Offensive Security and Threat Hunt Analyst
Role details
Job location
Tech stack
Job description
Supporting the business and our divisional offices, our Head Office functions cover all departments from our Executive Board through to our support functions such as Group Design and Technical, HR, Health and Safety, IT, Sales and Marketing, Commercial, Procurement, Group Finance, Corporate Affairs, as well as Legal and Company Secretariat. We also have a specialised function - Barratt Partnerships. While the work varies from team to team, our key requirements don't: you must be well organised, extremely helpful and resourceful, and able to use your initiative. You'll understand that what you do is important, and impacts on your team, the department, and the wider business. Reporting to Threat and Vulnerability Management Team Lead, you will deliver continuous, risk-based penetration testing and proactive threat hunting to identify exploitable weaknesses and emerging attacker tactics, techniques and procedures (TTPs), reducing time-to-identify and time-to-remediate.
You will be expected to:
- Scope, plan and execute targeted penetration tests across applications, infrastructure, cloud and identity; produce clear, actionable reports and remediation guidance.
- Coordinate external testing providers; ensure effective use of budget by insourcing baseline testing and validating third-party findings.
- Run hypothesis-driven threat hunts mapped to frameworks such as MITRE ATT&CK; turn findings into detections/playbooks in partnership with SecOps.
- Conduct red-team adversary emulation and purple-team exercises to validate control effectiveness and improve detections, including co-ordination of independent testing teams, internal security and IT teams and the Security Operations Centre.
- Build and maintain a secure lab environment and toolchain for testing and hunt operations; ensure safe handling of exploit code and payloads.
- Track vulnerability closure and control improvements; verify remediation and reduce re-occurrence through lessons learned.
- Stay current on exploits, techniques and security research; propose improvements to hardening and monitoring.
- Contribute to security awareness by summarising offensive findings for non-technical stakeholders without exposing sensitive details.
Requirements
Do you have experience in Technical writing?, * Hands-on offensive security expertise across web/app, infrastructure and cloud; strong knowledge of identity and attack paths.
- Experience with common tooling and scripting (vendor-neutral), plus SIEM query languages for hunt validation.
- Certifications advantageous: OSCP/OSWA/OSWE, CREST CRT/CCT, GIAC (e.g. GPEN/GXPN), or equivalent practical experience.
- Excellent technical writing, communication and stakeholder engagement skills.
- High integrity and safe-testing discipline; meticulous operational security.
Benefits & conditions
We are building an organisation where anyone with drive and talent can pursue the career they want. We are building a culture where anyone, regardless of gender, race, age, sexuality, disability, background or any other characteristic, can progress and be proud to work for us. As part of working for Barratt Redrow PLC and specifically for this role we offer:
- Competitive Salary
- Competitive Bonus Scheme
- Private Medical Cover - Single Cover
- Annual Medical Health Assessment
- 26 days' holiday (increase by 1 day for every 3 years' continuous service up to 29 days)
- Choice of Flexible Benefits
- Enhanced Family Friendly Policies
