Role - 100% Remote PENETRATION TESTER with CISSP Certifi.
Location -- REMOTE
Duration --- 3 -- 6+ months
Role Overview
We are looking for a Senior Consultant to lead advanced offensive security engagements, including red teaming, application security testing, and cloud/infrastructure assessments. This role requires deep technical expertise, strong delivery ownership, and the ability to simulate real-world threat actors in mature security environments.
Key Responsibilities
- Lead end-to-end Red Team engagements using black-box and grey-box approaches:
- OSINT, reconnaissance, credential harvesting
- Initial access, lateral movement, persistence, and data exfiltration scenarios
- Design and execute attack scenarios aligned with real-world threat actors (MITRE ATT&CK)
- Perform advanced Web Application Penetration Testing:
- Authenticated testing, business logic abuse, API security, session/auth flaws
- Lead Infrastructure & Cloud Security Assessments (VPN security - SSL/IPSec, secure configuration validation, AWS security assessments, architecture, configurations, security controls review)
- Conduct and oversee:
- Phishing simulations and credential attacks (password spraying)
- Adversary simulation exercises (Red/Blue Team)
- Support Blue Team validation by simulating realistic attack paths requiring detection & response
- Physical Security & Social Engineering Assessments:
- Tailgating, impersonation, visitor-based access scenarios
- Mentor junior team members and review technical deliverables
- Produce executive-ready reports with risk-based prioritization and evidence-backed findings
- Engage with client stakeholders and support regulatory/security assurance requirements
Required Skills & Experience
- 6–10+ years in penetration testing / red teaming / adversary simulation
- Deep expertise in:
- Application security (OWASP Top 10, auth, APIs, logic flaws)
- Network and infrastructure exploitation
- Active Directory attacks, credential abuse, lateral movement
- VPN and remote access security
- Cloud security (AWS preferred – multi-account environments)
- Strong hands-on with:
- Cobalt Strike , Burp Suite Pro, BloodHound, Mimikatz, Metasploit
- Experience working in regulated environments (financial sector preferred)
Preferred Certifications
- CISM
- OSCP, OSCE, CRTO, CISSP (highly desirable)
Leadership & Delivery Expectations
- Ability to lead complex, multi-layered engagements independently
- Strong stakeholder communication and reporting skills
- Ability to align testing outcomes with regulatory and risk-based objectives
Good to Have
- Experience with:
- Physical security assessments & social engineering
- Tabletop exercises (TTX) and cyber resilience validation
- O365 security testing
