DirectDefense

Role Description The Senior Security Consultant at DirectDefense will be a crucial member of our cybersecurity team. They are responsible for identifying security vulnerabilities within our clients’ environments and providing technical remediation guidance. This role involves conducting comprehensive penetration tests, performing detailed vulnerability assessments, and leading Red Team engagements to simulate sophisticated attacks. The ideal candidate will possess extensive technical expertise, a deep understanding of both offensive and defensive IT concepts, and the ability to communicate complex security issues effectively. With a focus on staying current with the latest vulnerabilities and technology trends, the Senior Security Consultant will develop and execute proof-of-concept exploits, create detailed reports, and recommend improvements to enhance clients' security postures. This position also involves mentoring junior testers and contributing to the development of innovative testing tools and methodologies. Responsibilities - Conduct comprehensive penetration tests to identify security vulnerabilities, assess their impact, and develop actionable remediation strategies. - Perform detailed vulnerability assessments and analyses of client networks, systems, servers, and other infrastructure components. - Lead Red Team exercises to simulate advanced persistent threats and measure an organization’s readiness to detect, respond, and mitigate attacks. - Stay up to date with the latest vulnerabilities, technology trends, threat landscapes, and offensive toolkits used in penetration testing. Apply this knowledge to enhance testing methodologies. - Develop and execute proof-of-concept exploits to demonstrate the impact and severity of identified vulnerabilities. - Create comprehensive, accurate, and detailed reports and presentations for both technical and executive audiences, clearly communicating findings, risks, and remediation recommendations. - Design and develop scripts, tools, and methodologies to improve testing processes and efficiencies. - Mentor and guide less experienced penetration testers, fostering a culture of continuous learning and professional development. - Assist in scoping prospective engagements, managing client expectations, and lead engagements from kickoff through remediation. - Evaluate and recommend improvements to clients’ security architectures, ensuring robust and resilient defenses. Qualifications - 5-10 years of hands-on experience in network/infrastructure security and penetration testing. - Extensive knowledge of offensive toolkits and techniques used in network/infrastructure penetration testing. - Strong grasp of both offensive and defensive IT concepts, including common attack vectors and defense mechanisms. - Proven ability to stay current with the latest vulnerabilities, technology trends, and threat landscapes. - Exceptional ability to develop proof-of-concept exploits that accurately demonstrate identified vulnerabilities. - Excellent written and verbal communication skills, capable of conveying complex security topics in a clear, concise, and understandable manner to diverse audiences. - Professional certifications such as OSCP and OSEP are highly preferred. - Ability to travel up to 25%. Requirements - Salary range: $130,000 - $170,000 - Bonus: Up to 15% Annual Bonus Benefits - 401(k) - AD&D Insurance - Dental Insurance - Disability insurance - Health insurance - Life insurance - Vision insurance - Flex PTO program - Paid certification and continuing education Career Development - Opportunities for professional growth and development within the company. - Access to training programs and certifications. - Participation in industry conferences and workshops. Application Instructions To apply, please submit your resume and cover letter through our online application portal. Applications will be reviewed on a rolling basis until the position is filled.

Role Description The Infrastructure Security Practice Manager plays a key role at DirectDefense as a leader on our technical team, directing the execution of penetration testing, adversary emulation, and vulnerability assessment engagements across client environments. Additionally, they lead a team conducting formal tests and offensive security assessments across a wide range of systems, networks, servers, databases, and other infrastructure components to measure an organization’s susceptibility to compromise. Key success factors include: - Staying current with the latest vulnerabilities and technological trends. - Developing proofs of concept that accurately and effectively demonstrate discovered vulnerabilities. - Communicating findings and recommendations clearly in writing and verbally. Responsibilities: - Lead and manage a team of ~10 consultants delivering network and infrastructure penetration testing, red and purple team engagements, wireless and social engineering assessments, vulnerability assessments, and high-level web application testing. - Lead engagements end-to-end, from scoping and kickoff through execution, reporting, and remediation support. - Develop comprehensive and accurate reports and presentations tailored to both technical and executive audiences. - Work closely with sales and project management to scope prospective engagements, manage client relationships, perform pre-sales scoping, and identify opportunities for follow-on work. - Build and maintain trusted, impactful client relationships, serving as a senior point of contact for Infrastructure Security matters. - Manage, mentor, and develop team members, providing technical guidance and career growth support. - Own practice-level financial performance, including revenue forecasting and targets, P&L oversight, and utilization management for the team. - Develop and manage the annual practice budget, including headcount planning, tooling investments, and lab infrastructure. - Recognize and safely utilize attacker tools, tactics, and procedures. - Develop and refine scripts, tools, and methodologies – aligned with frameworks such as MITRE ATT&CK to improve team efficiency and testing quality and enhance team processes. - Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff. - Assess, monitor, and recommend improvements to our client’s security architecture. - Review audits and evaluate security solutions and designs. - Proactively identify technical and architectural risks in client environments, providing actionable recommendations and alternatives. - Represent the practice externally through thought leadership activities such as conference presentations, blog posts, published research, or open-source tool contributions. - Evaluate and manage third-party vendor relationships, including offensive software tooling and software platforms. Qualifications - 10-15 years of experience within network/infrastructure security, adversary emulation, and/or penetration testing, with progressive leadership experience. - Demonstrated experience managing or leading a technical consulting team. - Strong familiarity with offensive toolkits and methodologies used for in-network/infrastructure penetration testing and adversary emulation (e.g., C2 frameworks, AD attack paths, network pivoting, defense evasion). - A solid understanding of both offensive and defensive security IT concepts, including common enterprise architectures and controls. - Experience scoping and delivering consulting engagements in a client-facing environment. - Experience with practice or business unit financial management (revenue targets, utilization, budgeting) preferred. - Strong written and verbal communication skills, with experience producing and presenting executive-level deliverables. - OSCP, OSEP, CRTO, or equivalent offensive certifications preferred; CISSP or similar management-level certifications a plus. - Up to 25-30% of travel. Requirements - OSCP and OSEP certification preferred. - Willingness to travel up to 25–30%. Benefits - 401(k) - AD&D Insurance - Dental Insurance - Disability insurance - Health insurance - Life insurance - Vision insurance - Flex PTO program - Paid certification and continuing education - Work schedule: Monday through Friday - Work hours: 40 hours a week