Offensive Security Team Lead (Purple Team)

We're looking for an experienced and energetic Offensive Security Team Leader to strengthen our cyber defence capability and help lead the technical evolution of our security posture. This role provides deep operational expertise across adversary simulation, purple teaming, threat exposure management, detection validation, and incident response.

You will play a major role in shaping our defensive maturity while acting as Deputy Cyber Security Manager during periods of absence.

As a senior technical authority, you'll lead intelligence‑driven testing and validation of controls across IT, OT, cloud and hybrid environments, ensuring our defences are effective against real‑world adversaries. You'll mentor team members, guide defensive decisions, and help build a high-performance, collaborative cyber security culture.

What you'll do

• Lead adversary‑informed testing and Continuous Threat Exposure Management (CTEM) activities across IT, OT and cloud environments
• Own the Purple Team roadmap, including control validation, detection efficacy testing, attack path analysis and adversary‑driven assurance
• Deliver structured purple team exercises, pen test coordination and ethical hacking initiatives
• Drive development of a robust purple team regime to improve defensive detection, resilience and response capability
• Lead technical analysis of complex security incidents to identify root causes and evaluate control effectiveness
• Provide expert containment and remediation guidance during adversary‑driven events
• Maintain and evolve Digital Forensics and Incident Response (DFIR) capabilities and readiness
• Act as a senior escalation point for the Cyber Security function, MSSPs and external partners during complex investigations
• Analyse threat intelligence from OSINT, commercial feeds and MSSP sources to guide defensive prioritisation
• Use MITRE ATT&CK (including ATT&CK for ICS) to map adversary behaviour to deployed controls, identifying and addressing detection gaps
• Lead threat hunting activities and adversary emulation exercises to validate real‑world defensive performance
• Maintain our Dynamic Security Posture framework and monitor exposure trends
• Partner with Security Engineering to validate secure build standards and architectural assumptions through adversary‑informed testing
• Conduct structured control validation, privilege escalation simulation, lateral movement analysis and segmentation assessment
• Evaluate effectiveness of SIEM, EDR/XDR, NDR, SEG and identity security tooling
• Support blue team maturity by identifying detection weaknesses and enabling measurable improvements
• Provide technical leadership and mentoring across the Cyber Security Team, including apprentices, analysts and engineers
• Deliver clear technical briefings, tabletop exercises and executive presentations on adversary simulation outcomes and defensive maturity
• Act as Deputy Cyber Security Manager, providing operational leadership when required
• Foster collaboration across Security Operations, Security Engineering, IdAM, IT, OT and MSSP partners.

What you'll need

• Demonstrable purple team, adversary simulation and threat hunting experience
• Deep understanding of cyber threats, attack paths and countermeasures
• Advanced experience with MITRE ATT&CK and ATT&CK for ICS
• Expertise analysing complex incidents across Windows, Linux, Unix, cloud and OT environments
• Strong knowledge of enterprise security tooling including SIEM, EDR/XDR, NDR, vulnerability management, secure email and identity controls
• Experience conducting control validation, breach simulation, and detection testing
• Excellent written and verbal communication skills, particularly for technical reporting and senior briefings
• Experience mentoring team members and building technical capability.

Desirable Certifications:

• CREST CRT or equivalent recognised red team / penetration testing certification
• OSCP (Offensive Security Certified Professional) or equivalent advanced offensive certification
• eCPPT (Certified Professional Penetration Tester)
• eCTHP (Certified Threat Hunting Professional)
• GIAC (e.g., GCIA, GCIH, GCED) or equivalent
• EC-Council Certified Incident Handler (ECIH)
• CISSP or equivalent senior level security qualification

What you'll receive

• A combined pension contribution of up to 20%.
• Career progression and professional development opportunities.
• 25 days' holiday rising to 28 with length of service.
• The opportunity to buy up to ten days' holiday and sell up to five every year.
• A healthcare package that allows you to claim back healthcare costs.
• Life assurance of up to eight times your salary.
• A new electric car in exchange for part of your gross salary, subject to conditions.
• Cashback and discounts from more than 3,000 retailers.
• One paid volunteering day each year.
• Enhanced family leave and pay arrangements.
• An interactive health and wellbeing platform.
• Support from mental health first aiders.
• A £1,000 referral fee if you recommend someone to work for us.

Who we are

YTL UK is part of the international YTL Group based in Kuala Lumpur. The UK companies include:

• Wessex Water – one of the top-performing water and sewerage companies in England and Wales, serving 2.9 million people across the South West.
• YTL Developments – a major UK developer currently redeveloping a 350 acre former airfield into an award winning, exciting mix of houses, apartments, schools, commercial space, restaurants and hotels, to make a truly sustainable new community.
• YTL Construction UK – a top 20 UK contractor providing fully integrated services to infrastructure, residential, commercial, industry, energy and environmental sectors.
• YTL Arena – the development and operation of an entertainment complex that includes a 19,000 capacity arena, conferencing and exhibition space.
• Plus a number of other retail, environmental and specialist businesses.

Our people tell us that YTL UK is a great place to work, which is why so many of them stay with us! You will have a unique opportunity to develop and progress your career within such a diverse group.

We are passionate about diversity and inclusion – with that in mind, all applicants are welcome. We are delighted to have signed the Armed Forces Covenant and are a Disability Confident Employer.  

If you require reasonable adjustments to be made during the recruitment process, please inform a member of our Recruitment team.