Principal Security Consultant (Offensive Services)

Secure Impact Ltd
united kingdom, united kingdom
2 months ago
Create job alert

Job Description: Principal Security Consultant (Offensive Services)


Why Join Secure Impact?


Secure Impact is entering a pivotal and exciting stage of growth. Founded by renowned cybersecurity expert James Lyne and affiliated with the SANS Institute, we are a company that has achieved exceptional feats in just four years. As a purpose-driven team, we focus on high-quality, meaningful offensive security services rather than commoditised penetration testing.


Our team is already highly capable, working on complex penetration testing engagements and now wants to continue to push the boundaries of advanced offensive security. This role is about building on that excellence. We are developing further capabilities for red team assessments and more advanced offensive services that empower organisations to strengthen themselves against attackers in meaningful ways.


This is a rare opportunity to join a team that prides itself on delivering bespoke, manual and creative offensive security services that are purpose driven. At Secure Impact, culture and values are at the core of everything we do. We’re highly collaborative, technically curious, and driven to make a real difference for the organisations we work with.


We are looking for a Principal Security Consultant who shares our vision. You will work closely with and report into the General Manager, lead a talented team of penetration testers, and help shape Secure Impact’s offensive services into the next phase of their evolution. This includes hands-on technical/work delivering offensive services, while mentoring and supporting the upskilling of the team to offer further advanced services which our clients need.


About the Role


This is a management-level role with a balance of hands-on offensive security engagements, mentoring, and operational development. You’ll play a crucial part in shaping Secure Impact’s offensive security team by:


·      Overseeing and delivering exceptional penetration testing and red team engagements.

·      Mentoring and upskilling the team in advanced offensive techniques.

·      Developing internal processes to support operational efficiency, reporting pipelines, and red team-specific frameworks.

·      Fostering a white-glove approach to client relationships, ensuring our engagements continue to deliver real-world impact and insights that go beyond standard deliverables.


If you thrive in an environment that empowers creativity, embraces technical excellence, and rejects the cookie-cutter approach to offensive services, this role will suit you perfectly.


Key Responsibilities


Technical and Operational Excellence


·      Conduct advanced penetration testing engagements, covering:

o  Web and mobile applications.

o  Networks and infrastructure.

o  Foundational and advanced red teaming assessments, and black teaming engagements.

·      Continue to develop and further refine internal processes, including:

o  Reporting pipelines.

o  Red team playbooks and frameworks.

o  Quality assurance for offensive service delivery.

o  Broader operational workflows for offensive service efficiency and innovation.

·      Maintain an attacker’s mindset, ensuring all testing delivers realistic, actionable insights.

·      Ensure engagements align with Secure Impact’s non-commoditised, purpose-driven ethos.


Team Mentoring and Development


·      Mentor the existing team of highly skilled penetration testers, supporting their growth into advanced offensive techniques and foundational red teaming.

·      Align training and upskilling plans with GIAC certifications (e.g., GPEN, GCRT), ensuring a structured path for professional development.

·      Foster a collaborative, high-performance team culture that prioritises innovation, respect for all, technical curiosity, and professionalism.

·      Support the team in delivering high-quality, client-focused results while encouraging creativity and ownership of their work.


Client Engagement and Relationships


·      Act as a trusted technical advisor to clients, delivering clear, actionable findings.

·      Take a white-glove approach to client engagement, tailoring insights and ensuring meaningful impact on client security postures.

·      Build and maintain strong client relationships, including executive-level communication.

·      Support pre-sales activities, including scoping, proposals, and solution development for bespoke engagements.


Business and Financial Oversight


·      Work with the General Manager to assess utilisation and resource allocation to ensure financial goals are met.

·      Work with the General Manager to align offensive services with Secure Impact’s business development strategy.

·      Contribute to evolving Secure Impact’s advanced penetration testing and red teaming offerings.


Qualifications and Skills

·      At least 2 years in a management position, driving team development and operational excellence and being responsible for the quality of your team’s output.

·      At least 5 years of offensive security experience, including penetration testing and advanced offensive engagements.

·      Proven experience in red teaming, adversary emulation, and threat modelling.

·      Proficiency with tools such as Cobalt Strike, Metasploit, Burp Suite, and custom tool development.

  • Proficiency in penetration testing tools and methodologies, particularly asymmetric TTPs and red teaming.
  • Strong understanding of network protocols, operating systems, and security architectures.
  • Experience with scripting and programming languages (e.g., Python, Bash).
  • Knowledge of web application security and common vulnerabilities (e.g., OWASP Top 10).
  • Familiarity with regulatory requirements and industry standards (e.g., PCI-DSS, ISO 27001).
  • Understanding of security testing frameworks and standards such as OSSTMM, OWASP, NIST SP 800-115, and MITRE ATT&CK.
  • Experience with public cloud components and architectures (Azure/AWS preferred).
  • Ability to perform manual penetration testing and not rely solely on automated scanners.


Certifications

·      Preferred certifications include:

o  GIAC: GPEN, GCRT, etc,.

o  OSCP, OSCE.

o  CREST CCT or CHECK Team Lead.


Expectations


  • Lead by example and foster a culture of continuous improvement.
  • Stay updated with the latest security trends and threats.
  • Drive innovation within the team to enhance offensive security capabilities.
  • Ensure timely and accurate reporting of security findings and recommendations.
  • Strong communication skills for engaging both technical and non-technical audiences.
  • A client-first mindset with the ability to build and maintain strong relationships.
  • Financial awareness to monitor and manage team utilisation and resource planning.
  • Excellent command of English language - written and spoken.


