Job SummaryJob SummaryAs a Principal Consultant on the Offensive Security team, you will be a key leader in assessing and challenging the security posture of a diverse client portfolio. You will leverage a variety of advanced tools and methodologies to act as the client's advocate for cybersecurity best practices. This role is critical in providing strong, actionable recommendations to enhance our clients' defenses against sophisticated threats
Key Responsibilities- Conduct comprehensive penetration tests (network, web application, cloud, mobile) to identify and exploit vulnerabilities.
- Develop custom scripts, tools, and methodologies to automate and enhance offensive security engagements and internal processes.
- Lead client engagements, clearly articulating testing approaches and methodologies to both technical and executive audiences.
- Generate detailed reports that communicate test results, identified risks, and concrete remediation recommendations to clients.
- Perform cyber risk assessments using industry frameworks such as NIST CSF, ISO 27001, and CIS Top 20.
- Conduct threat hunting and compromise assessment engagements to identify active or dormant indicators of compromise (IoCs) in client environments.
- Proactively collaborate with internal teams and clients, exchanging information to ensure alignment and accomplish shared security objectives.
- Assist in scoping new opportunities and developing internal infrastructure for offensive security research and development.
Qualifications Required Qualifications- Bachelor's Degree in Information Security, Computer Science, or a related field, or equivalent professional experience.
- 6+ years of professional experience in information security, with a focus on penetration testing and vulnerability assessments.
- Expertise with security assessment tools such as Metasploit, Burp Suite Pro, Cobalt Strike, Nessus, and Bloodhound.
- Proficiency in scripting or programming with languages like Python, PowerShell, Ruby, or C++.
- Demonstrated experience in conducting penetration tests across various environments including Windows, Linux, and cloud platforms (AWS, GCP, Azure).
Preferred Qualifications- Experience managing or mentoring junior consultants on security engagements.
- Certifications such as OSCP, OSCE, GPEN, GWAPT, or GXPN.
- Experience with public speaking, publishing research, or contributing to the security community.
- Knowledge of computer forensic tools, technologies, and incident response methods.
Compensation DisclosureThe compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/com-missioned roles) is expected to be the annual range listed below. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found here.
$151,000.00 - $208,000.00/yr