Senior Offensive Security Consultant

Summary

Join SpecterOps as a Senior Offensive Security Consultant and contribute to the Consulting Services team as an operator, trainer, and program developer. The role involves conducting offensive security assessments, supporting internal programs, delivering training, and contributing to research and development. Consultants work both onsite and offsite, supporting clients in diverse environments. Success requires excellent technical and soft skills, along with strong organization and self-direction. The position is remote, based in the U.S., with quarterly travel for company events. A competitive salary is offered, commensurate with experience.

Requirements

• Ability to travel domestically and internationally; up to an average of 25% annually
• Must be able to pass a criminal background check
• Desire to embody our core values of passionate curiosity, consistent improvement, empathy, sustainability, humility, and empowerment through transparency

Responsibilities

• Plan and conduct offensive security engagements ranging in size, scope, focus, and approach
• Effectively communicate findings, attack paths, recommendations, and strategy to technical and executive client stakeholders through written reports and verbal presentations
• Build scripts, tools, or methodologies to enhance offensive services
• Serve as a subject matter expert (SME) in one of the following areas: initial access, open-source intelligence analysis, adversary tradecraft, offensive Windows/Linux/macOS operations, evasion operations, or technical capability development
• Utilize common offensive security testing tools and tradecraft
• Stay up to date with cutting-edge adversary tradecraft and vulnerabilities
• Effectively communicate successes and obstacles with fellow team members and team lead(s)
• Interface with client contact(s) and staff in a constructive and professional manner
• Coordinate and prepare for internal and customer facing meetings
• Assist with scoping prospective engagements, participating in technical testing from kickoff through remediation, and mentoring less experienced staff
• Train team members in adversary Tactics, Techniques, and Procedures (TTPs) and tools
• Contribute new or improve existing content for SpecterOps training courses and assist in the delivery of course offerings (instruction, lab support, etc.)

Preferred Qualifications

• Proficient knowledge of offensive security concepts and assessments
• Proficient knowledge of security principles, policies, and industry best practices
• Proficient knowledge of Windows and *NIX-based operating systems
• Proficient knowledge of networking concepts
• Proficient knowledge of Active Directory
• Working knowledge of programming or scripting languages, such as C#/.NET, C++, Python, PowerShell, Bash, etc
• Aptitude for technical writing, including assessment reports, presentations and operating procedures
• Strong written/verbal communication and interpersonal skills
• A clear expert in one or more service lines and/or technical areas
• Experience leading small teams and engagements
• Experience managing multiple projects at once
• Experience communicating with clients and delivering presentations
• Experience independently managing client projects
• Ability to lead and execute majority of offensive security service offerings (e.g., red team, penetration test, web application security assessment, cloud security assessment, offensive maturity assessment, etc.)
• Willingness to develop and deliver training content as a lead course instructor
• Willingness to mentor and train fellow consultants
• Bachelor's degree in a technical field
• Experience participating in and/or leading Fortune 1000 and/or large Federal Government security assessments
• Public community contributions (e.g., conference presentations, blog posts, white papers, public tool development)
• Experience in administering, attacking, or defending Windows/Active Directory, Linux, and/or macOS environments
• Experience in technical writing
• Experience working for a service-based information security consultancy
• Experience developing and/or providing technical training
• Desire to teach and train students in offensive techniques
• Desire to travel internationally and domestically on a more frequent basis

Benefits

• Health/Dental/Vision/life insurance: 100% covered for both the employee and their family
• Flexible time off policy
• 13 paid holidays annually
• 401(k) with up to 4% company match
• Equity and quarterly bonuses based on company performance
• Remote work: $1,500 first year allowance to set up home office
• $500 annual home office allowance after first year
• $1800 annual cell phone and internet reimbursement
• $5,000 annual professional development allowance
• $5,250 towards continuing education or student loan repayment
• $1,200 annual budget for lifestyle, wellness, pet insurance and more
• A one-time $10,000 benefit towards family planning
• Open intellectual property policies; allow researchers to retain rights over open-sourced research & tools
• In person and virtual employee events throughout the year
• And of course, company swag!