35 applicants

Company

Presidio · 1 day ago

Principal Offensive Security Consultant

United States

Full-time

Remote

Senior Level

5+ years exp

Maximize your interview chances

Cloud InfrastructureInformation Services

Actively Hiring

Insider Connection @Presidio

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Conduct hands-on technical testing beyond automated tool validation, including full exploitation and leveraging of access within multiple environments, such as Active Directory, cloud, infrastructure, and other environments.

Conduct scenario-based security testing or red teaming to identify gaps in detection and response capabilities.

Participate in and lead Purple Team exercises.

Perform cloud penetration tests on various cloud platforms such as AWS, Azure, and Google Cloud Platform.

Develop tools, techniques, standards, and methodologies within our offensive cybersecurity consulting services.

Develop in-depth reports that include factors such as inherent risk, mitigating controls, business impact, likelihood, and other key elements to determine security risk.

Conduct offensive security research on emerging technologies and testing capabilities (e.g., testing GenAI and LLM). Develop methods that emulate known adversaries' tactics, techniques, and procedures.

Provide professional deliverables to clients as well as lead technical and executive client presentations.

Lead large security engagements in concert with other Presidio teams.

Work with other cybersecurity consultants in a collaborative team setting to support and assist in the execution and delivery of cyber services such as documentation review and security consulting services.

Assist leadership and other team members as needed.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Penetration TestingCloud SecurityOffensive SecurityActive DirectoryScripting LanguagesSecurity ToolsVulnerabilitiesExploitsSecurity FrameworksClient-facing ExperiencePowerShellPythonJavaScriptCJavaOSCPGPENGXPNGCPNCCSPCRTOBurp SuitePostmanSwaggerMobile Penetration TestingSocial EngineeringCFRCISACISMCISSP

Required

Working knowledge of common operating systems and domain structures (Windows, Linux, Active Directory, etc.), servers, services, and associated vulnerabilities.

Working knowledge of scripting languages (e.g., PowerShell, Python, JavaScript, etc.) and/or programming languages (e.g., C, Java, C#).

Demonstrable experience with security tools such as Responder, Impacket, BloodHound, Sysinternals Suite, OS native (i.e., LOL binaries), and C2 frameworks.

Knowledge of frameworks such as MITRE ATT&CK, MITRE D3FEND, OWASP, and NIST CSF.

Deep knowledge of common vulnerabilities and exploits, adversarial methodologies, and tactics.

Ability to understand and communicate technical recommendations around mitigation and detection of discovered risks.

Strong verbal and written communication skills, organizational skills, and attention to detail.

Strong presentation skills.

Prior experience in a client-facing role as a consultant.

Demonstrate ownership of projects and tasks and a sense of urgency in completing assigned activities.

Ability to work collaboratively and professionally with co-workers, clients, and management.

Ability to be flexible and embrace change.

Ability to manage multiple tasks and responsibilities, work alone or in small teams, achieve established goals and objectives, and communicate progress in a timely and meaningful manner.

Must possess one of the following certifications: OSCP, GPEN, GXPN, GCPN, CCSP, or CRTO.

Bachelor’s Degree or the equivalent work experience and/or military experience.

5+ years’ experience conducting penetration tests, web application assessments, or other high-level technical testing.

Preferred

Perform both authenticated and unauthenticated web application testing as well as API assessments (RESTful and SOAP).

Familiarity with PlexTrac, Burp Suite, Postman, Swagger, Tailscale.

Mobile application penetration testing experience (iOS and Android).

Physical penetration testing experience.

Social Engineering experience (phishing campaigns, impersonation, vishing, smishing).

Background in web application development and/or cloud computing is strongly preferred.

Security training focused on penetration testing, web applications testing, cloud security, or red teaming.

Industry certifications such as CASP+ CE, CCISO, CCNA Cyber Ops, CCNA, CCNP Security, CEH, CFR, CISA, CISM, CISSP, Cloud+, CySA+, GCED, GCIA, GCIH, GICSP, or GSLC.

Strong cross-functional team participant and collaborative approach to problem-solving.

Self-starter with the ability to manage their tasks in a larger project or program effort.