Security Consultant

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.

Summary

GuidePoint Security’s Threat & Attack Simulation Practice provides attack-oriented professional services, Red Teaming, Purple Teaming, Network Penetration Testing, Cloud Penetration Testing, Social Engineering, and various ad hoc custom assessments to address unique information security concerns for clients.

As a Security Consultant, you will be a technically adept and reliable team member who leverages your knowledge, skills, and experience to deliver exceptional results to clients for the Practice’s core professional service offerings and help shape the practice's future. Your primary responsibilities revolve around performing challenging and complex assessments, sharing knowledge with team members, and contributing to growth and improvement.

Security Consultants are encouraged to interact with the Threat & Attack Simulation Leadership Team and contribute to the Practice's future success. GuidePoint Security’s Threat & Attack Simulation service offerings are perpetually evolving in response to emerging threats and diverse client needs. Your creativity and expertise will assist the Practice by adapting to this rapidly changing environment.

Role and Responsibilities

• Deliver Threat & Attack Simulation's professional services, including but not limited to Vulnerability Assessments, Internal and External Penetration Tests, Wireless Security Assessments, Onsite and Remote Social Engineering, and a variety of custom assessments
• Author comprehensive assessment deliverables that are proficiently tailored to both technical and managerial audiences and fully detail the technical execution, core deficiencies, business impact, and realistic remediation strategies
• Utilize automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet the rapidly changing needs of our clients
• Contribute to marketing initiatives via activities such as publishing research, speaking at industry conferences, authoring blog articles and whitepapers, hosting webinars, and developing security tools
• Assist with Practice development, including improving existing offerings
• Perpetually strengthen relevant skills, knowledge, and abilities to stay at the forefront of the information security industry.
• Foster client relationships by providing support, information, and guidance
• Configure, operate, and manage a Breach and Attack Simulation (BAS) or continuous penetration testing platform and report results to relevant stakeholders promptly
• Maintain a strong desire to learn, adapt, and improve along with a rapidly-growing company
• Perform other duties as assigned

Education, Credentials, and Experience

• Lab-based certifications, such as OSCP, OSCE, or practical exercises such as HackTheBox pro labs (Offshore, Cybernetics, etc.)
• Experience with various public cloud components and architectures (AWS, Azure, GCP, etc.)
• InfoSec community involvement, such as conference speaking, blog/ whitepaper authoring, and podcast speaking/producing experience, is strongly preferred.
• Minimum of two (2) years of experience performing offensive/attack- oriented security assessments
• Minimum of one (1) year of experience in an enterprise-level consulting services role
• Over four (4+) combined years of IT and information security experience are preferred.
• Internal operational (non-consulting) experience is strongly preferred.Experience with continuous penetration testing or Breach and Attack Simulation (BAS) platforms is a plus but not required.

• Assess network security posture of enterprise-level infrastructure by utilizing industry-standard approaches for conducting vulnerability assessments and penetration testing
• Possess in-depth knowledge of formal assessment methodologies, as well as when to use intuition to creatively deviate from established processes
• Identify common vulnerabilities through the use of automated tools and practical analysis
• Identify obscure vulnerabilities by leveraging your expertise through manual analysis
• Perform safe and reliable exploitation (to the extent possible) for exploitable vulnerabilities
• Understand network, operating system, and application-based detective and preventative controls and evade and/or circumvent such controls effectively.
• Quickly and efficiently perform post-exploitation activities to fully demonstrate the impact of compromise
• Familiarity with commercial tools, such as Nessus, BurpSuite Pro, intelx.io, Shellter, Cobalt Strike, and Breach and Attack Simulation tools
• Mastery of common open-source tools, such as Nmap, tcpdump/ Wireshark, Metasploit, and the Kali Linux Suite (or equivalent)
• Proficient with scripting languages, such as Python, Bash, PowerShell, Go, etc.
• Proven ability to write code to solve problems and automate tedious and time-consuming tasks during assessments
• Exploit development and reverse engineering experience is strongly preferred
• Assess wireless infrastructures and clients that utilize technologies including 802.11, Zigbee, RFID, and Bluetooth
• Proficiency with web application attacks (e.g., OWASP Top 10) is strongly preferred
• Understanding of modern cloud architectures and common cloud service provider services and offerings
• Excels at both remote (phishing and vishing) and onsite/in-person social engineering attacks, with a focus on obtaining sensitive information, physical access, and/or logical access
• Physical security skills are strongly preferred, including lock picking, evasion of defensive controls, obtaining unauthorized access, and collecting sensitive information.
• Possess a solid understanding of TCP/IP, networking technologies, firewall concepts, and network segmentation
• Possess a solid understanding of operating systems, such as Microsoft, Linux, and various Unix variants, as well as supporting technologies, such as Active Directory and LDAP
• Possess a solid understanding of databases, including vendor-specific technologies, such as MS SQL Server, Oracle, MySQL, and PostgreSQL
• Capable of assessing hardware/IoT devices, including firmware analysis Desire to initiate and conduct research projects
• Familiarity with automation tools such as Ansible

Business/Professional Skills:

• Ability to think outside the box when presented with complex problems
• Contributions to the information security community are strongly preferred, such as conference speaking, blog articles/white papers, and/ or podcasts
• Prizes continuous improvement and desires to aid with practice development as much as personal growth
• Possess a desire to mentor other team members and have a passion for sharing knowledge
• Ability to professionally interact with clients and maintain composure while resolving difficult situations
• Self-motivated and able to work independently, as well as being a reliable addition to team projects
• Ability to effectively multitask and efficiently manage time when simultaneously working on multiple projects
• Highly reliable and able to complete complex projects without significant oversight or supervision
• Possess a firm understanding of the concept of risk as it relates to a business
• Strong verbal communication skills include clearly articulating thoughts, being persuasive, and delivering presentations and training to technical audiences and all management levels
• Excellent written communication skills for preparing formal deliverables, performing quality assurance reviews, and technical oversight for peers, proposals, training content, and white papers/blog articles
• Comfortable interacting with executive management and conveying technical findings in an appropriate business context

Why GuidePoint?

GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 600 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 2,000 clients.

Firmly-defined core values drive all aspects of the business, which have been paramount to the company’s success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.  

This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.

Some added perks….

• Remote workforce primarily (U.S. based only, some travel may be required for certain positions)
• 100% employer-paid medical and dental premiums with generous employer family contributions
• 11 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment