Full-Time Principal Consultant, Offensive Security - Remote

The Principal Consultant on the Offensive Security team assesses and challenges the security posture of clients, using various tools and acting as a key team member and leader.

Your Impact:

• Assist in infrastructure development for offensive security research and testing.
• Conduct periodic network scans to detect vulnerabilities.
• Perform client penetration testing using open-source, custom, and commercial tools.
• Assist in scoping engagements by articulating penetration approaches to technical and executive audiences.
• Generate reports detailing testing results and remediation recommendations.
• Develop scripts, tools, and methodologies to automate internal processes.
• Conduct IT application testing, cybersecurity tool analysis, and systems engineering support.
• Conduct threat hunting and compromise assessments using Unit 42 and Palo Alto Networks’ tools.
• Assist in developing security standards and recommend security enhancements.
• Conduct cyber risk assessments using frameworks like NIST CSF, ISO 27001/2, PCI, CIS Top 20, and CMMC.
• Conduct cloud penetration testing engagements on AWS, GCP, Azure, containers, etc.
• Provide recommendations on security measures to protect data and systems from cyber-attacks.

Your Experience:

• 6+ years of experience with risk assessment tools and methods focused on Information Assurance and Network Security.
• Experience managing a team of consultants.
• Deep understanding of how malicious software works.
• Ability to modify known and craft custom exploits.
• Strong knowledge of tools and techniques for network, wireless, and web application penetration testing.
• Familiarity with web application penetration testing and code auditing.
• Knowledge and experience in conducting cyber risk assessments using industry standards.
• Experience with penetration testing and administering Linux, Windows, and cloud providers like AWS, GCP, and Azure.
• Experience with scripting using Perl, Python, ruby, bash, C/C++, C#, or Java.
• Experience with security assessment tools like Nessus, OpenVAS, Metasploit, Burp Suite Pro, Cobalt Strike, and Bloodhound.
• Knowledge of application, database, and web server design and implementation.
• Knowledge of network vulnerability assessments, web and cloud application security testing, and security operations.
• Ability to read and use the results of mobile code, malicious code, and anti-virus software.
• Ability to scope new opportunities with prospective clients.
• Knowledge of computer forensic tools, technologies, and methods.
• Bachelor’s Degree in Information Security, Computer Science, or equivalent experience.

What is the last date for applying to the job?

Which countries are accepted for this remote job?