Red Team Operations Manager

Job Summary

To lead oversee and quality assure the execution of Red Team engagements end-to-end from scoping & planning through execution reporting to debrief and capability development. Ensure that all operations are safe legal technically robust aligned with threat intelligence compliance frameworks and deliver high value to customers. Also act as a subject-matter expert and manager for both operations and sales / client-facing aspects of Red Team services.

Essential Duties and Responsibilities

Engagement & Project Management

• Lead multiple concurrent Red Team engagements across industries.

• Define negotiate and document scope objectives rules of engagement deliverables constraints escalation & approval pathways.

• Oversee milestone planning e.g. kick-offs stand-ups wash-ups strategic debriefs.

• Manage resources e.g. operator assignments tooling support functions.

• Track engagement progress vs objectives adjust as needed (scope creep technical roadblocks changing risk posture).

Technical Leadership & Oversight

• Assess and manage technical risk ensuring that any red team activity minimises risk to customer operations data systems.

• Real-time decision making during operations around TTP deployment bypass of defenses managing detections or unexpected discovery.

• Review and approve attack plans threat modelling intelligence.

• Ensure operators employ strong operational security (OpSec) safe tradecraft evidence collection clean up post-engagement.

• Maintain up-to-date knowledge of Red Team tools adversary TTPs defensive controls detection systems.

Legal Compliance & Ethical Oversight

• Ensure engagements comply with relevant legislation (Computer Misuse / cybercrime laws data protection / privacy laws cross-border implications).

• Ensure proper RoE Authorisation NDAs etc are in place.

• Ethical boundaries are defined and respected (non-disruptive vs destructive operations safety privacy).

• Ensure client teams (Blue White Leadership) are appropriately engaged / informed while preserving operational effectiveness.

• Ensure verifiable trail of evidence documentation of decisions.

Threat Intelligence & Scenario Design

• Ingest threat intelligence (both internal and external) to design realistic adversary scenarios.

• Analyse likely threat actors relevant to the client’s sector geography technology stack.

• Ensure mapping of TTPs to enterprise defensive controls so that bypass or detection assumptions are realistic.

• Define high-level & detailed attack scenarios get buy-in from stakeholders.

Quality Assurance Reporting & Debrief

• Review deliverables for technical quality completeness clarity.

• Approve final reports attack paths and recommendations.

• Ensure reports are actionable mapped to risks business impact prioritisation and are defensible.

• Lead strategic debriefs with clients showing what worked what was detected and what needs improvement.

• Post engagement “wash-up” with lessons learned replay / walkthrough and remediation tracking.

Research Development & Knowledge Sharing

• Mentor Red Team operators in skills tradecraft and OpSec.

• Drive internal research new tools detection evasion environment emulation in cloud OT etc.

• Keep up with CREST (and other) certification standards / best practices.

• Build / maintain knowledge base of TTPs failed vs successful techniques and case studies.

• Input into training playbooks standard operating procedures (SOPs).

• Maintain and evolve capability libraries (TTPs tooling tradecraft detection evasion). Dedicated time will be provided for this.

Sales / Pre-sales & Customer Engagement

• Assist in scoping and proposal of Red Team engagements for prospects.

• Provide subject-matter expert support during sales cycles.

• Help clients understand trade-offs (cost risk duration impact).

• Help articulate the value of Red Team exercises vs other security activities (pen testing bug bounty etc.).

Governance & Stakeholder Management

• Part of “White Team” / engagement control group so monitoring risk ensuring escalation and maintaining safety boundaries.

• Liaise with clients’ internal stakeholders Security Legal Compliance Business Risk IT / DevOps / Ops / Cloud teams.

• Escalate issues when engagements encounter risk detection or adverse business impact.

• Manage communications & approval flows using Attack Approval Chains and Comms Channels.

• Ensure engagements satisfy frameworks/regulatory/compliance requirements applicable to client e.g. FedRAMP STAR / CREST STAR STAR-equivalent DORA TIBER CBEST AASE etc. if applicable.

Education Experience Skills & Abilities

• Extensive experience leading and/or managing Red Team engagements in enterprise environments preferably across multiple industries (e.g. finance critical infrastructure cloud / SaaS / OT).

• Deep technical knowledge of exploitation post-exploitation lateral movement persistence command & control evasion privilege escalation.

• Good knowledge and experience with Blue Team controls e.g. IDS/IPS SIEM EDR NGFW log analysis detection engineering ideally experience in bypassing or evading them safely.

• Solid experience with modern cloud environments (Azure AWS GCP) hybrid / on-premise networks potentially OT/IoT/industrial environments.

• Strong tradecraft / OpSec awareness around how to avoid detection and conduct operations with minimal operational risk.

• Familiarity with CREST / STAR / TIBER etc. and regulatory / compliance requirements in relevant geographies.

• Proven experience in threat intelligence ingestion scenario design mapping to relevant threat actors.

• Excellent written and verbal communication skills and able to produce high quality reports executive summaries interact with senior leadership legal compliance etc..

• Good project / operations management skills with an eye for budgeting scheduling resource allocation interfacing external/internal teams.

• Ability to make real-time decisions under pressure to balance risk vs reward.

• Certifications (nice-to-have): CREST Certified Simulated Attack Manager / Red Team Manager (CCSAM / CCRTM) CREST Certified Red Team Specialist (CCRTS) etc. Plus perhaps technical offensive certs

Working Conditions

The ideal candidate must be able to complete all physical requirements of the job with or without reasonable accommodation.

Sitting and/or standing - Must be able to remain in a stationary position 50% of the time

Carrying and /or lifting - Must be able to carry / move laptop as needed throughout the work day.

Environment - remote work-from-home 100% of the time.

ADA Statement

Bugcrowd is committed to the full inclusion of all qualified individuals. In keeping with our commitment Bugcrowd will take the steps to assure that people with disabilities are provided reasonable accommodations. Accordingly if reasonable accommodation is required to fully participate in the job application or interview process to perform the essential functions of the position and/or to receive all other benefits and privileges of employment please contact HR at [email protected].