Red Team Operations Manager

Job Summary

To lead, oversee, and quality assure the execution of Red Team engagements end-to-end from scoping & planning, through execution, reporting, to debrief and capability development. Ensure that all operations are safe, legal, technically robust, aligned with threat intelligence, compliance frameworks, and deliver high value to customers. Also act as a subject-matter expert and manager for both operations and sales / client-facing aspects of Red Team services.

Essential Duties and Responsibilities

Engagement & Project Management

• Lead multiple concurrent Red Team engagements across industries.
• Define, negotiate and document scope, objectives, rules of engagement, deliverables, constraints, escalation & approval pathways.
• Oversee milestone planning e.g. kick-offs, stand-ups, wash-ups, strategic debriefs.
• Manage resources e.g. operator assignments, tooling, support functions.
• Track engagement progress vs objectives, adjust as needed (scope creep, technical roadblocks, changing risk posture).

• Assess and manage technical risk ensuring that any red team activity minimises risk to customer operations, data, systems.
• Real-time decision making during operations around TTP deployment, bypass of defenses, managing detections or unexpected discovery.
• Review and approve attack plans, threat modelling, intelligence.
• Ensure operators employ strong operational security (OpSec), safe tradecraft, evidence collection, clean up post-engagement.
• Maintain up-to-date knowledge of Red Team tools, adversary TTPs, defensive controls, detection systems.

• Ensure engagements comply with relevant legislation (Computer Misuse / cybercrime laws, data protection / privacy laws, cross-border implications).
• Ensure proper RoE, Authorisation, NDAs etc are in place.
• Ethical boundaries are defined and respected (non-disruptive vs destructive operations, safety, privacy).
• Ensure client teams (Blue, White, Leadership) are appropriately engaged / informed while preserving operational effectiveness.
• Ensure verifiable trail of evidence, documentation of decisions.

• Ingest threat intelligence (both internal and external) to design realistic adversary scenarios.
• Analyse likely threat actors relevant to the client’s sector, geography, technology stack.
• Ensure mapping of TTPs to enterprise defensive controls so that bypass or detection assumptions are realistic.
• Define high-level & detailed attack scenarios, get buy-in from stakeholders.

• Review deliverables for technical quality, completeness, clarity.
• Approve final reports, attack paths and recommendations.
• Ensure reports are actionable, mapped to risks, business impact, prioritisation and are defensible.
• Lead strategic debriefs with clients showing what worked, what was detected and what needs improvement.
• Post engagement “wash-up” with lessons learned, replay / walkthrough and remediation tracking.

• Mentor Red Team operators in skills, tradecraft and OpSec.
• Drive internal research, new tools, detection evasion, environment emulation in cloud, OT etc.
• Keep up with CREST (and other) certification standards / best practices.
• Build / maintain knowledge base of TTPs, failed vs successful techniques and case studies.
• Input into training, playbooks, standard operating procedures (SOPs).
• Maintain and evolve capability libraries (TTPs, tooling, tradecraft, detection evasion). Dedicated time will be provided for this.

• Assist in scoping and proposal of Red Team engagements for prospects.
• Provide subject-matter expert support during sales cycles.
• Help clients understand trade-offs (cost, risk, duration, impact).
• Help articulate the value of Red Team exercises vs other security activities (pen testing, bug bounty etc.).

• Part of “White Team” / engagement control group so monitoring risk, ensuring escalation and maintaining safety boundaries.
• Liaise with clients’ internal stakeholders, Security, Legal, Compliance, Business Risk, IT / DevOps / Ops / Cloud teams.
• Escalate issues when engagements encounter risk, detection, or adverse business impact.
• Manage communications & approval flows using Attack Approval Chains and Comms Channels.
• Ensure engagements satisfy frameworks/regulatory/compliance requirements applicable to client e.g. FedRAMP, STAR / CREST STAR, STAR-equivalent, DORA, TIBER, CBEST, AASE, etc. if applicable.

Education, Experience, Skills, & Abilities

• Extensive experience leading and/or managing Red Team engagements in enterprise environments, preferably across multiple industries (e.g. finance, critical infrastructure, cloud / SaaS / OT).
• Deep technical knowledge of exploitation, post-exploitation, lateral movement, persistence, command & control, evasion, privilege escalation.
• Good knowledge and experience with Blue Team controls e.g. IDS/IPS, SIEM, EDR, NGFW, log analysis, detection engineering, ideally experience in bypassing or evading them safely.
• Solid experience with modern cloud environments (Azure, AWS, GCP), hybrid / on-premise networks, potentially OT/IoT/industrial environments.
• Strong tradecraft / OpSec awareness around how to avoid detection and conduct operations with minimal operational risk.
• Familiarity with CREST / STAR / TIBER etc. and regulatory / compliance requirements in relevant geographies.
• Proven experience in threat intelligence ingestion, scenario design, mapping to relevant threat actors.
• Excellent written and verbal communication skills and able to produce high quality reports, executive summaries, interact with senior leadership, legal, compliance etc..
• Good project / operations management skills with an eye for budgeting, scheduling, resource allocation, interfacing external/internal teams.
• Ability to make real-time decisions under pressure, to balance risk vs reward.
• Certifications (nice-to-have): CREST Certified Simulated Attack Manager / Red Team Manager (CCSAM / CCRTM), CREST Certified Red Team Specialist (CCRTS), etc. Plus, perhaps technical offensive certs

Working Conditions

The ideal candidate must be able to complete all physical requirements of the job with or without reasonable accommodation.

Sitting and/or standing - Must be able to remain in a stationary position 50% of the time

Carrying and /or lifting - Must be able to carry / move laptop as needed throughout the work day.

Environment - remote, work-from-home 100% of the time.

ADA Statement

Bugcrowd is committed to the full inclusion of all qualified individuals. In keeping with our commitment, Bugcrowd will take the steps to assure that people with disabilities are provided reasonable accommodations. Accordingly, if reasonable accommodation is required to fully participate in the job application or interview process, to perform the essential functions of the position, and/or to receive all other benefits and privileges of employment, please contact HR at [email protected].