Posted in

Senior Offensive Security Consultant

Senior Offensive Security Consultant

CompanySpecterOps
LocationUnited States
Salary$100000 – $170000
TypeFull-Time
Degrees
Experience LevelSenior, Expert or higher

Requirements

  • Ability to travel domestically and internationally; up to an average of 25% annually
  • Must be able to pass a criminal background check
  • Desire to embody our core values of passionate curiosity, consistent improvement, empathy, sustainability, humility, and empowerment through transparency

Responsibilities

  • Plan and conduct offensive engagements ranging in size, scope, focus, and approach
  • Effectively communicate findings, attack paths, and recommendations, and strategy to technical and executive client stakeholders through written reports and verbal presentations
  • Build scripts, tools, or methodologies to enhance offensive services
  • Serve as a subject matter expert (SME) in one of the following areas: initial access, intelligence analysis, adversary tradecraft, offensive Windows/Nix/macOS operations, evasion operations, or technical capability development
  • Utilize common offensive security testing tools and tradecraft
  • Stay up to date with cutting-edge adversary tradecraft and vulnerabilities
  • Effectively communicate successes and obstacles with fellow team members and team lead(s)
  • Interface with client contact(s) and staff in a constructive and professional manner
  • Coordinate and prepare for internal and customer facing meetings
  • Assist with scoping prospective engagements, participating in technical testing from kickoff through remediation, and mentoring less experienced staff
  • Train team members in adversary Tactics, Techniques, and Procedures (TTPs) and tools
  • Contribute new or improve existing content for SpecterOps training courses and assist in the delivery of course offerings (instruction, lab support, etc)

Preferred Qualifications

  • Foundational knowledge of offensive security concepts and assessments
  • Foundational knowledge of security principles, policies, and industry best practices
  • Working knowledge of Windows and *NIX-based operating systems
  • Working knowledge of networking concepts
  • Working knowledge of Active Directory
  • Working knowledge of programming or scripting languages, such as C#/.NET, C++, Python, PowerShell, Bash, etc
  • Aptitude for technical writing, including assessment reports, presentations and operating procedures
  • Strong written/verbal communication and interpersonal skills
  • Determination to better self and the overall information security community through research efforts and release through blog posts, conference talk delivery, open-source tool release, and white paper publication
  • Willingness to support delivery of public and private training offerings (e.g., providing lab support, fielding student questions, etc)
  • Foundational knowledge of defensive security concepts and assessments
  • Working knowledge of common regulatory requirements and governance frameworks
  • Proficient with Windows and *NIX-based operating systems and related offensive techniques
  • Proficient with networking concepts and related offensive techniques
  • Proficient with Active Directory and related offensive techniques
  • Ability to lead small to medium sized services and projects
  • Ability to communicate effectively with customers, team members and upper management for project delivery
  • Ability to contribute to the majority of offensive security service offerings (e.g., red team, penetration test, web application security assessment, cloud security assessment, defensive capability test, etc) as part of a team for the full project lifecycle
  • Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy
  • A clear expert in one or more service lines and/or technical areas
  • Ability to lead and execute majority of offensive security service offerings (e.g., red team, penetration test, web application security assessment, cloud security assessment, defensive capability test, etc)
  • Experience leading small teams and engagements
  • Experience managing multiple projects at once
  • Experience communicating with clients and delivering presentations
  • Experience independently managing client projects
  • Willingness to develop and deliver training content as a lead course instructor
  • Willingness to mentor and train fellow consultants