Lead Security Consultant - Offensive Security
CyderesPosted 4/7/2025
Lead Security Consultant - Offensive Security
Cyderes
Job Location
Job Summary
Cyderes is seeking a Lead Security Consultant specializing in penetration testing to join their cybersecurity consulting team. The ideal candidate will have 5+ years of hands-on experience in penetration testing and offensive security, with expertise in network protocols, operating systems, web technologies, and application security concepts. They will lead complex security assessments, manage client relationships, and provide technical leadership and mentorship to junior consultants. The role involves conducting vulnerability assessments, exploit development, red team exercises, and threat analysis, as well as producing detailed reports and presenting findings to technical and executive audiences. Cyderes is an Equal Opportunity Employer (EOE) and offers flexible remote work options.
Job Description
Cyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients. We specialize in multi-technology, complex environments with the in speed and agility needed to tackle the most advanced cyber threats. We leverage our global scale and decades of experience to accelerate our clients’ cyber outcomes through a full lifecycle of cybersecurity services. We are a global company with operating centers in the United States, Canada, the United Kingdom, and India.
About the Role:
We are seeking a highly skilled and experienced Lead Security Consultant specializing in penetration testing to join our cybersecurity consulting team. In this role, you will lead complex security assessments, manage client relationships, and provide technical leadership and mentorship to junior consultants. You will work across various industries to help clients identify and mitigate security vulnerabilities in their networks, applications, and systems.
Responsibilities:
- Lead and execute advanced penetration tests across internal/external networks, web/mobile apps, APIs, cloud, and wireless environments
- Perform vulnerability assessments and exploit development to assess system and application security
- Design and conduct red and purple team exercises simulating real-world adversary tactics (TTPs)
- Develop assessment plans and tailor testing methodologies to client environments
- Create detailed, high-quality reports and present findings to technical and executive audiences
- Serve as client-facing lead throughout the engagement lifecycle (scoping to post-delivery support)
- Mentor junior consultants and support development of internal tools and methodologies
- Research emerging threats, attack techniques, and offensive security tools
- Support presales efforts including scoping, proposals, and client presentations
- Conduct threat analysis and provide mitigation guidance based on trends and attack patterns
- Correlate and analyse threat data to identify indicators of compromise and attacker behaviour
- Produce threat intelligence summaries and track evolving trends across industries
- Collaborate on cross-functional research projects under tight deadlines
- Develop tools, scripts, and automated processes to enhance testing and reporting workflows
Requirements:
- 5+ years of hands-on experience in penetration testing and offensive security in of the following areas:
- Executing network, wireless, web application, and API penetration tests
- Experience with Active directory (AD) and Kerberos
- Experience conducting vulnerability management and assessments
- Experience conducting social engineering assessments
- Experience conducting Purple Team and Red Team exercises
- Deep understanding of network protocols, operating systems, web technologies, and application security concepts
- Strong experience with industry-standard tools (e.g., Burp Suite, Cobalt Strike, Metasploit, Nmap, Nessus, etc.)
- Demonstrated experience conducting Red Team operations or simulated adversary engagements
- Proficiency in scripting or coding (Python, Bash, PowerShell, etc.)
- Relevant certifications such as OSCP, OSCE, GPEN, GWAPT, or equivalent
- Excellent communication skills, both written and verbal
- Ability to lead teams and manage client expectations in high-pressure environments
- Source code review for control flow and security flaws
- General knowledge of the MITRE ATT&CK Framework
Cyderes is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, religion, color, sex, age, disability, sexual orientation, genetic information, national origin, or veteran status.
Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position.
