Senior Offensive Security Consultant

Job description

SpecterOps is looking for a Senior Offensive Security Consultant to work on the Consulting Services team as operators, trainers, and program developers. The Adversary Simulation service line primarily works in large commercial enterprises conducting offensive security assessment services (red team assessments, penetration tests, offensive maturity assessments, web application tests, and specialty security assessments), supporting internal offensive programs, delivering training courses, and supporting research and development efforts. Our consultants work both onsite and offsite in diverse environments supporting our customers, anywhere from developing toolsets in support of operations to briefing executives.

A successful candidate will have excellent technical skills, impeccable soft skills, and be a well-organized, self-directed individual.

Salary Range: Base salary annually, commensurate with experience.

• Senior Consultant - $145,000 - $170,000

Location: This position is remote, based in the U.S. with travel quarterly for in person company events and other ad hoc meetings.

• Candidate must be authorized to work and reside in the United States; we do not currently sponsor immigration visas

Responsibilities

• Plan and conduct offensive security engagements ranging in size, scope, focus, and approach
• Effectively communicate findings, attack paths, recommendations, and strategy to technical and executive client stakeholders through written reports and verbal presentations
• Build scripts, tools, or methodologies to enhance offensive services
• Serve as a subject matter expert (SME) in one of the following areas: initial access, open-source intelligence analysis, adversary tradecraft, offensive Windows/Linux/macOS operations, evasion operations, or technical capability development
• Utilize common offensive security testing tools and tradecraft
• Stay up to date with cutting-edge adversary tradecraft and vulnerabilities
• Effectively communicate successes and obstacles with fellow team members and team lead(s)
• Interface with client contact(s) and staff in a constructive and professional manner
• Coordinate and prepare for internal and customer facing meetings
• Assist with scoping prospective engagements, participating in technical testing from kickoff through remediation, and mentoring less experienced staff
• Train team members in adversary Tactics, Techniques, and Procedures (TTPs) and tools
• Contribute new or improve existing content for SpecterOps training courses and assist in the delivery of course offerings (instruction, lab support, etc.)

Requirements

• Ability to travel domestically and internationally; up to an average of 25% annually
• Must be able to pass a criminal background check
• Desire to embody our core values of passionate curiosity, consistent improvement, empathy, sustainability, humility, and empowerment through transparency

Desired Qualifications:

• Proficient knowledge of offensive security concepts and assessments
• Proficient knowledge of security principles, policies, and industry best practices
• Proficient knowledge of Windows and *NIX-based operating systems
• Proficient knowledge of networking concepts
• Proficient knowledge of Active Directory
• Working knowledge of programming or scripting languages, such as C#/.NET, C++, Python, PowerShell, Bash, etc.
• Aptitude for technical writing, including assessment reports, presentations and operating procedures
• Strong written/verbal communication and interpersonal skills
• A clear expert in one or more service lines and/or technical areas
• Experience leading small teams and engagements
• Experience managing multiple projects at once
• Experience communicating with clients and delivering presentations
• Experience independently managing client projects
• Ability to lead and execute majority of offensive security service offerings (e.g., red team, penetration test, web application security assessment, cloud security assessment, offensive maturity assessment, etc.)
• Willingness to develop and deliver training content as a lead course instructor
• Willingness to mentor and train fellow consultants

Nice to Haves

• Bachelor’s degree in a technical field
• Experience participating in and/or leading Fortune 1000 and/or large Federal Government security assessments
• Public community contributions (e.g., conference presentations, blog posts, white papers, public tool development)
• Experience in administering, attacking, or defending Windows/Active Directory, Linux, and/or macOS environments
• Experience in technical writing
• Experience working for a service-based information security consultancy
• Experience developing and/or providing technical training
• Desire to teach and train students in offensive techniques
• Desire to travel internationally and domestically on a more frequent basis

What We Offer

• Health/Dental/Vision/life insurance: 100% covered for both the employee and their family
• Flexible time off policy
• 13 paid holidays annually
• 401(k) with up to 4% company match
• Equity and quarterly bonuses based on company performance
• Remote work: $1,500 first year allowance to set up home office
• $500 annual home office allowance after first year
• $1800 annual cell phone and internet reimbursement
• $5,000 annual professional development allowance
• $5,250 towards continuing education or student loan repayment
• $1,200 annual budget for lifestyle, wellness, pet insurance and more
• A one-time $10,000 benefit towards family planning
• Open intellectual property policies; allow researchers to retain rights over open-sourced research & tools
• In person and virtual employee events throughout the year
• And of course, company swag!

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. To request reasonable accommodations, please contact us at [email protected]

Unsolicited resumes are not accepted

#LI-REMOTE