Our client is seeking a highly technical Contractor, Offensive Security Specialist to join their team. This role involves simulating real-world cyberattacks to identify vulnerabilities in our systems, networks, and applications, and providing recommendations to strengthen security. The ideal candidate has hands-on experience in penetration testing, red team operations, and adversary emulation.
KEY RESPONSIBILITIES:
Penetration Testing: Conduct ethical hacking on web applications, networks, and systems. Perform vulnerability and risk assessments, develop manual and automated testing procedures (black-box/white-box), and provide detailed reports with remediation recommendations.
Red/Purple Team Operations: Execute red teaming exercises to simulate advanced threats (APTs), evading security controls and testing incident response. Perform social engineering and develop advanced adversary tactics (exploitation, lateral movement, data exfiltration).
Collaboration: Work with IT and development teams to implement security best practices. Communicate technical findings and actionable recommendations to all stakeholders.
REQUIRED SKILLS & QUALIFICATIONS:
Proven experience in offensive security or ethical hacking in an enterprise environment.
Strong understanding of networking, operating systems (Windows, Linux), web application architectures, and cloud security.
Expertise in offensive security tools, exploiting common vulnerabilities (e.G., OWASP Top 10), and the latest attack vectors.
In-depth knowledge of penetration testing methodologies (e.G., OSCP, PTES).
Familiarity with scripting, automation, and security/compliance frameworks (NIST, PCI-DSS). Experience with cloud/OT/ICS attacks is highly desirable.
DESIRABLE:
Certifications: Offensive Security Certified Professional (OSCP), Certified Red Team Professional (CRTP), GIAC Penetration Tester (GPEN), Certified Expert Penetration Tester (CEPT), or Certified Incident Handler (GCIH).
Soft Skills: Strong problem-solving, attention to detail, communication, and adaptability.
