Senior Offensive Security Consultant

About Us At Stratascale, we are a dynamic digital and cybersecurity services company dedicated to empowering Fortune 1000 companies to effectively harness technology, drive business growth, and swiftly adapt to market changes. We champion what we call Digital Agility. Job Overview We are on the lookout for a Senior Offensive Security Consultant to join our Adversarial Operations team. In this pivotal role, you will spearhead the development and delivery of a comprehensive suite of threat management consulting services, penetration testing, and operational services tailored to our diverse clientele. This is a remote position, with a Home Office setup determined by Stratascale management. Key Responsibilities Conduct penetration tests across complex environments, including external, internal, and web application scenarios. Analyze attack surfaces and threat landscapes, recommending vulnerability improvements based on client assessments. Perform thorough assessments and threat modeling in line with industry best practices to identify control weaknesses. Conduct root cause analyses on vulnerabilities, proposing effective technical solutions and remediation strategies. Collaborate with client security teams to discuss and strategize against identified vulnerabilities. Evaluate threat intelligence relevant to client industries to enhance attack path modeling. Quantify and communicate business risks and the impacts of vulnerabilities to clients and their stakeholders effectively. Provide expertise in remediation, cloud security, governance, compliance, and core infrastructure systems. Assist clients with strategies, technical analysis, compliance assessments, and platform usage, including automation strategies. Create and present governance models, security frameworks, compliance reports, and security assessments. Collaborate with internal sales and technical teams to support solution sales cycles and ensure successful solution delivery. Identify customer needs and proactively recommend suitable solutions while spotting areas for improvement. Lead consulting projects by developing deliverables, ensuring client satisfaction throughout the process. Create training materials and conduct workforce development programs, available both in person and online. Engage in technical meetings to provide guidance and facilitate discussions. Stay current with new technologies, industry trends, and emerging practices. Collaborate with other practice leaders and mentor team members to refine capabilities. Desired Competencies Communication: Effectively convey complex ideas to diverse audiences and mentor others in effective communication. Relationship Management: Build strong connections across teams and drive results through effective collaboration. Self-Starter: Independently manage complex initiatives while collaborating with others when needed. Negotiation Skills: Navigate complex negotiations and build consensus among team members. Influence: Inspire teams to pursue shared goals. Business Acumen: Take ownership of significant business initiatives, collaborating with stakeholders to achieve results. Emotional Intelligence: Adapt emotions to suit environments and assist others in doing the same. Attention to Detail: Oversee multiple projects meticulously, identifying inconsistencies to ensure accuracy. Follow-Up: Manage tasks actively and collaborate with others for effective follow-ups. Presentation Skills: Utilize visual aids and storytelling techniques to engage audiences during presentations. Delegation: Delegate tasks effectively across teams, ensuring clarity of roles and responsibilities. Analytical Skills: Employ advanced techniques to dissect complex issues and develop actionable insights. Critical Thinking: Synthesize information from diverse sources to guide strategic decisions. Technical Troubleshooting: Manage complex technical issues collaboratively to find solutions. Skills and Qualifications Expert in planning and executing penetration tests across networks, web and mobile applications, APIs, wireless, and cloud environments. Proficient in offensive security methodologies and frameworks like PTES, OWASP, and MITRE ATT&CK. Extensive hands-on experience with offensive tools and techniques for reconnaissance, exploitation, and data exfiltration. Skilled in assessing cloud services (AWS, Azure, GCP), able to address IAM misconfigurations and provide remediation guidance. Strong abilities in web application testing, focusing on various vulnerabilities and modern application architectures. Knowledgeable in Active Directory and Azure AD attack paths, skilled in simulating enterprise attack scenarios. Experience in social engineering tactics, including legal development of phishing payloads. Ability to automate testing and proof-of-concept creation using scripting languages such as Python and PowerShell. Adept at producing clear exploit proofs-of-concept and comprehensive technical reports. Experience with red/purple team initiatives, translating findings into actionable recommendations. Familiarity with vulnerability management workflows and responsible disclosure practices. Proficient in productivity tools like Word, Excel, and PowerPoint for documentation and reporting. Additional Requirements Bachelor's Degree in a related field or equivalent work experience is required. 5-7 years of hands-on penetration testing/red team experience, especially with mid-to-large enterprises. Willingness to travel for client engagements and events as necessary. Advanced industry certifications such as OSCP, OSWE, or CISSP are preferred. Strong understanding of legal and ethical standards, including client data handling practices. The estimated annual pay range for this position is $165,000 - $205,000, which includes a base salary and bonus. Compensation is based on job-related knowledge, skills, experience, and market location. Benefits may include medical, vision, dental, 401K, and flexible spending accounts. We are an equal opportunity employer and encourage applications from all individuals regardless of gender, disability status, or veteran status.

Created: 2026-03-11