Managing Security Consultant-Threat & Attack Simulation- Remote (Anywhere in the U.S.)


GuidePoint Security LLC

View company page

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.


GuidePoint Security’s Threat & Attack Simulation Practice provides attack-oriented professional services, including Penetration Testing, Social Engineering, Red/Purple Teaming, IoT/Hardware Assessments, ICS/OT penetration testing, Active Directory Security Reviews, Vulnerability Assessments, and various ad hoc Custom Assessments to address unique information security concerns for prestigious clients.
As a Managing Security Consultant, you will be a trustworthy and reliable team member who leverages your knowledge, skills, and experience to define the practice's future. Your primary responsibilities will be split between technical and managerial tasks and include providing guidance, leadership, and oversight to your direct reports, refining existing Practice offerings, developing new Practice offerings, assisting with pre-sales activities, and performing technical assessments.
With this role, the expectation is that you will start on the team in a delivery capacity (Senior Consultant) to get comfortable with the team members, the culture, and processes that will give you the opportunity to earn trust and be an effective and empathetic member of the management team.

Role Responsibilities

  • Manage a team of talented information security professionals and clearly communicate unmet needs to practice leadership
  • Deliver Threat & Attack Simulation's professional services as needed to enable your team and cover for busy seasons, unexpected absences and client requests
  • Author and review comprehensive assessment deliverables that are tailored to both technical and managerial audiences with fully detailed technical execution steps, core deficiencies, and realistic remediation strategies
  • Contribute to marketing initiatives via activities such as publishing research, speaking at industry conferences, authoring blog articles and whitepapers, hosting webinars, and developing security tools
  • Support pre-sales activities by providing guidance to the scoping team to enable them to make adjustments to standard project scoping guidelines as needed based on feedback from the delivery team
  • Assist with Practice development, including improving existing offerings, creating new offerings, and mentoring team members
  • Perpetually strengthen relevant skills, knowledge, and abilities to stay at the forefront of the information security industry
  • Foster strong client relationships and represent GuidePoint well by providing interactive and collaborative support, information, and guidance to ensure delivery of maximum value
  • Work closely with delivery team members to address customer concerns and disarm incendiary client interactions by working towards a mutually agreeable solution
  • Maintain a strong desire to learn, adapt, and improve along with a rapidly-growing company
  • Perform typical managerial functions such as performance reviews, expense approvals, time entry approvals, etc. in a timely manner
  • Continue fostering team culture by building relationships with team members and embracing the "No Jerks" culture
  • Unwavering loyalty to a particular word processing tool (e.g. nano, vim, emacs, etc.) and willingness to argue about which is superior on a weekly basis
  • Strong desire to work collectively with the team to mentor, coach, and guide the next generation of professionals
  • Perform other duties as assigned

Education, Credentials, and Experience

  • InfoSec community involvement, such as conference speaking, blog/whitepaper authoring, and podcast speaking/producing experience is preferred, or at least the willingness to try
  • 3+ years of recent penetration testing experience is preferred; penetration testing experience is required
  • Several years of experience delivering work as a consultant and practicing soft skills, interacting with clients, and improving process efficiency and documentation is strongly preferred
  • Experience leading a team of consultants is directly relevant to this role and is preferred, but not explicitly required as long as you are willing to be coached and have very strong consulting and recent penetration testing experience
  • Internal operational experience is strongly preferred
  • Lab-based certifications, such as OSCP and OSCE along with practical training from providers such as HackTheBox pro labs and similar are preferred
  • Exceptional written communication skills and attention to detail that can be leveraged to review deliverables for clear and accurate articulation of findings to both technical and managerial audiences is required
  • Strong ability to come up with solutions to potentially unprecedented problems where there is no guidance, both internal to the team and with client-facing issues
  • Able to confidently discuss report findings, both the type of vulnerability/attack and how to mitigate/remediate the risk, with both a technical and non-technical audience
  • Proven effectiveness in offensive security activities with commercial and open-source tools and ability to still demonstrate impact without overwhelmingly popular but exceedingly detectable tools like Metasploit
  • Strong familiarity with PCI DSS penetration testing requirements and experience navigating related scope conversations
  • Fundamental familiarity and exposure to one or more primary cloud hosting providers (AWS, GCP, Azure) is beneficial
  • Basic familiarity with common offensive security scripting languages such as Python, PowerShell, Go, etc.

We use Greenhouse Software as our applicant tracking system and Free Busy for HR screen request scheduling. At times, your email may block our communication with you. Please be sure to check your SPAM folder so that you don't miss updates on your application.

Why GuidePoint?

GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 900 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 3,500 customers.

Firmly-defined core values drive all aspects of the business, which have been paramount to the company’s success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.  

This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.

Some added perks….

  • Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
  • 100% employer-paid medical premiums (employee only $0 deductible and HSA plans) along with 75% employer-paid family contributions
  • 100% employer-paid dental premiums (employee only) along with 75% employer-paid family contributions
  • 12 corporate holidays and a Flexible Time Off (FTO) program
  • Healthy mobile phone and home internet allowance
  • Eligibility for retirement plan after 2 months at open enrollment
  • Pet Benefit Option


Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Active Directory AWS Azure Cloud GCP ICS Metasploit Offensive security OSCE OSCP PCI DSS Pentesting PowerShell Python Scripting

Perks/benefits: Career development Conferences Flex hours Flex vacation Health care Team events

Regions: Remote/Anywhere North America
Country: United States
Job stats:  20  3  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.