Offensive Security Specialist

Offensive Security Specialist
Salford Quays / Staines/ Central London
Flexible / Hybrid working options
Permanent
Salary: £51,200 - £64,000 (Depending on experience & location)
Full time – 37.5 hours per week
We make health happen 
Here you’ll be welcomed. We champion diversity and we understand the importance of our
people representing the communities and customers we serve. You’ll find an inclusive
environment where you can be yourself and where everyone is driven by the same purpose
– helping people live longer, healthier, happier lives and making a better world.
At Bupa, we’re passionate about technology. With colleagues, customers, patients and
residents in mind you’ll have the opportunity to work on innovative projects and make a real
impact on their lives.
Right from the start you’ll become part of our digital strategy, joining us on our journey and
developing yourself along the way.
Role Overview
As an Offensive Security Specialist, you will be part of a team responsible for testing,
measuring, and reporting on the effectiveness of security controls used across the Bupa IT
estate against known adversarial tactics and techniques.  You will do this by designing,
running and analysing the output of assessments utilising our chosen Breach and Attack
Simulation platform and by consuming additional data from multiple sources such as Red
Team and Penetration Testing reports, Vulnerability Scanning platforms, and other tools that
will identify misconfigurations within the Bupa infrastructure that represent a potential
security risk.  You will also perform a leading role in designing test strategies based on the
MITRE ATT&CK framework, using internal and external Threat Intelligence and your own
knowledge and experience of corporate network environments.
What you’ll do:
 Reviewing and analysing findings from multiple data sources to assess their impact
and determine remediation priorities.
 Developing remediation plans for high-priority vulnerabilities, using your offensive
security expertise to identify potential attack paths.
 Collaborating across teams to disrupt those paths effectively, leveraging both your
technical knowledge and that of others.
 Influencing stakeholders including technology owners and remediation teams to
commit to and implement remediation strategies.
 Perform risk analysis on test data to ensure the most critical issues are addressed
first, aligning with frameworks like MITRE ATT&CK and the Unified Kill Chain.
 Use threat intelligence to guide future assessments, ensuring testing is relevant to
current controls and risks.
 Utilise BAS platforms and engage in continuous self-learning through provided
resources to maintain your credibility and expertise.
 Partner with internal and external SMEs across Security Operations, Engineering,
Threat Intelligence, and Vulnerability Management to design effective solutions.
 Mentor and guide colleagues, sharing knowledge and influencing others to resolve
identified weaknesses.
 Lead small projects, ensuring timely and accurate implementation of solutions, and
design unbiased methods to validate their effectiveness.

 Challenge and improve existing processes, contributing to documentation and
reporting using tools like Kibana, Lucene, and Python.
 Communicate technical findings clearly to Risk teams and other stakeholders,
ensuring risks are well understood and documented.
What you’ll bring:
 Experience within any of the following IT Security disciplines:  Security Operations,
Red teaming, Penetration Testing, Security Engineering.  Along with expert
knowledge of various enterprise technologies/infrastructure including network
architectures, operating systems and security controls.
 Confident in their technical expertise and can present themselves as a technically
competent SME.
 Exposure to Security Monitoring and Security Control technologies
 Exposure to Threat Intelligence sources
 Good experience of typical enterprise security services including but not limited to:
 Threat Intelligence
 Penetration testing
 Anti-malware
 Email/SPAM management
 Authentication mechanisms
 SIEM
 WAF
 Firewalls
 Proxy technologies
 IDS/IPS
 DLP
 Has a track record of technical delivery within a fast paced & pressured environment.
 Engages key stakeholders well
 Effective communicator
 'not afraid to ask' mentality
Benefits 
Our benefits are designed to make health happen for our people. Viva is our global wellbeing
programme and includes all aspects of our health – from mental and physical, to financial,
social and environmental wellbeing. We support flexible working and have a range of family
friendly benefits.
 
Joining Bupa in this role you will receive the following benefits and more: 
• 25 days holiday, increasing through length of service, with option to buy or sell
• Bupa health insurance as a benefit in kind
• An enhanced pension plan and life insurance
• Onsite gyms or local discounts where no onsite gym available
• Various other benefits and online discounts
  

Why Bupa? 
We’re a health insurer and provider. With no shareholders, our customers are our focus. Our
people are all driven by the same purpose – helping people live longer, healthier, happier
lives and making a better world. We make health happen by being brave, caring and
responsible in everything we do. 
We encourage all of our people to “Be you at Bupa”, we champion diversity, and we

understand the importance of our people representing the communities and customers we
serve.  That’s why we especially encourage applications from people with diverse
backgrounds and experiences.  
Bupa takes pride in being a Level 2 Disability Confident Employer and will aim to offer an
interview/assessment to disabled applicants who best meet the minimum criteria for the role.
We’re committed to ensuring you’re treated fairly during the recruitment process and offer
reasonable adjustments to anyone who may benefit from accommodations to the recruitment
process.