Lead Consultant, Security Testing and Red Team

**Requirements**:

- Familiar with cyber security principles, policies, and industry best practices.
- Experienced in consulting, including internal and client-facing experiences.
- Possess relevant cybersecurity certifications or accredited experience from CTF.
- Ability to travel overseas when required.
- Familiar with system administration on various operating systems flavors (Linux and Windows).
- Familiar with programming/scripting languages such as.NET, Python, Bash, and PowerShell.
- Good understanding of Active Directory and Windows environment.

**Preferred Qualifications/Skills**:

- Experienced with tools such as Bloodhound, TinyShell, and the likes.
- Cyber Security Certifications (e.g. OSCP, SEC564, SEC660, CREST).
- Minimum of 5 to 8 years in the role of Penetration Tester.
- Ability to think unconventionally, disruptively, and like an adversary.
- He/She is expected to lead multiple engagements, orchestrating and supporting his teams to deliver on agreed objectives. The lead will be expected to work in challenging environments and deliver under pressure while maintaining good working relationships with customers.
- The role focuses on competence in technical delivery but requires an aptitude for consultancy and management. He/she will be required to manage and mentor the pentest team.

**Duties & Responsibilities**:

- Plan and execute complex Penetration tests.
- Lead Project Delivery in planning and arranging pentest activities, assigning personnel, and managing workloads.
- Deliver both technical and management engagement presentations.
- Maintain a good working knowledge of threat actors and their Tactics, Techniques, and Procedures (TTP’s).
- Co-ordinated delivery of risk workshops, Threat Intelligence handover, and project set up meetings with customers.
- Create robust and coherent test plans, or provide quality assurance of any test plans.
- Maintain proficient knowledge of regulatory frameworks, laws and their legal implications, operational security, and their impacts on the team.
- Support the sales team in the procurement of pentest services.
- Responding to RFP's and other proposals.
- Presales to support the effective communication of the pentest service and set appropriate expectations.
- Onsite presentation of pentest service to executive-level audiences.
- Regular training provided to the sales team to upskill the knowledge of the pentest service and current terminology.
- Reporting: Create high-quality and thorough technical and management reports, which are appropriately directed to their intended audience.
- Providing Quality Assurance services, confirming either the relevant technical or management quality, as well as the report being coherent and written to a high standard.
- Coach and mentor pentest members, providing support to all aspects of the job, technical, procedural, and social.
- Maintain the pentest methodology and supporting documentation/processes.
- Strong leadership, managing a team of testers, assigning workload, and utilizing the different skillsets to achieve objectives.
- Maintain a focus on client objectives and have the ability to manage time and client expectations.
- Develop brand reputation across the industry, this could be in the form of training, workshops, conference talks, or blogs.

**Skills/Experience Required**:

- 5 years of experience in leading and technical delivery of complex pentest engagements.
- Strong technical, social, and presentation skills.
- Strong influence, negotiation, and relationship management skills.
- Good written and speaking English skills.
- Analytical/problem-solving skills.
- Ability to lead, teach, present, and inspire the wider team.
- Highly proficient with multiple C2 frameworks and capable of modifying or creating tooling to overcome technical challenges.
- Offensive Security OSCP, OSCE & CREST CCSAM, CCSAS, or equivalent level of IT security-related certification/knowledge.
- Knowledge and experience in scripting or programming languages (ex. Python, Perl, Ruby, PowerShell, C, C#, Java) in order to develop custom scripts or tools.
- Knowledge of adversary tactics and threat modeling.
- Understanding of the global regulatory landscape for technology and cyber risk.