Senior Offensive Security Liaison Analyst

As part of the Centre for Threat-Informed Offence, you will lead liaison security operations, supporting Breach & Attack Simulation (BAS) and Red Team activities. Acting as the bridge between Offensive Security and the business, you will coordinate, monitor, and communicate Red Team operations, ensuring alignment with real-world threats. Your role includes validating attack simulations, enhancing security visibility, and refining detection capabilities with Cyber Defence and MDR. With strong technical expertise and communication skills, you will translate findings into actionable insights to strengthen security posture. This is a remote working role, with flexibility to operate from any of our office locations as required.

The Role:

• Hands-on experience in Cyber Defence, Threat Hunting, or Incident Response, with exposure to Red Team or BAS operations.
• Validate and analyse Red Team and BAS findings, ensuring accurate reporting of offensive security activities and their impact on the business.
• Ensure timely correlation and investigation of Red Team activities to assess detection efficacy and minimize risk exposure.
• Safely acquire and preserve forensic evidence related to offensive security exercises, assessing detection gaps, attack paths, and security control effectiveness.
• Strong sysadmin skills (Linux/Windows) and proficiency in scripting/programming (PowerShell, Python) to automate detection and analysis tasks.
• Identify and analyse emerging attack techniques based on internal testing, threat intelligence, and Red Team assessments.
• Collaborate with IT and Cyber Defence teams to ensure Red Team-generated alerts and findings are triaged, actioned, and integrated into detection engineering efforts.
• Correlate offensive security test data with defensive gaps to develop strategic mitigation plans and enhance security controls.
• Routinely update and refine Red Team detection playbooks, ensuring response activities align with threat-informed defence principles and provide comprehensive threat mitigation.

The Requirements:

Qualifications:

• Qualified to degree level, preferably in a business, IT or security related subject.
• Hold and maintain appropriate Information Security professional qualifications, such as CISSP or CISM,, technical security and technology such as CompTIA Network +, Security +, OSCP, CEH or GIAC.
• The role holder will be able to demonstrate a commitment to security and strong environmental awareness through continued professional development and learning.
• Solid understanding of SIEM technologies.
• Scripting and programming skills with proficiency in one or more of the following; PowerShell, Pearl, Python.
• A solid understanding of networking technologies, enterprise wide technologies including database, operating system, web application, middleware, etc.
• Proven ability to work in global collaborative group environment
• Experience working with a high degree of autonomy, managing own workload and delivering to tight timescales
• Strong communication skills, both oral and written.
• Team player with good interpersonal skills.
• Ability to communicate technical concepts to nontechnical disciplines
• Proven experience working with a Security Incident and Event Management solution as an analyst.
• Calm, organised and methodical
• Excellent analytical problem-solving skills
• Agile and responsive approach to meeting business, security and technology objectives and delivering continuous improvement.
• Determine technical/operational impact, root cause(s), scope and nature of the incident to mitigate risk and provide advice on remediation or recommendations
• Comprehensive understanding of security threats, risks and countermeasures and ability to apply in a practical context at all stages of the kill chain
• SIEM investigations.
• Hands-on operational security experience including use of Excel, SQL, DBMS, and open-source tools, as well as shell scripting and programming languages to validate data sets produced in response to security incidents
• Technical understanding including TVM, DLP, APT, SIEM, perimeter security, content filtering, packet flows, IPS/IDS, etc
• In-depth understanding of currently supported versions of Microsoft Windows Server and Active Directory, as well as products such as SCCM and SCOM
• Thorough understanding of technical security countermeasures and awareness of external and internal threat landscape
• Knowledge of security standards, frameworks, regulation and legislation
• Thorough understanding of network protocols, data on the wire, covert channels, ciphers and shell scripting.

Equal Opportunity Employer

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organization. We embrace all types of diversity.

At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a ”hybrid” style, with a mix of remote, in-person and in-office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and “hybrid” is not a one-size-fits-all solution.

We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email candidate.helpdesk@willistowerswatson.com.