ISACA
Principal Offensive Security Consultant
ISACA, London, Kentucky, United States, 40741
SEIZE THE OPPORTUNITY TO BE A PART OF SOMETHING GREAT!Presidio is on the leading edge of a technology-driven movement to transform the way business is done, for our customers and our customers' customers. Joining Presidio means immersing yourself in a culture of self-starters, collaborators and innovators who make real, lasting change in the marketplace via cutting-edge technology and business solutions. At Presidio, we know that it’s our people that make the connections happen.WHY YOU SHOULD JOIN US?
You will set your career on track for outstanding achievement with a company that knows no limits. Presidio is a leading global digital services and solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.THE ROLE: Principal Offensive Security ConsultantJob Summary:As a Principal Offensive Security Consultant with Presidio, you will be directly involved in reviewing and assessing client's internal and external security architectures, identifying risks, and making recommendations that are aligned to applicable regulatory requirements and consensus-based security best practices.Travel Requirements:This role is remote; however, you will be expected to travel up to 25% to client sites to deliver professional services.Job Responsibilities:Conduct hands-on technical testing beyond automated tool validation, including full exploitation and leveraging of access within multiple environments, such as Active Directory, cloud, infrastructure, and other environments.Conduct scenario-based security testing or red teaming to identify gaps in detection and response capabilities.Participate in and lead Purple Team exercises.Perform cloud penetration tests on various cloud platforms such as AWS, Azure, and Google Cloud Platform.Develop tools, techniques, standards, and methodologies within our offensive cybersecurity consulting services.Develop in-depth reports that include factors such as inherent risk, mitigating controls, business impact, likelihood, and other key elements to determine security risk.Conduct offensive security research on emerging technologies and testing capabilities (e.g., testing GenAI and LLM). Develop methods that emulate known adversaries' tactics, techniques, and procedures.Provide professional deliverables to clients as well as lead technical and executive client presentations.Lead large security engagements in concert with other Presidio teams.Work with other cybersecurity consultants in a collaborative team setting to support and assist in the execution and delivery of cyber services such as documentation review and security consulting services.Assist leadership and other team members as needed.Required Skills:Working knowledge of common operating systems and domain structures (Windows, Linux, Active Directory, etc.), servers, services, and associated vulnerabilities.Working knowledge of scripting languages (e.g., PowerShell, Python, JavaScript, etc.) and/or programming languages (e.g., C, Java, C#).Demonstrable experience with security tools such as Responder, Impacket, BloodHound, Sysinternals Suite, OS native (i.e., LOL binaries), and C2 frameworks.Knowledge of frameworks such as MITRE ATT&CK, MITRE D3FEND, OWASP, and NIST CSF.Deep knowledge of common vulnerabilities and exploits, adversarial methodologies, and tactics.Ability to understand and communicate technical recommendations around mitigation and detection of discovered risks.Strong verbal and written communication skills, organizational skills, and attention to detail.Strong presentation skills.Prior experience in a client-facing role as a consultant.Demonstrate ownership of projects and tasks and a sense of urgency in completing assigned activities.Ability to work collaboratively and professionally with co-workers, clients, and management.Ability to be flexible and embrace change.Ability to manage multiple tasks and responsibilities, work alone or in small teams, achieve established goals and objectives, and communicate progress in a timely and meaningful manner.Must possess one of the following certifications: OSCP, GPEN, GXPN, GCPN, CCSP, or CRTO.Additional Desired Skills:Perform both authenticated and unauthenticated web application testing as well as API assessments (RESTful and SOAP).Familiarity with PlexTrac, Burp Suite, Postman, Swagger, Tailscale.Mobile application penetration testing experience (iOS and Android).Physical penetration testing experience.Social Engineering experience (phishing campaigns, impersonation, vishing, smishing).Background in web application development and/or cloud computing is strongly preferred.Security training focused on penetration testing, web applications testing, cloud security, or red teaming.Industry certifications such as CASP+ CE, CCISO, CCNA Cyber Ops, CCNA, CCNP Security, CEH, CFR, CISA, CISM, CISSP, Cloud+, CySA+, GCED, GCIA, GCIH, GICSP, or GSLC.Strong cross-functional team participant and collaborative approach to problem-solving.Self-starter with the ability to manage their tasks in a larger project or program effort.Education and Experience:Bachelor's degree or equivalent experience and/or military experience.5+ years’ experience conducting penetration tests, web application assessments, or other high-level technical testing.
