Senior Security Consultant

Cybersecurity is set to become a $10 trillion criminal enterprise by 2025, outpacing the illegal drug trade and we are looking for a full-time (exempt) Security Practitioner looking to enrich their professional career. In this position, you will have the opportunity to impact one of the most important problems of our time with an elite team and firm. 

As a Senior Security Consultant, you will work with risk3sixty’s offensive security consultants to scope, prepare, and deliver technology-oriented assessments and red team engagements that positively benefit the overall security posture of SaaS organizations.  This position will report to the Director of Offensive Security Practice. 

At risk3sixty, we are employee-centric innovators that dream big, take calculated risks, and challenge the status-quo. It’s simple: we can’t accomplish our mission without diverse teams innovating and pushing together. Therefore, we prioritize giving all team members an opportunity to enrich and enlarge their careers through customized career planning and opportunities to participate in various management and leadership training programs built in-house.  
 

Supervisory Responsibilities 

• Assist other team members at risk3sixty in offensive techniques and approaches to scale the team 
• Occasional report quality assurance for Security Consultants 

Core Responsibilities 

In this role, you will: 

• Execute a variety of complex penetration testing assessments and vulnerability assessments including network, web application, and cloud penetration testing. 
• Ability to lead in scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel. 
• Enhance testing by identifying novel attack patterns against systems and applications based on real-world data. 
• Act as a subject matter expert in offensive information security, performing dynamic and manual security assessments on applications, networking interfaces, middleware infrastructure, operating systems, and databases. 
• Develop new testing methods and techniques to identify vulnerabilities and entry points that attackers may use to exploit applications, networks, and systems. 
• Continuously learn and keep pace with quickly moving and dynamic adversaries. 
• Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach. 
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation. 

Education and Experience 

• Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or equivalent years of professional experience to meet job requirements and expectations or equivalent military experience required 
• 3+ years of professional experience with risk assessment tools, technologies, and methods focused on Information Assurance, Information Systems/Network Security, Infrastructure Design, and Vulnerabilities Assessments 
• Strong knowledge of tools and techniques used to conduct network and web application penetration testing  
• Experience leading attack surface reconnaissance techniques such as cloud enumeration, ASN Identification, and apex/subdomain discovery 
• Experience attacking Active Directory and supporting components (SQL Server, Exchange, etc.) 
• Experience attacking modern web stacks and identifying issues beyond scanner results 
• A practical knowledge of scripting languages (Python, Bash, and PowerShell being the most useful) 
• Strong comfort with advanced usage of Windows and/or Linux 
• Ability to meet deadlines with a high degree of motivation and teamwork  
• Excellent written and oral communication skills 
• Experienced and comfortable interacting and communicating with teammates and customers
   

Certifications 

• Possession of or in the process of obtaining two or more security-related certifications: 
• Offensive Security Certified Professional (OSCP) 
• Offensive Security Experienced Penetration Tester (OSEP) 
• Offensive Security Web Expert (OSWE) 
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) 
• eLearnSecurity Certified Penetration Tester eXtreme (eCPTXv2) 
• eLearnSecurity Web Application Penetration Tester eXtreme (eWPTXv2) 
• Certified Red Team Operator (CRTO) 
• Certified Red Team Professional (CRTP) 
• Certified Red Team Expert (CRTE) 
• Things considered a plus: 
• Public blog/website  
• Active GitHub profile 
• Community involvement/Past presentations at conferences 

Specific Benefits 

• Training/professional development budget for certifications 
• Conference attendance budget 
• Certification exam reimbursement 

Physical Requirements  

• Prolonged periods sitting at a desk and working on a computer. 
• Must be able to lift up to 10 pounds at times.