Senior Security Consultant – Threat & Attack Simulation
Job Description:
• Lead and execute assessments including red team operations, purple team exercises, external and internal network penetration tests, cloud penetration tests, application and API security assessments, Active Directory security reviews, wireless security assessments, social engineering campaigns, and custom engagements — with minimal technical oversight
• Map assessment activities to the MITRE ATT&CK framework and align engagements with industry methodologies such as PTES, OWASP, and NIST guidelines
• Perform reconnaissance, exploitation, post-exploitation, lateral movement, and privilege escalation across enterprise environments including on-premises infrastructure, cloud platforms (AWS, Azure, GCP), and hybrid architectures
• Assess cloud-native environments including IAM configurations, serverless functions, container orchestration, and Infrastructure-as-Code deployments
• Conduct application and API penetration testing targeting OWASP Top 10 vulnerabilities, business logic flaws, and authentication/authorization weaknesses
• Evade defensive controls including EDR, NDR, email security gateways, and network segmentation during red team operations
• Author comprehensive assessment deliverables tailored to both technical and executive audiences that fully detail technical execution, root-cause deficiencies, business impact, and realistic remediation strategies
• Communicate findings confidently to both technical teams and non-technical leadership, translating complex attack chains into clear business risk
• Contribute to marketing and thought leadership through publishing research, speaking at industry conferences, authoring blog articles and whitepapers, hosting webinars, and developing security tools
• Build automation, orchestration, and scripting solutions to reduce manual processes, improve efficiency, and enable new capabilities for evolving client needs
• Develop and improve offensive tooling, custom implants, and C2 infrastructure to support assessment operations
• Assist with practice development including improving existing service offerings, creating new offerings, and identifying emerging assessment areas such as AI/LLM security testing
• Mentor junior and mid-level team members through regular one-on-one and group technical sessions, knowledge sharing, and hands-on guidance during engagements
• Build strong client relationships by providing interactive, collaborative support and guidance that maximizes the value of every engagement
• Represent GuidePoint professionally during pre-sales calls, scoping discussions, and client debriefs
Requirements:
• OSCP (Offensive Security Certified Professional) certification
• Minimum of 4 years of experience performing offensive security assessments (penetration testing, red teaming, or adversary emulation)
• Minimum of 2 years of experience in an enterprise-level consulting or professional services role
• Intermediate knowledge of and practical experience with Active Directory attack techniques and privilege escalation
• Proficiency in at least one scripting or programming language (Python, PowerShell, Bash, C#, or Go)
• Experience with offensive security toolsets such as Cobalt Strike, Metasploit, Burp Suite, BloodHound, Impacket, or similar commercial and open-source frameworks
• Strong written communication skills with the ability to produce client-ready reports that rarely require significant revision before delivery
• Ability to manage time effectively across concurrent engagements and communicate issues promptly when they arise
Benefits:
• Yearly training budget to support certifications, as it relates to the role
• Conference sponsorship (attendance and speaking)
• Dedicated research and development time
• Remote-first work environment with flexible scheduling
Apply tot his job
Apply To this Job
• Lead and execute assessments including red team operations, purple team exercises, external and internal network penetration tests, cloud penetration tests, application and API security assessments, Active Directory security reviews, wireless security assessments, social engineering campaigns, and custom engagements — with minimal technical oversight
• Map assessment activities to the MITRE ATT&CK framework and align engagements with industry methodologies such as PTES, OWASP, and NIST guidelines
• Perform reconnaissance, exploitation, post-exploitation, lateral movement, and privilege escalation across enterprise environments including on-premises infrastructure, cloud platforms (AWS, Azure, GCP), and hybrid architectures
• Assess cloud-native environments including IAM configurations, serverless functions, container orchestration, and Infrastructure-as-Code deployments
• Conduct application and API penetration testing targeting OWASP Top 10 vulnerabilities, business logic flaws, and authentication/authorization weaknesses
• Evade defensive controls including EDR, NDR, email security gateways, and network segmentation during red team operations
• Author comprehensive assessment deliverables tailored to both technical and executive audiences that fully detail technical execution, root-cause deficiencies, business impact, and realistic remediation strategies
• Communicate findings confidently to both technical teams and non-technical leadership, translating complex attack chains into clear business risk
• Contribute to marketing and thought leadership through publishing research, speaking at industry conferences, authoring blog articles and whitepapers, hosting webinars, and developing security tools
• Build automation, orchestration, and scripting solutions to reduce manual processes, improve efficiency, and enable new capabilities for evolving client needs
• Develop and improve offensive tooling, custom implants, and C2 infrastructure to support assessment operations
• Assist with practice development including improving existing service offerings, creating new offerings, and identifying emerging assessment areas such as AI/LLM security testing
• Mentor junior and mid-level team members through regular one-on-one and group technical sessions, knowledge sharing, and hands-on guidance during engagements
• Build strong client relationships by providing interactive, collaborative support and guidance that maximizes the value of every engagement
• Represent GuidePoint professionally during pre-sales calls, scoping discussions, and client debriefs
Requirements:
• OSCP (Offensive Security Certified Professional) certification
• Minimum of 4 years of experience performing offensive security assessments (penetration testing, red teaming, or adversary emulation)
• Minimum of 2 years of experience in an enterprise-level consulting or professional services role
• Intermediate knowledge of and practical experience with Active Directory attack techniques and privilege escalation
• Proficiency in at least one scripting or programming language (Python, PowerShell, Bash, C#, or Go)
• Experience with offensive security toolsets such as Cobalt Strike, Metasploit, Burp Suite, BloodHound, Impacket, or similar commercial and open-source frameworks
• Strong written communication skills with the ability to produce client-ready reports that rarely require significant revision before delivery
• Ability to manage time effectively across concurrent engagements and communicate issues promptly when they arise
Benefits:
• Yearly training budget to support certifications, as it relates to the role
• Conference sponsorship (attendance and speaking)
• Dedicated research and development time
• Remote-first work environment with flexible scheduling
Apply tot his job
Apply To this Job