments (Azure, AWS, GCP), hybrid / on-premise networks, potentially OT/IoT/industrial environments. • Strong tradecraft / OpSec awareness around how to avoid detection and conduct operations with minimal operational risk. • Familiarity with CREST / STAR / TIBER etc. and regulatory / compliance requirements in relevant geographies. • Proven experience in threat intelligence ingestion, scenario design, mapping to relevant threat actors. • Excellent written and verbal communication skills and able to produce high quality reports, executive summaries, interact with senior leadership, legal, compliance etc.. • Good project / operations management skills with an eye for budgeting, scheduling, resource allocation, interfacing external/internal teams. • Ability to make real-time decisions under pressure, to balance risk vs reward. • Certifications (nice-to-have): CREST Certified Simulated Attack Manager / Red Team Manager (CCSAM / CCRTM), CREST Certified Red Team Specialist (CCRTS), etc. Plus, perhaps technical offensive certs.

🏖️ Benefits

• Remote, work-from-home 100% of the time • Reasonable accommodations provided for people with disabilities