Role & seniority: Consultant, Security Testing and Red Teaming; Mid-Senior level; Full-time

Stack/tools: Burp Suite, Nmap, Metasploit, BloodHound; Windows/Linux; web app, network, AD, cloud testing; scripting/programming (Python, PowerShell, Bash); cloud platforms (AWS, Azure, GCP)

Top 3 responsibilities

Deliver end-to-end penetration testing engagements with minimal supervision (web apps, networks, AD, cloud/hybrid, mobile, IoT, OT)
Produce high-quality findings with actionable remediation guidance and support client walkthroughs
Maintain detailed notes, logs, and evidence; contribute to reports, playbooks, and peer reviews; engage with clients and colleagues

Must-have skills

OSCP (required); advanced certifications (e.g., OSWE, OSEP, OSED) a plus
3–5 years hands-on pentesting in consulting or internal security
Strong methodology, ROE, ethical hacking principles; deep knowledge of TCP/IP, Windows/Linux, web apps, AD, and cloud security testing
Proficiency with pentest tools; scripting/automation experience
Ability to communicate findings clearly in writing and verbally

Nice-to-haves

Experience with adversary simulation/red teaming; custom tooling and automation development
Internal security research, labs, or capability development
Location & work type: Location not specified; full-time role in Information Technology and ConsultingIndustry

Full Description

Consultant, Security Testing and Red Teaming Description The Consultant, Security Testing and Red Teaming is a core delivery role within the offensive security practice, responsible for independently executing penetration testing engagements and contributing to advanced offensive security activities. This role has a strong emphasis on hands-on penetration testing across web applications, infrastructure, Active Directory, and cloud environments. Consultants are expected to operate with a high degree of autonomy on scoped engagements, apply sound technical judgement, and produce high-quality, defensible findings and reports for clients. While penetration testing is the primary focus, Consultants are also expected to demonstrate the curiosity and technical breadth to grow into broader offensive security disciplines over time, including adversary simulation, red teaming, tooling development, and security research. Roles and Responsibilities

Deliver end-to-end penetration testing engagements with minimal supervision, including

Web application penetration testing
Internal and external network penetration testing
Active Directory security assessments
Cloud and hybrid environment testing
Mobile application penetration testing
IOT penetration testing
OT penetration testing
Perform manual vulnerability discovery, validation, and exploitation beyond automated scanning.
Identify attack paths, chain vulnerabilities, and assess real-world business impact.
Exercise sound judgement in exploitation depth, data handling, and risk management during testing.
Maintain clear, detailed testing notes, evidence, and attack logs to support reporting and quality review.
Produce high-quality technical findings with accurate severity assessment and actionable remediation guidance.
Develop structured penetration testing reports, and support client walkthroughs and debriefs.
Engage professionally with clients during kick-off sessions, testing clarification, and results discussions.
Participate in peer reviews of testing approaches and reports to uphold delivery quality standards.
Continuously develop technical depth across offensive security techniques, platforms, and tooling.
Contribute to security testing playbooks, internal knowledge sharing and peer learning.

Where appropriate, contribute to broader offensive security initiatives, such as

Adversary simulation and red teaming exercises
Custom tooling, scripting, or automation
Internal research, labs, or capability development
Requirements
Offensive Security Certified Professional (OSCP) is required.

Consultant, Security Testing and red teaming