SpecterOps is looking for senior consultants to work on the Consulting Services team as operators, trainers, and program developers. The Adversary Simulation service line primarily works in large commercial enterprises conducting offensive assessment services (red team assessments, penetration tests, defensive capability tests, and specialty security assessments), supporting internal offensive programs, delivering training courses, and supporting research and development efforts. Our consultants work both onsite and offsite in diverse environments supporting our customers, anywhere from developing toolsets in support of operations to briefing executives.
A successful candidate will have excellent technical skills, impeccable soft skills, and be a well-organized, self-directed individual.
Salary Range: Base salary annually, commensurate with experience.
- Associate Consultant - $90,000 - $120,000
- Consultant - $120,000 - $140,000
- Senior Consultant - $140,000 - $160,000
Location: This position is remote, based in the U.S. with optional travel quarterly for in person company events and other ad hoc meetings.
- Candidate must be authorized to work and reside in the United States; we do not currently sponsor immigration visas
Responsibilities
- Plan and conduct offensive engagements ranging in size, scope, focus, and approach
- Effectively communicate findings, attack paths, and recommendations, and strategy to technical and executive client stakeholders through written reports and verbal presentations
- Build scripts, tools, or methodologies to enhance offensive services
- Serve as a subject matter expert (SME) in one of the following areas: initial access, intelligence analysis, adversary tradecraft, offensive Windows/Nix/macOS operations, evasion operations, or technical capability development
- Utilize common offensive security testing tools and tradecraft
- Stay up to date with cutting-edge adversary tradecraft and vulnerabilities
- Effectively communicate successes and obstacles with fellow team members and team lead(s)
- Interface with client contact(s) and staff in a constructive and professional manner
- Coordinate and prepare for internal and customer facing meetings
- Assist with scoping prospective engagements, participating in technical testing from kickoff through remediation, and mentoring less experienced staff
- Train team members in adversary Tactics, Techniques, and Procedures (TTPs) and tools
- Contribute new or improve existing content for SpecterOps training courses and assist in the delivery of course offerings (instruction, lab support, etc)
Requirements (All Positions)
- Ability to travel domestically and internationally; up to an average of 25% annually
- Must be able to pass a criminal background check
- Desire to embody our core values of passionate curiosity, consistent improvement, empathy, sustainability, humility, and empowerment through transparency
Associate Consultant:
As an Associate Consultant, your primarily responsibility will be to learn. You will engage, participate, and contribute to the execution of a variety of services and projects. In doing so, you will actively develop a basic understanding of the SpecterOps Adversary Simulation service line and develop skills in one or more technical areas.
Desired Qualifications:
- Foundational knowledge of offensive security concepts and assessments
- Foundational knowledge of security principles, policies, and industry best practices
- Working knowledge of Windows and *NIX-based operating systems
- Working knowledge of networking concepts
- Working knowledge of Active Directory
- Working knowledge of programming or scripting languages, such as C#/.NET, C++, Python, PowerShell, Bash, etc
- Aptitude for technical writing, including assessment reports, presentations and operating procedures
- Strong written/verbal communication and interpersonal skills
- Determination to better self and the overall information security community through research efforts and release through blog posts, conference talk delivery, open-source tool release, and white paper publication
- Willingness to support delivery of public and private training offerings (e.g., providing lab support, fielding student questions, etc)
Consultant: As a Consultant, you will independently contribute to significant services and projects. You will be responsible for the entire lifecycle of small to medium-size services and projects.
Desired Qualifications-Must meet the desired qualifications for an Associate Consultant, plus the following:
- Foundational knowledge of defensive security concepts and assessments
- Working knowledge of offensive security concepts and assessments
- Working knowledge of common regulatory requirements and governance frameworks
- Proficient with Windows and *NIX-based operating systems and related offensive techniques
- Proficient with networking concepts and related offensive techniques
- Proficient with Active Directory and related offensive techniques
- Ability to lead small to medium sized services and projects
- Ability to communicate effectively with customers, team members and upper management for project delivery
- Ability to contribute to the majority of offensive security service offerings (e.g., red team, penetration test, web application security assessment, cloud security assessment, defensive capability test, etc) as part of a team for the full project lifecycle
- Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy
Senior Consultant: As a Senior Consultant, you will be responsible for the entire lifecycle of significant services and projects.
Desired Qualifications - Must meet the desired qualifications for a Consultant, plus the following:
- A clear expert in one or more service lines and/or technical areas
- Ability to lead and execute the majority of offensive security service offerings (e.g., red team, penetration test, web application security assessment, cloud security assessment, defensive capability test, etc)
- Experience leading small teams and engagements
- Experience managing multiple projects at once
- Experience communicating with clients and delivering presentations
- Experience independently managing client projects
- Willingness to develop and deliver training content as a lead course instructor
- Willingness to mentor and train fellow consultants
Nice to Haves (All Positions)
- Bachelor's degree in a technical field
- Experience participating in and/or leading Fortune 1000 and/or large Federal Government security assessments
- Public community contributions (e.g., conference presentations, blog posts, white papers, public tool development)
- Experience in administering, attacking, or defending Windows/Active Directory, Linux, and/or macOS environments
- Experience in technical writing
- Experience working for a service-based information security consultancy
- Experience developing and/or providing technical training
- Desire to teach and train students in offensive techniques
- Desire to travel internationally and domestically on a more frequent basis
What We Offer
- Health/Dental/Vision/life insurance: 100% covered for both the employee and their family
- Flexible time off policy
- 10+ paid holidays annually
- 401(k) with up to 4% company match
- Equity and a potential bonus based on company performance
- Remote work: $2,000 first year allowance to set up home office
- Open intellectual property policies; allow researchers to retain rights over open sourced research & tools
- $150 monthly cell phone and internet reimbursement
- $5,000 annual professional development allowance
- $5,250 towards continuing education or student loan repayment
- $100 monthly reimbursement for lifestyle, wellness, pet insurance or home office expenses
- A one-time $10,000 benefit towards family planning
- In person and virtual employee events throughout the year
- And of course, company swag!
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
Unsolicited resumes are not accepted
#LI-REMOTE