Senior Security Consultant

The preferred Senior Security Consultant candidate should showcase advanced skills in Active Directory penetration testing, red team assessments, adversary simulation, physical penetration testing, and the capacity to create and implement intricate phishing simulations. Furthermore, the candidate must exhibit expertise in circumventing Network Access Control (NAC), Endpoint Detection and Response (EDR), and Data Loss Prevention (DLP) solutions.

Key Responsibilities:

Active Directory Pentest and Red Team Assessments:

• Conduct comprehensive penetration tests on enterprise networks and Active Directory environments to identify vulnerabilities and weaknesses.
• Execute red team assessments to simulate real-world cyber threats and evaluate defense mechanisms.

Adversary Simulation:

• Develop and implement advanced adversary simulations to assess the resilience of client systems against sophisticated threats.
• Provide detailed reports with actionable recommendations based on simulation outcomes.
• Well versed with security tools & C2 frameworks such as Cobalt Strike, Metasploit, Mythic, Sliver etc.

Physical Penetration Testing:

• Perform on-site physical penetration tests to evaluate the security of physical infrastructure and access controls.
• Identify vulnerabilities related to physical security and propose effective mitigations.

Phishing Simulations:

• Design and execute realistic phishing simulations to assess the susceptibility of client personnel to social engineering attacks.
• Develop and deliver training programs to enhance employee awareness and response to phishing threats.

Bypassing NAC, EDR, and DLP Solutions:

• Evaluate, identify, and exploit weaknesses in Network Access Control (NAC), Endpoint Detection and Response (EDR), and Data Loss Prevention (DLP) solutions.
• Develop and implement strategies to bypass or overcome security measures effectively for Lateral Movement and Persistence.
• Proficiency in one or more coding/scripting language. (E.g., Perl, Python, PowerShell, Shell Scripting, C/C#/C++, golang, etc.)

Qualifications:

• 5+ years of proven experience in cybersecurity, with a focus on penetration testing and red teaming.
• Expertise in Azure and On-prem Active Directory exploitation techniques.
• Hands-on experience in physical penetration testing.
• Strong knowledge of adversary simulation techniques.
• Expertise in Layer 2 attacks.
• Ability to design and execute phishing simulations.
• Familiarity with a variety of NAC, EDR, and DLP solutions.
• Relevant industry certifications such as OSCE, OSEP CRTP, CRTE, CRTO, or equivalent are highly desirable.

Skills:

• Proficiency in penetration testing tools and frameworks.
• Excellent understanding of cybersecurity concepts and principles.
• Strong analytical and problem-solving skills.
• Effective written and verbal communication skills.
• Ability to work independently and collaboratively in a team environment.

Job Tags: Security Consultant