Principal Consultant, Offensive Security, Proactive Services (Unit 42)
Location
United States
Posted
3 days ago
Salary
$151K - $208K / year
Seniority
Lead
Job Description
Principal Consultant, Offensive Security, Proactive Services (Unit 42)
Palo Alto Networks
Role Description As a Principal Consultant on the Offensive Security team, you will be a key leader in assessing and challenging the security posture of a diverse client portfolio. You will leverage a variety of advanced tools and methodologies to act as the client's advocate for cybersecurity best practices. This role is critical in providing strong, actionable recommendations to enhance our clients' defenses against sophisticated threats. Key Responsibilities - Conduct comprehensive penetration tests (network, web application, cloud, mobile) to identify and exploit vulnerabilities. - Develop custom scripts, tools, and methodologies to automate and enhance offensive security engagements and internal processes. - Lead client engagements, clearly articulating testing approaches and methodologies to both technical and executive audiences. - Generate detailed reports that communicate test results, identified risks, and concrete remediation recommendations to clients. - Perform cyber risk assessments using industry frameworks such as NIST CSF, ISO 27001, and CIS Top 20. - Conduct threat hunting and compromise assessment engagements to identify active or dormant indicators of compromise (IoCs) in client environments. - Proactively collaborate with internal teams and clients, exchanging information to ensure alignment and accomplish shared security objectives. - Assist in scoping new opportunities and developing internal infrastructure for offensive security research and development. Qualifications - Bachelor’s Degree in Information Security, Computer Science, or a related field, or equivalent professional experience. - 6+ years of professional experience in information security, with a focus on penetration testing and vulnerability assessments. - Expertise with security assessment tools such as Metasploit, Burp Suite Pro, Cobalt Strike, Nessus, and Bloodhound. - Proficiency in scripting or programming with languages like Python, PowerShell, Ruby, or C++. - Demonstrated experience in conducting penetration tests across various environments including Windows, Linux, and cloud platforms (AWS, GCP, Azure). Preferred Qualifications - Experience managing or mentoring junior consultants on security engagements. - Certifications such as OSCP, OSCE, GPEN, GWAPT, or GXPN. - Experience with public speaking, publishing research, or contributing to the security community. - Knowledge of computer forensic tools, technologies, and incident response methods. Compensation Disclosure The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/commissioned roles) is expected to be the annual range listed below. The offered compensation may also include restricted stock units and a bonus. $151,000.00 - $208,000.00/yr Our Commitment We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together. We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at accommodations@paloaltonetworks.com. Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics. All your information will be kept confidential according to EEO guidelines. Is role eligible for Immigration Sponsorship? No. Please note that we will not sponsor applicants for work visas for this position.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Security and Compliance Associate
Habitat LearnOur philosophy is simple, design for the future, for everyone.
• Support ongoing compliance activities across SOC 2, ISO 27001, HIPAA, HECVAT, and TX-RAMP • Collect, organize, and maintain audit evidence and security documentation • Help draft and maintain security policies, procedures, and internal standards • Complete security questionnaires and HECVAT submissions for institutional procurement • Maintain a compliance tracker and support audit readiness activities • Review findings from the Humber Digital Tech Hub cybersecurity assessment • Track remediation tasks and help coordinate follow-up with engineering and leadership • Support updates to the risk register and documentation of control gaps and resolutions • Act as an internal coordinator for progress tracking and reporting • Support user access controls, provisioning, and offboarding processes • Assist with vendor security reviews and BAA tracking • Help coordinate internal security awareness and training activities • Support Apple device management processes (MDM, Apple Business Manager) • Support responses to customer security reviews and procurement due diligence requests • Assist in preparing compliance and security status updates for leadership • Stay informed on relevant privacy and data protection regulations (FERPA, PIPEDA, etc.)
Senior Manager – Network Security, Identity
World VisionWorld Vision is an international, Christian humanitarian nonprofit organization that works to end poverty and promote justice. The organization, as an employer,
• Lead Pillar 2 within Global Technology Services (GTS) for global security, performance, and integrity of network infrastructure and identity services. • Manage a small, specialist team: Network Engineers, Network Tech Design Lead, IAM Engineers, and Endpoint Tech Design Lead. • Drive a security-first approach to network design and identity governance. • Oversee firewall configuration, VPN management, Zero Trust network access (ZTNA), and secure remote connectivity. • Define and enforce network security standards in alignment with WVI's GTD Governance framework and CIS Controls v8. • Lead IAM engineering delivery within P2, supporting WVI SDF IAM Programme.
