Principal Security Consultant (Offensive Services)

Job Description: Principal Security Consultant (Offensive Services) Why Join Secure Impact? Secure Impact is entering a pivotal and exciting stage of growth. Founded by renowned cybersecurity expert James Lyne and affiliated with the SANS Institute, we are a company that has achieved exceptional feats in just four years. As a purpose-driven team, we focus on high-quality, meaningful offensive security services rather than commoditised penetration testing. Our team is already highly capable, working on complex penetration testing engagements and now wants to continue to push the boundaries of advanced offensive security. This role is about building on that excellence. We are developing further capabilities for red team assessments and more advanced offensive services that empower organisations to strengthen themselves against attackers in meaningful ways. This is a rare opportunity to join a team that prides itself on delivering bespoke, manual and creative offensive security services that are purpose driven. At Secure Impact, culture and values are at the core of everything we do. We’re highly collaborative, technically curious, and driven to make a real difference for the organisations we work with. We are looking for a Principal Security Consultant who shares our vision. You will work closely with and report into the General Manager, lead a talented team of penetration testers, and help shape Secure Impact’s offensive services into the next phase of their evolution. This includes hands-on technical/work delivering offensive services, while mentoring and supporting the upskilling of the team to offer further advanced services which our clients need. About the Role This is a management-level role with a balance of hands-on offensive security engagements, mentoring, and operational development. You’ll play a crucial part in shaping Secure Impact’s offensive security team by: · Overseeing and delivering exceptional penetration testing and red team engagements. · Mentoring and upskilling the team in advanced offensive techniques. · Developing internal processes to support operational efficiency, reporting pipelines, and red team-specific frameworks. · Fostering a white-glove approach to client relationships, ensuring our engagements continue to deliver real-world impact and insights that go beyond standard deliverables. If you thrive in an environment that empowers creativity, embraces technical excellence, and rejects the cookie-cutter approach to offensive services, this role will suit you perfectly. Key Responsibilities Technical and Operational Excellence · Conduct advanced penetration testing engagements, covering: o Web and mobile applications. o Networks and infrastructure. o Foundational and advanced red teaming assessments, and black teaming engagements. · Continue to develop and further refine internal processes, including: o Reporting pipelines. o Red team playbooks and frameworks. o Quality assurance for offensive service delivery. o Broader operational workflows for offensive service efficiency and innovation. · Maintain an attacker’s mindset, ensuring all testing delivers realistic, actionable insights. · Ensure engagements align with Secure Impact’s non-commoditised, purpose-driven ethos. Team Mentoring and Development · Mentor the existing team of highly skilled penetration testers, supporting their growth into advanced offensive techniques and foundational red teaming. · Align training and upskilling plans with GIAC certifications (e.g., GPEN, GCRT), ensuring a structured path for professional development. · Foster a collaborative, high-performance team culture that prioritises innovation, respect for all, technical curiosity, and professionalism. · Support the team in delivering high-quality, client-focused results while encouraging creativity and ownership of their work. Client Engagement and Relationships · Act as a trusted technical advisor to clients, delivering clear, actionable findings. · Take a white-glove approach to client engagement, tailoring insights and ensuring meaningful impact on client security postures. · Build and maintain strong client relationships, including executive-level communication. · Support pre-sales activities, including scoping, proposals, and solution development for bespoke engagements. Business and Financial Oversight · Work with the General Manager to assess utilisation and resource allocation to ensure financial goals are met. · Work with the General Manager to align offensive services with Secure Impact’s business development strategy. · Contribute to evolving Secure Impact’s advanced penetration testing and red teaming offerings. Qualifications and Skills · At least 2 years in a management position, driving team development and operational excellence and being responsible for the quality of your team’s output. · At least 5 years of offensive security experience, including penetration testing and advanced offensive engagements. · Proven experience in red teaming, adversary emulation, and threat modelling. · Proficiency with tools such as Cobalt Strike, Metasploit, Burp Suite, and custom tool development. Proficiency in penetration testing tools and methodologies, particularly asymmetric TTPs and red teaming. Strong understanding of network protocols, operating systems, and security architectures. Experience with scripting and programming languages (e.g., Python, Bash). Knowledge of web application security and common vulnerabilities (e.g., OWASP Top 10). Familiarity with regulatory requirements and industry standards (e.g., PCI-DSS, ISO 27001). Understanding of security testing frameworks and standards such as OSSTMM, OWASP, NIST SP 800-115, and MITRE ATT&CK. Experience with public cloud components and architectures (Azure/AWS preferred). Ability to perform manual penetration testing and not rely solely on automated scanners. Certifications · Preferred certifications include: o GIAC : GPEN, GCRT, etc,. o OSCP, OSCE. o CREST CCT or CHECK Team Lead. Expectations Lead by example and foster a culture of continuous improvement. Stay updated with the latest security trends and threats. Drive innovation within the team to enhance offensive security capabilities. Ensure timely and accurate reporting of security findings and recommendations. Strong communication skills for engaging both technical and non-technical audiences. A client-first mindset with the ability to build and maintain strong relationships. Financial awareness to monitor and manage team utilisation and resource planning. Excellent command of English language - written and spoken. What We Offer · Training and Growth: Work directly with globally recognised experts, including SANS instructors, and access world-class training, including GIAC certifications and embedded upskilling initiatives. · Challenging and Meaningful Work: Engage in manually delivered, high quality and impactful offensive security projects with discerning clients. · Culture and Collaboration: Be part of a highly skilled, curious, and ambitious team that values innovation and making a real difference. · Flexibility and Wellbeing: Enjoy remote-first working arrangements, private healthcare initiatives and an environment that trusts first. Compensation · Salary: £85,000–£100,000 (dependent on experience). · Flexible working arrangements. · 100% remote (UK based). · Private healthcare. · 28 days holiday plus bank holidays per year. · Scope to attend industry events. · Fantastic training and development opportunities including platinum standard, globally recognised certifications and courses. · Team-focused meet ups and activities. The Opportunity This is a unique opportunity to work with a team that is pushing the boundaries of offensive security. At Secure Impact, you’ll work alongside highly skilled individuals, tackling complex, meaningful projects that make a real impact. Our culture fosters technical curiosity, creativity, and excellence. With support from world-class training initiatives and globally recognised experts, this role offers exciting challenges and opportunities for growth. If you’re ready to contribute to Secure Impact’s vision of impactful, purpose-driven offensive services, we’d love to hear from you.

Location: UK, GB

Posted Date: 1/14/2025