#J-18808-Ljbffr
You will set your career on track for outstanding achievement with a company that knows no limits. Presidio is a leading global digital services and solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.THE ROLE: Principal Offensive Security ConsultantJob Summary:As a Principal Offensive Security Consultant with Presidio, you will be directly involved in reviewing and assessing client's internal and external security architectures, identifying risks, and making recommendations that are aligned to applicable regulatory requirements and consensus-based security best practices.Travel Requirements:This role is remote; however, you will be expected to travel up to 25% to client sites to deliver professional services.Job Responsibilities:Conduct hands-on technical testing beyond automated tool validation, including full exploitation and leveraging of access within multiple environments, such as Active Directory, cloud, infrastructure, and other environments.Conduct scenario-based security testing or red teaming to identify gaps in detection and response capabilities.Participate in and lead Purple Team exercises.Perform cloud penetration tests on various cloud platforms such as AWS, Azure, and Google Cloud Platform.Develop tools, techniques, standards, and methodologies within our offensive cybersecurity consulting services.Develop in-depth reports that include factors such as inherent risk, mitigating controls, business impact, likelihood, and other key elements to determine security risk.Conduct offensive security research on emerging technologies and testing capabilities (e.g., testing GenAI and LLM). Develop methods that emulate known adversaries' tactics, techniques, and procedures.Provide professional deliverables to clients as well as lead technical and executive client presentations.Lead large security engagements in concert with other Presidio teams.Work with other cybersecurity consultants in a collaborative team setting to support and assist in the execution and delivery of cyber services such as documentation review and security consulting services.Assist leadership and other team members as needed.Required Skills:Working knowledge of common operating systems and domain structures (Windows, Linux, Active Directory, etc.), servers, services, and associated vulnerabilities.Working knowledge of scripting languages (e.g., PowerShell, Python, JavaScript, etc.) and/or programming languages (e.g., C, Java, C#).Demonstrable experience with security tools such as Responder, Impacket, BloodHound, Sysinternals Suite, OS native (i.e., LOL binaries), and C2 frameworks.Knowledge of frameworks such as MITRE ATT&CK, MITRE D3FEND, OWASP, and NIST CSF.Deep knowledge of common vulnerabilities and exploits, adversarial methodologies, and tactics.Ability to understand and communicate technical recommendations around mitigation and detection of discovered risks.Strong verbal and written communication skills, organizational skills, and attention to detail.Strong presentation skills.Prior experience in a client-facing role as a consultant.Demonstrate ownership of projects and tasks and a sense of urgency in completing assigned activities.Ability to work collaboratively and professionally with co-workers, clients, and management.Ability to be flexible and embrace change.Ability to manage multiple tasks and responsibilities, work alone or in small teams, achieve established goals and objectives, and communicate progress in a timely and meaningful manner.Must possess one of the following certifications: OSCP, GPEN, GXPN, GCPN, CCSP, or CRTO.Additional Desired Skills:Perform both authenticated and unauthenticated web application testing as well as API assessments (RESTful and SOAP).Familiarity with PlexTrac, Burp Suite, Postman, Swagger, Tailscale.Mobile application penetration testing experience (iOS and Android).Physical penetration testing experience.Social Engineering experience (phishing campaigns, impersonation, vishing, smishing).Background in web application development and/or cloud computing is strongly preferred.Security training focused on penetration testing, web applications testing, cloud security, or red teaming.Industry certifications such as CASP+ CE, CCISO, CCNA Cyber Ops, CCNA, CCNP Security, CEH, CFR, CISA, CISM, CISSP, Cloud+, CySA+, GCED, GCIA, GCIH, GICSP, or GSLC.Strong cross-functional team participant and collaborative approach to problem-solving.Self-starter with the ability to manage their tasks in a larger project or program effort.Education and Experience:Bachelor's degree or equivalent experience and/or military experience.5+ years’ experience conducting penetration tests, web application assessments, or other high-level technical testing.
#J-18808-Ljbffr