Principal Consultant - Attack & Penetration | Remote, USA

How you'll make an impact:

• Able to solo deliver or act as "point" for complex projects.
• Acts as technical escalation point to assist other consultants.
• Leverage cutting-edge techniques, tools, and procedures (TTPs), to covertly compromise clients.
• Leverage cloud-based assets to execute targeted assessments.
• Creatively use identified vulnerabilities across a client’s entire security posture (logical, physical, social) to demonstrate meaningful risks to clients based on industry and business focus.
• Create comprehensive assessment reports that clearly identify root cause and remediation strategies.
• Interface with client personnel to gather information, clarify scope and investigate security controls.
• Execute projects using established methodology, tools, and documentation.
• Collaborate with other team members and practices to complete client projects and practice contributions.
• Provide support in the ongoing development of security assessment offerings through tool creation and process improvement.
• Perform other duties as assigned.
• Participate in industry conferences to include delivering presentations.

What we’re looking for:

• Four (4) years of experience performing Vulnerability Assessments, Penetration Tests, Wireless Security Assessments and/or Social Engineering to enterprise-level organizations.
• Four (4) years of experience in a consulting services role, or related information security positions.
• Ability to travel 25-40% of the time to client sites.
• Certifications such as OSEE, OSEP, OSCP, OSCE, OSEE, CREST CRT, GIAC (GXPN, GWAPT, GPEN, GMOB) others are highly desired.
• Bachelor’s Degree from a four-year college or university in Information Assurance, Computer Science, Management Information Systems, or related area of study; or related experience and/or training; or equivalent combination of education and experience strongly preferred.
Demonstrated ability to deliver projects using well-defined methodology across various security assessment disciplines including:
• Familiarity with command and control (C2) frameworks, such as Nighthawk, Cobalt Strike, Mythic, Covenant, etc.
• Familiarity with evasive techniques for social engineering, C2, and post-exploitation.
• Passion for creating tools and automation to make common tasks more efficient preferred.
• Knowledge of programming and scripting for development of security tools preferred.
• Ability to combine multiple separate findings to execute complex attacks.
• Ability to manually validate vulnerabilities identified during assessments.
• Ability to identify, describe and report vulnerabilities and standard remediation activities, to include clear demonstration of risk to clients through post-exploitation activities required.
• Familiarity with many different network architectures, network services, system types, network devices, development platforms and software suites required (e.g., Linux, Windows, Cisco, Oracle, Active Directory, JBoss, .NET, etc.) required.
• Motivation to contribute to the infosec community (speaking, publishing, tooling/research) preferred.
• Demonstrated ability to create comprehensive assessment reports required.
• Must be able to work well with customers and self-manage through difficult situations, focus on client satisfaction.
• Ability to convey complex technical security concepts to technical and non-technical audiences including executives required.
• Ability to lead and mentor others; willingness to collaborate and share knowledge with team members required.
• Proven ability to review and revise reports written by peers required.
• Demonstrated effective time management skills, ability to balance multiple projects simultaneously and the ability to take on large and complex projects with little or no supervision required.
• #LI-NA1