What We Offer


·      Training and Growth: Work directly with globally recognised experts, including SANS instructors, and access world-class training, including GIAC certifications and embedded upskilling initiatives.

·      Challenging and Meaningful Work: Engage in manually delivered, high quality and impactful offensive security projects with discerning clients.

·      Culture and Collaboration: Be part of a highly skilled, curious, and ambitious team that values innovation and making a real difference.

·      Flexibility and Wellbeing: Enjoy remote-first working arrangements, private healthcare initiatives and an environment that trusts first.


Compensation


·      Salary: £85,000–£100,000 (dependent on experience).

·      Flexible working arrangements.

·      100% remote (UK based).

·      Private healthcare.

·      28 days holiday plus bank holidays per year.

·      Scope to attend industry events.

·      Fantastic training and development opportunities including platinum standard, globally recognised certifications and courses.

·      Team-focused meet ups and activities.



The Opportunity


This is a unique opportunity to work with a team that is pushing the boundaries of offensive security. At Secure Impact, you’ll work alongside highly skilled individuals, tackling complex, meaningful projects that make a real impact. Our culture fosters technical curiosity, creativity, and excellence. With support from world-class training initiatives and globally recognised experts, this role offers exciting challenges and opportunities for growth.


If you’re ready to contribute to Secure Impact’s vision of impactful, purpose-driven offensive services, we’d love to hear from you.



Related Jobs

View all jobs

Principal Security Consultant (Offensive Services)

Principal Security Consultant

Principal Security Consultant (Offensive Services)

Principal Cloud Security Consultant - Red Team

Principal Cloud Security Consultant - Red Team

Principal Cyber Security Consultant

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Job-Hunting During Economic Uncertainty: Cyber Security Edition

The cybe rsecurity sector sits at the forefront of today’s digital landscape, defending businesses and governments alike from increasingly sophisticated threats. From incident response and network security to cloud protections and zero-trust architectures, cyber security professionals tackle an ever-evolving array of challenges. Yet, even this mission-critical field is not immune to economic turbulence. When broader financial markets experience uncertainty—whether through global recessions, regional downturns, or unexpected macro events—the hiring climate can shift, making roles more selective and budgets tighter. For job seekers in cyber security, this can be disconcerting. You might discover that once-abundant vacancies have become scarce, competition for the remaining positions is fiercer, or company priorities pivot away from large-scale expansions toward essential, cost-justified security projects. At the same time, data breaches and cyberattacks don’t pause during economic slowdowns—if anything, they may escalate as bad actors exploit organizational vulnerabilities. This paradox means that while the market feels tough, demand for cyber security expertise remains robust. In this article, we’ll look at: Why economic uncertainty affects cyber security hiring trends. Strategies for staying competitive, even if the number of open roles shrinks. Methods to highlight your skills, adapt to shifting priorities, and network effectively. Approaches for preserving mental well-being during prolonged searches or uncertain feedback loops. How www.cybersecurityjobs.tech can help you find the ideal security-focused role. By proactively sharpening your skill set, tailoring your professional profile, and engaging with a focused community, you can secure a rewarding cyber security job—even when the broader market feels volatile.

Careers

How to Achieve Work-Life Balance in Cyber Security Jobs: Realistic Strategies and Mental Health Tips

Cyber security is one of today’s most vital and rapidly expanding sectors. As data breaches, ransomware, and other cyber threats continue to evolve, the demand for skilled professionals is surging across industries—from finance and healthcare to government and e-commerce. Whether you’re a penetration tester, security analyst, or threat intelligence expert, you play a key role in safeguarding digital infrastructure and sensitive information. This high-stakes environment, however, often comes with intense pressure. Long hours, constant vigilance, and an ever-changing threat landscape can make it challenging to find time for personal well-being. Many cyber security specialists report difficulty striking a sustainable work-life balance, unsure if it’s even possible in a field that never truly sleeps. Yet, as concerns about mental health and burnout become more pressing, professionals and employers alike are seeking better ways to combine career advancement with a fulfilling personal life. In this comprehensive article, we’ll explore how to achieve a work-life balance in cyber security. You’ll discover strategies for managing 24/7 threat alerts, the importance of realistic expectations, ways to maintain mental health in high-intensity roles, and tips for setting boundaries without compromising your professional growth. Whether you’re new to this dynamic arena or already an established specialist, these insights can help you thrive personally and professionally in the fast-paced world of cyber security.

Careers

Transitioning from Academia to the Cyber Security Industry: How Researchers Can Harness Their Skills to Protect Commercial Environments

Cyber security has become a mission-critical field in an era where data breaches, ransomware attacks, and sophisticated hacking techniques threaten businesses and public institutions alike. As digital transformation touches nearly every facet of modern life, the need for highly skilled individuals capable of defending systems and networks continues to grow. For PhDs and academic researchers with expertise in areas like cryptography, network security, or threat intelligence, this presents an exciting opportunity to deploy your analytical prowess in a high-impact, fast-paced commercial setting. In this guide we’ll explore how academics can successfully pivot from the research lab to the cyber security industry. Learn how to apply rigorous, theory-driven approaches to real-world challenges, from designing secure software architectures to neutralising advanced persistent threats. By embracing the industry’s urgency and end-to-end mindset, you can transform your scholarly insights into robust, market-facing security solutions that protect companies and users on a global scale.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.