Senior Offensive Security Consultant

Company: SpecterOps Team: Consulting Services

Position Overview

SpecterOps is seeking a Senior Offensive Security Consultant to join the Consulting Services team. In this role, you will act as an operator, trainer, and program developer within the Adversary Simulation service line. You will primarily engage with large commercial enterprises, conducting a range of offensive security assessment services including red team assessments, penetration tests, offensive maturity assessments, web application tests, and specialty security assessments. You will also support internal offensive programs, deliver training courses, and contribute to research and development efforts. Consultants work in diverse environments, both onsite and offsite, supporting customers by developing toolsets for operations and briefing executives.

A successful candidate will possess excellent technical skills, impeccable soft skills, and be a well-organized, self-directed individual.

Salary Range

• Senior Consultant: $145,000 - $170,000 annually (commensurate with experience)

Location

• Remote, based in the U.S.
• Travel required quarterly for in-person company events and other ad hoc meetings.
• Note: Candidate must be authorized to work and reside in the United States. SpecterOps does not sponsor immigration visas.

Responsibilities

• Plan and conduct offensive security engagements of varying size, scope, focus, and approach.
• Effectively communicate findings, attack paths, recommendations, and strategy to technical and executive client stakeholders through written reports and verbal presentations.
• Build scripts, tools, or methodologies to enhance offensive services.
• Serve as a subject matter expert (SME) in one or more of the following areas: initial access, open-source intelligence analysis, adversary tradecraft, offensive Windows/Linux/macOS operations, evasion operations, or technical capability development.
• Utilize common offensive security testing tools and tradecraft.
• Stay up-to-date with cutting-edge adversary tradecraft and vulnerabilities.
• Effectively communicate successes and obstacles with fellow team members and team lead(s).
• Interface with client contact(s) and staff in a constructive and professional manner.
• Coordinate and prepare for internal and customer-facing meetings.
• Assist with scoping prospective engagements, participating in technical testing from kickoff through remediation, and mentoring less experienced staff.
• Train team members in adversary Tactics, Techniques, and Procedures (TTPs) and tools.
• Contribute new or improve existing content for SpecterOps training courses and assist in the delivery of course offerings (instruction, lab support, etc.).

Requirements

• Ability to travel domestically and internationally; up to an average of 25% annually.
• Must be able to pass a criminal background check.
• Desire to embody SpecterOps' core values: passionate curiosity, consistent improvement, empathy, sustainability, humility, and empowerment through transparency.

Desired Qualifications

• Proficient knowledge of offensive security concepts and assessments.
• Proficient knowledge of security principles, policies, and industry best practices.
• Proficient knowledge of Windows and *NIX-based operating systems.
• Proficient knowledge of networking concepts.
• Proficient knowledge of Active Directory.
• Working knowledge of programming or scripting languages, such as C#/.NET, C++, Python, PowerShell, Bash, etc.
• Aptitude for technical writing, including assessment reports, presentations, and operating procedures.
• Strong written/verbal communication and interpersonal skills.
• Clear expert in one or more service lines and/or technical areas.
• Experience leading small teams and engagements.
• Experience managing multiple projects simultaneously.
• Experience communicating with clients and delivering presentations.
• Experience independently managing client projects.
• Ability to lead and execute the majority of offensive security service offerings (e.g., red team, penetration testing).