Sr. Specialist Cybersecurity
Magna InternationalFounded in 1957, Magna International is now one of the largest automotive suppliers in the world. Headquartered in Aurora, Ontario, Canada, the company maintains more than 320 manu
Job descriptions may display in multiple languages based on your language selection. What we offer:At Magna, you can expect an engaging and dynamic environment where you can help to develop industry-leading automotive technologies. We invest in our employees, providing them with the support and resources they need to succeed. As a member of our global team, you can expect exciting, varied responsibilities as well as a wide range of development prospects. Because we believe that your career path should be as unique as you are. Group Summary:Transforming mobility. Making automotive technology that is smarter, cleaner, safer and lighter. That’s what we’re passionate about at Magna Powertrain, and we do it by creating world-class powertrain systems. We are a premier supplier for the global automotive industry with full capabilities in design, development, testing and manufacturing of complex powertrain systems. Our name stands for quality, environmental consciousness, and safety. Innovation is what drives us and we drive innovation. Dream big and create the future of mobility at Magna Powertrain. Job Responsibilities: POSITION SUMMARY: At Magna Powertrain, Cybersecurity is of the highest priority. The protection of our data, both internal and external, from threats is paramount to our success. The Sr. Specialist - Group Cybersecurity provides leadership, operational enforcement and monitoring of all Cybersecurity policies at the Group level, liaising closely with Corporate Information Security, IT and other related Functions. Magna Powertrain Global Cybersecurity covers 3 security domains related to Information Technology (IT), Operational Technology (OT), and Product Cybersecurity. The role of the Sr. Specialist - Group Cybersecurity is to ensure that all Cybersecurity requirements and protocols are effectively implemented across all locations. ESSENTIAL DUTIES & RESPONSIBILITIES: Serve as Cybersecurity leader in Magna Powertrain (MPT) for monitoring key security and compliance performance indicators (KPIs), analyze results, and drive corrective actions to address gaps and enhance organizational security posture. Provide guidance and expert advice to different business units in areas IT and OT as it relates to security operations and processes. Provide support for remediation of IT audit findings, collaborating with stakeholders to address identified gaps, monitor corrective actions, and ensure timely closure of audit issues. Assess risks for assets and services, and outline mitigation options and timelines. Conduct AI risk assessments to identify, evaluate, and mitigate potential threats associated with artificial intelligence systems and technologies, ensuring compliance with organizational standards Perform group risk monitoring activities, and assist divisions, in maintaining the respective divisional risk registers, ensuring accurate documentation and timely updates of identified risks. Coordinate OT security efforts by applying controls to safeguard critical assets, and advise on creating, updating, testing, and training disaster recovery and business continuity plans Support and continuously improve the Information Security Management System (ISMS) to ensure effective protection of organizational assets and compliance with relevant standards. Design and consolidate standardized security processes and associated procedures to be implemented across MPT Divisions Create awareness campaigns in partnership with Corporate Information Security and providing training The above is intended to describe the general content of and the requirements for the performance of this position. It is not to be construed as an exhaustive statement of duties, responsibilities, or requirements. QUALIFICATIONS: Bachelors of Science degree in Computer Science, Computer Security, Information Systems, or equivalent proof of baseline knowledge. Strong knowledge of various frameworks/regulations such as ISO 27001/2, TISAX, NIST 800-53, NIST Cybersecurity Framework, GDPR, SOX, ITIL, COBIT, COSO or similar. 8+ years of IT and security experience. Accredited certifications a plus, such as: CISA, CISSP, OSCP, CEH (Certified Ethical Hacker) Previous SOC / NOC experience a plus KEY BEHAVIORAL TRAITS FOR SUCCESS: Well-organized and structured; Able to demonstrate strong communication skills and consistently shares knowledge with colleagues, including maintaining clear and thorough documentation; exhibits self-drive and self-motivation by proactively taking initiative, setting high standards for personal achievement, and continuously seeking opportunities to enhance performance and contribute to team success. Technical/Functional Expertise: Able to demonstrate mastery of the technical/functional skills necessary for performing own job; maintain state-of-the-art knowledge of the advances in field; regularly publish or present on leading-edge issues; conduct leading-edge research or similar work that has organization-wide impact; play a key role in advancements in profession. Flexibility & Achieving Change: Able to positively deal with changes that affect job requirements; adapt to shifting priorities in response to the needs of internal and external customers; quickly recognize situations/conditions where change is needed; work to clarify situations where information, instructions, or objectives are ambiguous; support organizational change. Problem Solving & Analysis: Able to gather appropriate data and diagnose the cause of a problem before taking action; separate causes from symptoms; apply lessons learned from others who encountered similar problems or challenges; anticipate problems and develop contingency