The Managing Consultant is primarily responsible for managing a team of offensive security consultants and ensuring that the quality of work performed aligns with our standards and client expectations. Secondarily, the Managing Consultant will also execute and deliver client engagements, including penetration tests, threat and vulnerability assessments, purple team engagements, ransomware exposure assessments, and custom assessments designed to meet our clients’ needs. The following high-level goals and objectives are expected to be met by the Managing Consultant.
- Engaged and High Performing Teams
The Managing Consultant plays a critical role in setting the strategy for the offensive security work we perform, staffing the team with the top-tier talent, and creating an environment where consultants can thrive personally and professionally.
- Strategic Planning
Aligning capabilities with client needs and maximizing quality and efficiency is imperative in consulting. The Managing Consultant will continually evaluate how we deliver our consulting engagements, including methodology and technology enablement, to ensure we achieve these objectives. Strategically, the Managing Consultant will be instrumental in helping anticipate client needs and establishing those capabilities on the team.
- Excellence in Project Delivery and Client Relationships
All Security services are designed to forge a trusted partnership with our clients. This comes from ensuring that all security services are delivered with excellence and are executed in a timely manner. Regular communication with clients and the Security Advisory Services team is equally important to ensure that expectations are being met.
- Technical Expertise in Delivered Services
The Managing Consultant is expected to demonstrate technical expertise when delivering our services. Gaps in technical proficiency should be communicated prior to project execution to ensure clients receive expected value. Identified gaps will be used to guide training objectives
- Ownership of Unique or Complex Projects
We offers a wide breadth of service offerings that range from shorter term assessments to more involved, custom security services. The Managing Consultant may be responsible for taking ownership of these projects and client relationships to ensure that unique or complex projects are delivered successfully.
- Prior experience as Lead/Managing Consultant or equivalent corporate experience, such as Manager of Red Team Operations with a record for overseeing offensive security projects such as:
- Threat and Vulnerability Assessments
- Penetration Testing
- Web Application Security Assessments
- Social Engineering
- Proven ability to build and manage high performing teams; and who is adept at communicating clearly, listening, giving feedback, prioritizing, and cultivating skills with individual staff.
- Expert knowledge of offensive security testing, exploitation, and remediation across a range of infrastructure technologies and applications
- Working knowledge of network and systems architecture
- Network segmentation
- Intrusion Detection Systems
- Web application architecture
- Active Directory
- Advanced understanding of how major application layer protocols function (e.g., HTTP, SMTP, DNS, Kerberos)
- Advanced knowledge of categories of malware and how they function (e.g., rootkits, trojans, adware, ransomware)
- Advanced knowledge related to vulnerabilities and attack vectors such as:
- SQL Injection
- Brute force attacks
- Active Directory exploitation
- Malware infection vectors
- Phishing attacks
- Drive-by/Redirection attacks
- Experience performing security assessments on multiple operating systems (Windows, Linux, Unix, OSX)
Experience, Education, and Certifications
- Minimum of 10 years’ experience working in security consulting or equivalent internal roles
- Minimum of two years’ experience successfully mentoring/managing staff
- Bachelor’s degree or equivalent experience
- Offensive security certification(s) expected for this role (e.g., OSCP or similar)