The Security Consultant - Offensive Security is a critical role within Stratascale’s Adversarial Operations team who will assist in leading and supporting the development and delivery of a diverse range of continuous threat and exposure management consulting, penetration testing, and operational service programs to a portfolio of our clients.
This position is required to report to the Stratascale Charlotte office as determined by Stratascale management.
Includes, but not limited to:
- Perform penetration testing against complex environments covering both external, internal, web application, and other forms of offensive security engagements.
- Consult and document attack surface, threats, and vulnerability improvements based on team’s overall assessment of client’s environment.
- Perform full assessment and threat modeling against industry best practices to identify control weaknesses and assess the effectiveness of existing controls.
- Perform root cause analysis on identified vulnerabilities and attack surface weaknesses to determine technical solutions to be presented to client along with recommendations for remediations.
- Collaborate with client’s security teams to understand mitigation or resolutions for findings discovered by analysts.
- Review threat intelligence for specific threat vectors that align with client's industry or potentially impacted by to utilize in attack path modeling.
- Assist in defining, measuring, and quantifying business risk and vulnerability impacts to clients their stakeholders.
- Maintain knowledge of modern penetration testing tools, techniques, and methodologies.
- Provide mentorship and guidance to junior team members while assisting them in learning the overall processes.
- 3+ years of experience of offensive security processes and cybersecurity operations.
- 3+ years of experience working with offensive security tools including Cobalt Strike, Nessus, Burp Suite Pro, Kali Linux, Wireshark, nmap, etc.
- 3+ years of experience of general cybersecurity concepts and methods, including vulnerability management, application security, incident response, governance, risk or compliance, or security architecture
