Social network you want to login/join with:
Up to 60 days over the next year (days differ week to week) – Outside IR35
Must be eligible for SC Clearance. Must have CREST certification CRT or higher
Role Overview:
We are seeking a highly skilled and experienced Offensive Security Consultant with a strong focus understanding on threat intelligence and attack methods. The ideal candidate will be responsible for managing and conducting advanced penetration testing engagements, leveraging threat intelligence to simulate real-world attacks across a variety of environments, including OT, IT, web applications, cloud infrastructure, and APIs. This role requires a deep understanding of adversarial approaches, excellent communication skills, and the ability to provide strategic and actionable recommendations to significantly enhance our clients' security posture.
Responsibilities:
* Lead and manage the full lifecycle of complex penetration testing engagements, applying a strong threat intelligence-led approach.
* Execute advanced penetration tests across a broad range of environments (applications, infrastructure, web, APIs, O365, Azure, AWS, OT), directly applying your knowledge of current threat landscapes and attacker TTPs.
* Develop and maintain sophisticated test plans, execution plans, and targeted use cases directly informed by in-depth threat intelligence analysis.
* Identify and prioritize OT and IT assets, services, and systems based on their criticality and potential exposure to identified threats.
* Strategically prioritize, plan, and schedule penetration testing engagements based on comprehensive threat assessments and client-specific requirements.
* Produce high-quality, detailed reports that clearly articulate technical findings, potential business impact, and strategic, actionable remediation recommendations for both technical and non-technical stakeholders.
* Clearly and effectively communicate complex security concepts, adversarial tactics, and critical threat intelligence insights to diverse audiences.
* Collaborate closely with client IT and cybersecurity teams to drive the enhancement of security protocols and ensure effective, threat-informed remediation of identified vulnerabilities.
* Track the progress of remediation efforts and provide regular, concise updates to stakeholders, highlighting the reduction of identified threats.
* Conduct proactive security research and contribute to the creation of technical content on emerging threats, advanced attack techniques, and threat intelligence-led testing methodologies.
* Contribute to strengthening security monitoring (blue team) capabilities by providing valuable insights into offensive techniques and adversarial behaviours to enhance detection and response effectiveness.
* Drive the patching regime for identified vulnerabilities, prioritizing remediation efforts based on threat intelligence and the potential for exploitation by advanced threat actors.
Skills and Qualifications:
* Minimum of 5 years of demonstrable professional experience in penetration testing, with a strong emphasis on understanding, emulating, and leveraging adversarial tactics and threat intelligence.
* Comprehensive understanding of OT and IT asset profiles, technologies, and security best practice principles, with a proven ability to contextualize them within the current threat landscape.
* In-depth knowledge of network protocols, cryptography, security vulnerabilities, and common attack vectors employed by sophisticated threat actors.
* Demonstrated proficiency in utilizing a wide range of penetration testing tools and methodologies, including those specifically used for threat intelligence analysis and application.
* Proven experience in scoping and executing complex penetration tests, particularly those directly informed and driven by threat intelligence.
* Exceptional written and verbal communication skills, with the ability to articulate complex technical findings and nuanced threat intelligence insights clearly and concisely to diverse audiences.
* Strong organizational and time management skills, with a proven ability to effectively manage and prioritize multiple concurrent engagements.
* Current CREST CRT certification or higher is essential.
* Must hold or be eligible for SC Clearance.
* Experience with Breach Attack Simulation tools and methodologies.
* Experience in Vulnerability Management processes and integrating threat intelligence.
* Understanding of Risk Management frameworks and how threat intelligence informs risk assessments.
* Hands-on experience with security reviews of AWS, Azure, and GCP environments, incorporating cloud-specific threats.
* Experience with ISO 27001 auditing/implementation, understanding the role of threat intelligence in compliance.
* Other advanced cybersecurity certifications such as CISM, CISSP, ECSA, CREST CCT.
#J-18808-Ljbffr