Full-Time Principal Consultant - Offensive Security

Principal Consultant on the Offensive Security team assesses and challenges security posture across client portfolios. Utilizes various tools and is a key team member and leader in client engagements. Acts as client's advocate for cybersecurity best practices and provides strong recommendations.

Impact:

• Assists in internal infrastructure design for research, development, and testing.
• Conducts periodic network scans to detect vulnerabilities.
• Performs client penetration testing using open-source, custom, and commercial tools.
• Assists in scoping engagements by articulating penetration approaches and methodologies.
• Generates reports detailing testing, results, and remediation recommendations.
• Develops scripts, tools, and methodologies to automate internal processes.
• Conducts IT application, cybersecurity tool, and systems analysis; system and network administration; systems engineering support.
• Conducts threat hunting and/or compromise assessments.
• Assists leadership in developing security standards and best practices.
• Conducts cyber risk assessments using frameworks like NIST CSF, ISO 27001/2, PCI, CIS Top 20, CMMC, etc.
• Conducts cloud penetration testing engagements.
• Provides recommendations on security measures.

Experience:

• 6+ years of experience with risk assessment tools, technologies, and methods focused on Information Assurance, Information Systems/Network Security, Infrastructure Design, and Vulnerabilities Assessments.
• Experience managing a team of consultants.
• Deep understanding of malicious software (malware, trojans, rootkits).
• Ability to modify exploits manually.
• Knowledge of network, wireless, and web application penetration testing tools and techniques.
• Familiarity with web application penetration testing and code auditing.
• Experience conducting cyber risk assessments.
• Experience with penetration testing, administration, and troubleshooting Linux, Windows, and major cloud providers.
• Experience with scripting and programming.
• Experience with security assessment tools (Nessus, OpenVAS, MobSF, Metasploit, Burp Suite Pro, Cobalt Strike, Bloodhound, Empire).
• Knowledge of application, database, and web server design.
• Knowledge of network vulnerability assessments, web and cloud application security testing, red teaming, security operations, or 'hunt'.
• Knowledge of open security testing standards (OWASP, MITRE ATT&CK).
• Ability to read and use mobile code, malicious code, and anti-virus software.
• Ability to scope new opportunities, draft statements of work, and proposals.
• Knowledge of computer forensic tools, technologies, and methods.
• Ability to contribute to the practice (external presence, public speaking, conferences, publications).
• Possessing credibility, executive presence, and gravitas.
• Potential for understanding business aspects, understanding PANW products.
• Collaboration and relationship building across PANW functions.

Qualifications:

• Bachelor's Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or equivalent experience/military experience.

What is the last date for applying to the job?

Which countries are accepted for this remote job?