Senior Offensive Security Consultant

October 8

Apply Now

Receive Emails with Similar Jobs

Soteria - Security Solutions & Advisory

WebsiteLinkedInAll Job Openings

Incident Response • Forensics Analysis • Data Analytics • Threat Management • Hunt Operations

11 - 50

💰 $2.5M Seed Round on 2018-02

Description

• Perform network penetration testing, web and mobile application security testing, source code reviews, vulnerability analysis, wireless network assessments, red team exercises, physical testing, and social engineering assessments. • Communicate with prospective and existing clients to understand their security needs, business requirements, and other motivating factors. • Develop tailored tactical and strategic recommendations to address findings. • Develop comprehensive and accurate reports and presentations for both technical and executive audiences. • Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel. • Engage with prospective clients in pre-sales meetings and provide technical input for scoping engagements. • Lead offensive security engagements through the entirety of project lifecycles, including kickoff, delivery, and closeout. • Research and incorporate attacker tools, tactics, techniques, and procedures. • Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements. • Perform quality assurance peer reviews of Advisory and Offensive Security assessment reports and deliverables. • Assist Soteria Leadership in the development of security standards and best practices for the organization and recommend security enhancements as needed. • Manage relationships with clients post-engagement as a trusted security partner. • Maintain competence in security trends, technologies, and practices through self-study and participation in the security community. • Collaborate with Soteria's Detection and Response Team (DART) to develop new capabilities for detecting bleeding edge offensive techniques. • Coach and mentor offensive security team members. • Provide continual improvement to offensive security team processes and documentation.

Requirements

• 5-7 years of experience in at least three of the following: • Network penetration testing and manipulation of network assets and infrastructure • Red team operations and purple team delivery, including adversary emulation • Web and/or mobile application assessments • Cloud penetration testing and manipulation of cloud infrastructure • Developing, extending, or modifying exploits, shellcode or exploit tools • Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE) • Reverse engineering malware, data obfuscators, or ciphers • Source code review for control flow and security flaws • Previous experience working for internal or external customers in a consultant capacity • Strong knowledge of tools used for network, cloud, web application, and wireless security testing. • Thorough understanding of network protocols and data on the wire. • Experience with automation of tasks using languages such as Powershell, Perl, Python, Ruby, etc. • Ability to successfully interface with clients (internal and external). • Ability to document and explain technical details in a concise, understandable manner. • Ability to manage and balance time among multiple competing tasks. • Mastery of *nix/Mac/Windows operating systems GUI and terminal.