Senior Offensive Security Specialist

About Us At Stratascale, we are a dynamic digital and cybersecurity services company dedicated to empowering Fortune 1000 companies to harness technology, drive business growth, and swiftly adapt to market changes. We champion what we call Digital Agility. Job Overview We seek a skilled Senior Offensive Security Specialist to join our Adversarial Operations team. In this crucial role, you will lead the development and delivery of comprehensive threat management consulting services, penetration testing, and operational services tailored to meet the needs of our diverse clientele. This position allows for remote work, with your home office setup coordinated by Stratascale management. Key Responsibilities Perform penetration tests on various environments, including external, internal, and web application scenarios. Analyze attack surfaces and threat landscapes, offering vulnerability improvement recommendations based on client assessments. Conduct thorough assessments and threat modeling in alignment with industry best practices to identify control weaknesses. Execute root cause analyses on vulnerabilities, proposing effective technical solutions and remediation strategies. Collaborate with client security teams to strategize against identified vulnerabilities. Evaluate relevant threat intelligence to enhance attack path modeling for client industries. Quantify and communicate business risks and impacts of vulnerabilities to clients and stakeholders. Provide expertise in remediation, cloud security, governance, compliance, and core infrastructure systems. Assist clients with strategies, technical analysis, compliance assessments, and platform use, including automation strategies. Create and present governance models, security frameworks, compliance reports, and exhaustive security assessments. Work with internal sales and technical teams to support solution sales cycles and ensure successful solution delivery. Identify customer needs and proactively recommend appropriate solutions while detecting areas for improvement. Lead consulting projects, preparing deliverables and ensuring client satisfaction throughout the engagement. Develop training materials and conduct workforce development programs, available both in person and online. Engage in technical meetings to provide guidance and facilitate discussions. Stay updated with emerging technologies, industry trends, and best practices. Collaborate with other practice leaders and mentor team members to refine capabilities. Desired Competencies Communication: Clearly convey complex ideas to diverse audiences and mentor others in effective communication. Relationship Management: Build strong connections across teams to drive results through effective collaboration. Self-Starter: Independently manage complex initiatives while collaborating with others as necessary. Negotiation Skills: Navigate complex negotiations and foster consensus among team members. Influence: Inspire teams to pursue shared objectives. Business Acumen: Take ownership of significant business initiatives, collaborating with stakeholders to achieve results. Emotional Intelligence: Adapt emotions to suit environments and aid others in doing the same. Attention to Detail: Oversee multiple projects meticulously, ensuring accuracy by identifying inconsistencies. Follow-Up: Actively manage tasks and collaborate with others for effective follow-ups. Presentation Skills: Utilize visual aids and storytelling techniques to engage audiences during presentations. Delegation: Effectively delegate tasks across teams, ensuring clarity of roles and responsibilities. Analytical Skills: Use advanced techniques to analyze complex issues and develop actionable insights. Critical Thinking: Synthesize information from various sources to guide strategic decisions. Technical Troubleshooting: Collaborate to manage complex technical issues and identify solutions. Skills and Qualifications Expert in planning and executing penetration tests across networks, web and mobile applications, APIs, wireless, and cloud environments. Proficient in offensive security methodologies and frameworks such as PTES, OWASP, and MITRE ATT&CK. Extensive hands-on experience with offensive tools and techniques for reconnaissance, exploitation, and data exfiltration. Skilled in assessing cloud services (AWS, Azure, GCP), addressing IAM misconfigurations, and providing remediation guidance. Strong capabilities in web application testing, focusing on various vulnerabilities and modern application architectures. Knowledgeable in Active Directory and Azure AD attack paths, with skills in simulating enterprise attack scenarios. Experienced in social engineering tactics, including the legal development of phishing payloads. Ability to automate testing and proof-of-concept creation using scripting languages such as Python and PowerShell. Capable of producing clear exploit proofs-of-concept and comprehensive technical reports. Experience with red/purple team initiatives, translating findings into actionable recommendations. Familiar with vulnerability management workflows and responsible disclosure practices. Proficient with productivity tools like Word, Excel, and PowerPoint for documentation and reporting. Additional Requirements Bachelor's Degree in a related field or equivalent work experience is required. 5-7 years of hands-on penetration testing/red team experience, particularly with mid-to-large enterprises. Willingness to travel for client engagements and events as needed. Advanced industry certifications such as OSCP, OSWE, or CISSP are preferred. Strong understanding of legal and ethical standards, including best practices for client data handling. The estimated annual pay range for this position is $165,000 - $205,000, which includes base salary and bonus components. Compensation is based on job-related knowledge, skills, experience, and market location. Benefits may include medical, vision, dental, 401K, and flexible spending accounts. We are an equal opportunity employer and encourage applications from individuals of all backgrounds regardless of gender, disability status, or veteran status.

Created: 2026-03-04