Thanks for checking out our job opening; we are excited that YOU are interesteed in learning more about NCC Group.

We are on a mission to make society a safer and more secure place. Our people are the ones who make that possible; a global community of talented individuals working together towards a safer future.

We aim to create an environment where everyone can reach their full potential. We work together, we are brilliantly creative, we embrace difference, and we want you to join in our mission, as a Principal Security Engineer.

Take a look at our website here to learn more about why we’re one of the leading global Cyber Security and Risk Mitigation business… https://www.nccgroup.com/uk/

The Opportunity

The Principal Security Engineer role offers an exciting opportunity to build, support, consultant and deliver our diverse range of technical security services to help clients.

The primary function of the role involves delivering adversary attack emulation to our clients, developing tools and software used for red team operations and penetration testing.

Occasionally the role may involve leading larger client projects. All work should strive to achieve a high level of customer satisfaction. Conducting focused research when not engaged on client billable projects.

You will be working in a team of technical security consultants. It is expected that you will work well in a team and share research to promote knowledge sharing. Knowledge sharing can be achieved through shadowing projects, technical mentoring, technical presentations, sharing tool development, and constructive report QA feedback.

The Challenge

• Red team delivery specialist, technical lead of red team engagements, with other team members to support.

• Ability to develop red team infrastructure using infrastructure as a code, like terraform and ansible.

• Develop and maintain tools and software used for penetration testing, red team operations.

• Ability to write tools in one or more languages such as C, C++, golang, C#, scripting languages, and JavaScript.

• Prior experience with delivering red teaming, adversary emulation.

• Familiarity with frameworks such as CORIE, AASE, iCAST.

• Good understanding of one of the following Active Directory, Amazon IAM, and/or Azure AD.

• Experience with Cobalt Strike, Sliver and other similar tooling.

• Support the red team operators with test case planning and delivery of adversary simulation exercises.

• Proficiency in the use and application of security technologies

• Assist in the identification, resolution and documentation of security vulnerabilities

• Ability to travel to clients’ sites to perform security engagements as required

• Delivering high quality technical services to clients

• Developing skills on internal security projects

Essential Skills

At NCC Group we are passionate about passionate people; someone who wants to join in our mission of making the world safer and more secure, whilst learning new skills and advancing their career forward.

In terms of technical and behavioral capabilities, we are looking for individuals who have experience in the following areas:

• Networking and associated protocol knowledge and experience

• Strong web application, API, and web services testing experience

• Strong infrastructure and cloud penetration testing experience

• Extensive knowledge and experience in attacking enterprise networks, ZTA, cloud networks

• Extensive knowledge and experience in attacking operating system internals – Windows and/or macOS

• Extensive knowledge and experience in bypassing / evading enterprise security controls

• Experience in social engineering skills, phishing, vishing, smishing.

• Experience in defence evasion

• Experience in reverse engineering

• Knowledge of SDLC implementation, Agile CI/CD environments

• Software development or programming abilities

• The following certifications are favourable, such as:

  • Offensive Security Certified Professional (OSCP)

  • Offensive Security Certified Expert (OSCE)

  • Offensive Security Exploitation Expert (OSEE)

  • GIAC Advanced Penetration Tester (GXPN)

  • CREST CCT

  • CREST CRT

  • CREST CCSAS

  • CREST CCSAM

Please do not hesitate to apply.

About NCC Group

The NCC Group family has over 2,000 members located all around the world, providing a trusted advisory service to 15,000 customers. Born in the UK, we have now have offices in North America, Canada, Europe, Asia- Pacific and United Arab Emirates.

We are passionate about helping our customers to protect their brand, value and reputation against the ever-evolving threat landscape. We fuel that passion with investment in our people and our business.

Our values and code of ethics are at the heart of how we operate – we work together, we are brilliantly creative, and we embrace difference. We treat everyone and everything with equal respect.

We want to create an environment where all colleagues feel psychologically, emotionally and physically safe to be authentic, sharing their personal experiences to represent the diversity of the world they live in, and have equal opportunity to achieve their best.

About your application

We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.

If you do not want us to retain your details, please email global.ta@nccgroup.com. All personal data is held in accordance with the NCC Group Privacy Policy. We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.

Please note that this role has background clearance as mandatory due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process.