Principal Security Consultant (Red Team)

About Claranet
Founded at the beginning of the dot.com bubble in 1996, our CEO Charles Nasser had a light bulb moment to develop a truly customer-focused IT business. Since then, Claranet has grown from an Internet Service Provider (ISP) in the UK to being one of the leading business modernisation experts, who deliver solutions across 11+ countries.

At Claranet, we’re experienced in implementing progressive technology solutions which help our customers solve their epic business challenges. We’re committed to understanding their problems, delivering answers quickly, and making a lasting impact to their business.

We are agile, focused and experienced in business modernisation. Our approach helps customers make genuine, significant shifts in their business strategy, to deliver financial savings, boost innovation, and create a resilient business. We continually invest in our people and the latest technologies, so our customers get peace of mind knowing that they have access to the best talent and services.

Working for Claranet
Here at Claranet we pride ourselves on going the extra mile for and with our employees (yes, we really mean with). We offer an extensive benefits package that you can tailor to your needs, inclusive of a matching contribution pension scheme, healthcare, insurance, dental, discounted gyms and app supported benefit access.

But what we think makes us different is ‘Team Claranet,’ our dedicated internal part of the business that supports you with matters close to your heart. We proudly support local charities in each of our office locations, support employees with paid charity leave, organise key charity fundraising event per year and have a dedicated committee responsible for supporting employee’s fundraising efforts.

Claranet are one of the 10 founding members of TC4RE (Technology Community for Racial Equality.) Being a part of a group of leading UK technology organisations, we are dedicated to building a more diverse and inclusive workforce.

Our Vision
Our vision is to become the most trusted technology solutions partner; renowned for being the best and brightest, having lasting impact with our customers and delivering exceptional returns to our stakeholders.

Our consultants work on everything from client projects to development work and training, dealing with large corporate penetration tests to gaining credit for published advisories. Technical excellence and customer service are key to our work, you will be passionate about finding vulnerabilities while being happy liaising with customers.

Our team is growing, and we need inspiring people to join us and help us to continue to build a world leading cyber security operation whilst benefiting from the opportunity to fulfil their potential.

Based in INDIA, this work will lead on Red Team projects, including threat hunting work, but will have the opportunity to work on projects with worldwide clients, and will form part of our global team of penetration testers who share research, tooling, experience and collaborate freely on projects.

As a respected training provider and the leading provider of training at Black Hat conferences, our penetration testers also have the option of developing training skills and delivering security training, to both private customers, at our own events, and at leading international conferences.

Essential duties & responsibilities:

• Plan and execute red team assessments to simulate real-world attack scenarios.
• Conduct thorough and realistic red team assessments to identify vulnerabilities in our organization's infrastructure, systems, and applications.
• Collaborate closely with the security team and other stakeholders to define objectives and scope of red team engagements.
• Research and stay up-to-date with the latest attack techniques, tools, and emerging threats to enhance the effectiveness of red teaming activities.
• Develop and execute comprehensive attack scenarios that simulate sophisticated, multi-stage cyber attacks.
• Utilize a variety of tools, technologies, and methodologies to mimic real-world attack vectors, such as social engineering, network exploitation, web application vulnerabilities, and lateral movement.
• Assess the effectiveness of security controls, incident response procedures, and other defensive measures during red team engagements.
• Document and communicate findings, including identified vulnerabilities, attack paths, and recommended remediation measures, in clear and concise reports.
• Collaborate with the security team and relevant stakeholders to prioritize and address identified vulnerabilities and weaknesses.
• Continuously enhance red teaming methodologies, tools, and processes to keep pace with evolving threats and industry best practices.
• Contribute to improving the organization’s overall security posture by providing guidance, expertise, and training to staff members.

Essential:

• 7+ years of experience in information security
• 4+ years of client-facing consulting work experience performing penetration testing.
• Familiarity with common attack vectors, tools, and techniques used by threat actors.
• Develop a comprehensive test plan, including goals, targets, and tactics to mimic real-world cyber threats.
• Conduct simulated cyberattacks, such as phishing, penetration testing, social engineering, and more, to identify vulnerabilities.
• Utilize a wide range of hacking techniques and tools to exploit weaknesses in the organization's defenses.
• Proficiency in programming and scripting languages (e.g., Python, PowerShell, Ruby).
• Strong understanding of network protocols, web applications, and cloud technologies.
• Certifications such as Offensive Security Certified Professional (OSCP) or Certified Ethical Hacker (CEH) are a plus.
• Ability to work independently and as part of a collaborative team, managing multiple engagements simultaneously and meeting deadlines.
• Strong knowledge of various operating systems, network protocols, and security technologies.
• Assess and enhance the effectiveness of red team methodologies and processes.
• Proficiency in using a wide range of offensive security tools, frameworks, and scripting languages (e.g., Metasploit, Cobalt Strike, PowerShell, ) to simulate attacks.
• Excellent analytical and problem-solving skills.
• Excellent communication skills (written and verbal) with an ability to explain complex topics in a clear and concise manner to both technical and non-technical audiences
• Stay proactive in identifying new attack vectors and techniques.
• Knowledge of cloud services and cloud security controls