Internal Red Team Consultant

About Ricoh

A global leader in digital services, recognised for innovation, sustainability and a people-first culture. We feature in the Gartner Magic Quadrant , are listed in the Global 100 Most Sustainable Companies , and have been named one of Forbes’ World’s Best Employers 2025 .

At Ricoh, we believe people do their best work when they feel valued and supported. We create inclusive workplaces where you can grow, contribute, and make a positive impact while helping to build a more sustainable future.

Find your place. Transform your future

Our purpose is centred on understanding and improving how people work. By focusing on real working experiences, we support individuals to develop their skills, realise their potential and do work that feels meaningful.

People transform when they Love What They Do

This belief sits at the heart of The Ricoh Promise. It guides how we recruit, how we support our people, and how we work together every day, creating an environment where you can grow, feel valued and make a difference.

When you join us, you are encouraged to share your ideas, challenge the way things are done, and work with others to build something better. If you are looking for a place where your voice is heard, your development is supported, and your work feels meaningful, you will feel at home at Ricoh.

We’re hiring an Internal Red Team Consultant in London to design and lead high‑fidelity adversary simulations, validate our detection and response maturity, and provide actionable insights that materially reduce risk.

This role operates at the intersection of threat intelligence, offensive security, and enterprise risk. Partnering closely with senior stakeholders across Europe and shaping how Ricoh anticipates, detects, and responds to advanced threats.

#RicohEurope

What you will be doing

As the Internal Red Team Consultant, you will plan and execute realistic, risk‑aligned red team engagements across digital, physical, and social domains. You will emulate sophisticated threat actors, assess resilience across cloud and on‑prem environments, and translate technical findings into clear business risk and remediation priorities.

You will provide virtual, cross‑functional leadership, coordination of internal and external operators, mentoring practitioners, and integrating outcomes with blue teams, SOC, and incident response. While the role is an individual contributor today, it is expected to evolve to include line management as the capability scales. Operating within legal, ethical, and ISO 27001‑governed parameters, you will deliver second‑line assurance that is rigorous, safe, and business‑relevant.

Key Responsibilities Include

• Plan and lead red team campaigns that assess enterprise detection and response, aligned to current threat intelligence and business risk.
• Develop and execute adversary playbooks mapped to frameworks such as MITRE ATT&CK, including digital, physical, and social engineering vectors.
• Coordinate internal and external resources to run covert, goal‑oriented engagements across cloud, on‑prem, and hybrid environments.
• Conduct controlled exploitation (web, infrastructure, identity, cloud) and demonstrate attack chains, lateral movement, persistence, and exfiltration.
• Partner with blue teams and SOC on purple‑team exercises, tuning detections, improving SIEM/SOAR use cases, and reducing dwell time and MTTR.
• Produce clear, actionable reporting for technical and executive audiences—prioritising business impact, risk, and pragmatic remediation.
• Maintain strict OPSEC and governance , ensuring legal/ethical compliance, ROE adherence, data handling discipline, and auditability.
• Evolve tools, techniques, and procedures (TTPs) , maintain adversary emulation kits, and stay current with APT tradecraft and emerging threats.
• Define KPIs and dashboards to track detection coverage, campaign outcomes, control efficacy, and remediation progress.
• Act as subject matter expert in the CIRT , supporting incident readiness, simulations, and executive briefings.
• Provide virtual leadership and mentorship , fostering a high‑performing, psychologically safe culture of continuous improvement.

You will ideally have

Technical expertise

• Deep hands‑on experience in red team operations and adversary simulation across Windows, Linux, macOS, and cloud (AWS, Azure, GCP).
• Proficiency with red team frameworks and C2 platforms (e.g., Cobalt Strike, Mythic, Sliver) and custom payload/tooling development.
• Strong scripting skills (Python, PowerShell, Bash) and experience automating tradecraft and infrastructure.
• Mastery of OPSEC, detection evasion, OSINT, network discovery, and physical/social engineering techniques.
• Fluency with security testing frameworks and models (MITRE ATT&CK, NIST, Cyber Kill Chain) and mapping findings to detections and controls.

Business and regulatory acumen

• Ability to translate technical attack paths into business risk, articulating financial, operational, and regulatory impact.
• Familiarity with ISO 27001, NIST, GDPR and sector‑specific compliance (e.g., PCI DSS, HIPAA, NERC CIP).
• Experience integrating outcomes with governance, audit, risk registers, and board‑level reporting.

Leadership and interpersonal skills

• Proven experience leading virtual, cross‑functional teams and influencing without direct authority.
• Clear, concise communicator—capable of executive‑level briefings and collaborative debriefs with technical teams.
• High discretion, professionalism, and emotional intelligence when handling sensitive findings.
• Calm under pressure, balanced judgement in live engagements, and a continuous‑improvement mindset.

Qualifications and experience

• Bachelor’s degree in Cyber Security, Computer Science, Information Security, Network Engineering, Digital Forensics, or related field.
• Offensive security certifications— OSCP (minimum), plus one or more of: CRTO , CREST CRT/CCT , GIAC GPEN/GXPN/Red Team Professional ; CEH optional.
• Baseline or enhanced security clearance (vetting) will be required.
• Proven career history in cyber security, including 3–5 years in offensive roles (red team, penetration testing, ethical hacking) and experience leading virtual teams or red team delivery in enterprise environments.
• Experience collaborating with blue teams/SOCs and running purple‑team exercises; familiarity with SIEM, EDR, and SOAR.

In return for your commitment, you can expect

At Ricoh, work should feel meaningful, supportive and fulfilling. The Ricoh Promise shapes your experience through four pillars that bring our culture to life.

Love to Connect

You become part of a global community built on openness, inclusion and genuine collaboration. Across teams, countries and roles, you'll find people who listen, involve and encourage you - helping you feel valued and able to be yourself every day.

Love to Grow

Your development truly matters to us. With access to learning pathways, mentoring and career opportunities across functions and countries, you'll be supported to stretch your skills, explore new directions and stay future-ready in a changing world.

Love to Give Back

Purpose is part of how we work. You'll have opportunities to make a difference through volunteering, sustainability initiatives and community programmes that reflect our shared values and commitment to positive impact.

Love to Succeed

Success at Ricoh is something we pursue together. You'll benefit from fair rewards, flexible working, wellbeing resources and real recognition - including programmes such as the Imagine. Change. Awards, where colleagues celebrate each other's achievements.

We are an equal opportunities employer

We believe that diverse perspectives make us stronger, and we welcome applications from people of all backgrounds, identities, and experiences. Our hiring decisions are based on skills, experience and potential, and we are committed to creating a fair and inclusive recruitment process. If you require any reasonable adjustments at any stage of the recruitment journey, please let us know and we will support you to bring your best self forward.

Ready to love what you do? Apply now and help us shape what comes next.