Skills

Penetration Testing Incident Response Encryption Ethical Hacking Cloud Security Scripting and Automation Test Problem-solving Networking Attention to detail Training Linux Operating Systems Windows Organization

Job Specifications

WORK ILLUSTRATION:

We are seeking a highly skilled and motivated Contractor, Offensive Security Specialist to join our security team. This is a highly technical role which involves simulating real-world cyberattacks to identify vulnerabilities in our systems, networks, and applications, and providing recommendations to strengthen our security posture. The ideal candidate will have hands-on experience in penetration testing, red team operations, and adversary emulation, along with a passion for staying on the cutting edge.

KEY RESPONSIBILITIES:

Penetration Testing:

Conduct ethical hacking assessments on web applications, networks, systems, and wireless environments to identify vulnerabilities.
Perform vulnerability assessments using novel, and industry-standard tools and techniques.
Develop and execute manual and automated penetration testing procedures, including black-box and white-box testing.
Perform risk assessments to evaluate the severity of discovered weaknesses.
Provide detailed written reports on vulnerabilities, exploitation techniques, and recommendations for remediation.
Collaborate with development teams and system administrators to implement security best practices across the technology stack, as applicable.

Red/Purple Team Operations:

Conduct red teaming exercises to simulate advanced persistent threats (APTs) likely to target the organization's environment, focusing on evading detection and bypassing security controls.
Simulate attacks to test incident response and security operations team responses to realistic threat scenarios.
Perform social engineering assessments, including phishing campaigns, to evaluate human vulnerabilities.
Develop and execute advanced adversary tactics to test the organization’s defenses, including exploitation, lateral movement, privilege escalation, data exfiltration and encryption.
Lead or support tabletop exercises and training sessions to improve awareness and response protocols.

Collaboration and Reporting:

Work closely with other IT teams to ensure comprehensive coverage of security controls.
Provide actionable recommendations to reduce risk and improve the organization’s security posture.
Communicate findings to both technical and non-technical stakeholders in clear and concise reports.
Mentor and train junior team members and other security staff on offensive security techniques.

REQUIRED SKILLS & QUALIFICATIONS:

Proven experience in offensive security, or ethical hacking in an enterprise environment.
Strong understanding of networking protocols, operating systems (Windows, Linux), web application architectures, and cloud security.
Expertise in commonly used offensive security tools.
Familiarity with scripting and automation tools.
Experience with exploiting common vulnerabilities (e.g., OWASP Top 10) and the latest attack vectors (e.g., Ransomware, Supply Chain Attacks).
In-depth knowledge of penetration testing techniques and methodologies (e.g., OSCP, PTES, NIST SP 800-115, etc.).
Experience in simulating attacks against cloud infrastructure and OT/ICS systems are a big plus.
Familiarity with security frameworks and compliance standards (NIST, PCI-DSS, GDPR, etc.).

DESIRABLE CERTIFICATIONS:

While certifications are not mandatory, the following certifications are highly valued for this position:

Offensive Security Certified Professional (OSCP)
Certified Red Team Professional (CRTP) - Focuses on adversary simulation and red teaming skills.
GIAC Penetration Tester (GPEN) - Demonstrates expertise in penetration testing methodologies.
Certified Expert Penetration Tester (CEPT) - Advanced penetration testing certification.
Certified Incident Handler (GCIH) - Strong knowledge of incident response and handling breaches.

DESIRABLE SOFT SKILLS

Problem-solving skills: Ability to think like an attacker and work through complex problems creatively.
Attention to detail: Ensuring thorough testing and identification of all in-scope vulnerabilities.

About the Company

We are leaders in specialist recruitment and workforce solutions, offering advisory services such as learning and skill development, career transitions and employer brand positioning. As the Leadership Partner to our customers, we invest in lifelong partnerships that empower people and businesses to succeed. We help you achieve your career goals and deliver your business needs by combining meaningful innovation with our global scale and insights. Last year we helped over 280,000 people find their next career. Join the mill... Know more