Senior Security Consultant

The Senior Security Consultant at DirectDefense will be a crucial member of our cybersecurity team. They are responsible for identifying security vulnerabilities within our clients’ environments and providing technical remediation guidance. This role involves conducting comprehensive penetration tests, performing detailed vulnerability assessments, and leading Red Team engagements to simulate sophisticated attacks. The ideal candidate will possess extensive technical expertise, a deep understanding of both offensive and defensive IT concepts, and the ability to communicate complex security issues effectively. With a focus on staying current with the latest vulnerabilities and technology trends, the Senior Security Consultant will develop and execute proof-of-concept exploits, create detailed reports, and recommend improvements to enhance clients' security postures. This position also involves mentoring junior testers and contributing to the development of innovative testing tools and methodologies.

Responsibilities:

• Conduct comprehensive penetration tests to identify security vulnerabilities, assess their impact, and develop actionable remediation strategies.
• Perform detailed vulnerability assessments and analyses of client networks, systems, servers, and other infrastructure components.
• Lead Red Team exercises to simulate advanced persistent threats and measure an organization’s readiness to detect, respond, and mitigate attacks.
• Stay up to date with the latest vulnerabilities, technology trends, threat landscapes, and offensive toolkits used in penetration testing. Apply this knowledge to enhance testing methodologies.
• Develop and execute proof-of-concept exploits to demonstrate the impact and severity of identified vulnerabilities.
• Create comprehensive, accurate, and detailed reports and presentations for both technical and executive audiences, clearly communicating findings, risks, and remediation recommendations.
• Design and develop scripts, tools, and methodologies to improve testing processes and efficiencies.
• Mentor and guide less experienced penetration testers, fostering a culture of continuous learning and professional development.
• Assist in scoping prospective engagements, managing client expectations, and lead engagements from kickoff through remediation.
• Evaluate and recommend improvements to clients’ security architectures, ensuring robust and resilient defenses.

Qualifications:

• 5-10 years of hands-on experience in network/infrastructure security and penetration testing.
• Extensive knowledge of offensive toolkits and techniques used in network/infrastructure penetration testing.
• Strong grasp of both offensive and defensive IT concepts, including common attack vectors and defense mechanisms.
• Proven ability to stay current with the latest vulnerabilities, technology trends, and threat landscapes.
• Exceptional ability to develop proof-of-concept exploits that accurately demonstrate identified vulnerabilities.
• Excellent written and verbal communication skills, capable of conveying complex security topics in a clear, concise, and understandable manner to diverse audiences.
• Professional certifications such as OSCP and OSEP are highly preferred.
• Ability to travel up to 25%

Salary range: $130,000 - $170,000

Bonus: Up to15% Annual Bonus

Benefits include:

• 401(k)
• AD&D Insurance
• Dental Insurance
• Disability insurance
• Health insurance
• Life insurance
• Vision insurance
• Flex PTO program
• Paid certification and continuing education

Career Development:

• Opportunities for professional growth and development within the company.
• Access to training programs and certifications.
• Participation in industry conferences and workshops.

Application Instructions: To apply, please submit your resume and cover letter through our online application portal. Applications will be reviewed on a rolling basis until the position is filled.

A little about DirectDefense

Since coming together in 2011 to form DirectDefense, our team has been committed to offering unmatched Cybersecurity defense strategies in the industry. Whether we are performing assessments of networks, platforms, and applications or applying managed services to improve your organization’s security posture, we are focused on providing world-class services that don’t just work–they work for you.

OUR MISSION

We establish partnerships with our clients based on trust and results. We leverage our deep industry knowledge and expertise to identify and remediate blind spots in your security program, provide meaningful visibility of your entire enterprise, and align your organization with security best practices and compliance standards.

OUR VISION

We aim to secure organizations across all industries against advanced threats and attacks in today’s world. Acting in partnership with organizations, we will provide unmatched information security services designed to improve your overall security posture, close gaps, and track vulnerabilities on an ongoing basis through continued education and support.

EEO COMMITMENT

We’re an equal employment opportunity/affirmative action employer that empowers our people to drive change fearlessly – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.

In accordance with applicable state laws, we are providing a good-faith estimate of the compensation range for this role. The anticipated salary range for this position is $130,000 to $170,000 per year. Actual compensation will be based on a variety of factors, including but not limited to the candidate’s qualifications, experience, skills, and location. This position may also be eligible for bonus incentives and a comprehensive benefits package.