plans to deal with them; develop and evaluate alternative courses of action. Creativity & Innovation: Able to generate creative ideas to solve problems and improve work methods; apply novel approaches to situations; independently apply professional expertise in ways that are unique or innovative; collaborate with team members to brainstorm creative approaches; rethink situations to create new opportunities or overcome obstacles. Work Environment: - Office Environment Magna Standards: - Follow Magna’s Code of Conduct and Ethics and related compliance policies. - Supports and adheres to policies, procedures, and operational guidelines related to established quality management system (IATF 16949). - Practice and maintain integrity while following Magna’s Charter and Constitution. - Drive the development of new technologies to improve quality, efficiency and reduce cost. - Comply with safety policies and procedures to ensure duties of self are performed in a safe manner. - Health & Safety responsibilities: - Understand applicable Environmental, Health & Safety policies and procedures in the workplace. - Report unsafe conditions immediately. - Report injuries, accidents, illnesses, near misses, property damage immediately. - Follow safety rules. - Comply with requirements for the use or operation of machines or equipment. - Comply with Personal Protective Equipment (PPE) requirements. - Create a positive work environment by demonstrating and sharing functional/technical knowledge. - Develop and maintain a responsive and cooperative working relationship with internal and external customers. - Treat everyone with dignity, trust and respect. - Complete additional duties and responsibilities as assigned. - Comply with Magna’s information and data protection policies. The above is intended to describe the general content of and the requirements for the performance of this position. It is not to be construed as an exhaustive statement of duties, responsibilities, or requirements. This job description reflects the core elements of a position. There may be additional requirements based on local laws and regulations which could be attached as an addendum. Awareness, Unity, Empowerment:At Magna, we believe that a diverse workforce is critical to our success. That’s why we are proud to be an equal opportunity employer. We hire on the basis of experience and qualifications, and in consideration of job requirements, regardless of, in particular, color, ancestry, religion, gender, origin, sexual orientation, age, citizenship, marital status, disability or gender identity. Magna takes the privacy of your personal information seriously. We discourage you from sending applications via email or traditional mail to comply with GDPR requirements and your local Data Privacy Law. AI-Assisted Screening Disclosure As part of our commitment to a fair, consistent, and efficient recruitment process, we may use artificial intelligence (AI) tools to assist in the initial screening of applications submitted through our Workday system. These tools help identify qualifications and experience that align with the role requirements. Please note that AI is used solely to support our recruiters. Final decisions are always made by the hiring manager and the hiring team. Importantly, no applicant data is shared externally through these AI tools. All information remains securely within our systems and is handled in accordance with our privacy and data protection policies. Under conditions defined by applicable law, you may have the right to request an explanation of how AI is used to support decision-making. If you have any questions or concerns about this process, feel free to contact our Talent Attraction team. Worker Type: Regular / Permanent Group: Magna Powertrain
Director, IT Governance, Risk & Compliance
Mission Critical GroupMission Critical Group (MCG) is an end-to-end power solutions and services provider that accelerates time-to-power and delivers scalable, resilient infrastructure for mission critical environments. By integrating engineering, manufacturing, modular deployment, and lifecycle services under one platform, we streamline execution and bring complex projects online faster - without compromising performance. With more than 1.5 million square feet of U.S. manufacturing capacity, MCG supports data centers, power generation, healthcare, oil & gas, pharmaceuticals, semiconductors, and industrial facilities where uptime is non-negotiable. Mission Critical Group designs, manufactures and provides value-added services for customers requiring critical power solutions. Powering a new electric world for a brighter, more secure future.
Role Description - Develop and maintain the enterprise IT GRC strategy, framework, and roadmap. - Establish governance structures, policies, standards, and procedures for IT and cybersecurity. - Present risk, compliance, and governance updates to executive leadership and governance committees. - Align IT risk management initiatives with business objectives and organizational priorities. - Drive continuous improvement of governance and control processes. Risk Management - Lead enterprise IT risk assessments and risk treatment programs. - Identify, assess, monitor, and report technology and cybersecurity risks. - Maintain IT risk registers and oversee remediation efforts. - Facilitate third-party/vendor risk management programs. - Develop key risk indicators (KRIs) and risk reporting metrics. Compliance Management - Ensure compliance with applicable regulations and frameworks such as: - NIST Cybersecurity Framework (CSF) - NIST 800-53 - ISO 27001 - SOC 1 / SOC 2 - PCI-DSS - HIPAA - GDPR - SOX IT General Controls (ITGC) - CIS Controls - Manage compliance assessments, audits, and certification activities. - Track regulatory changes and evaluate organizational impact. - Coordinate remediation plans for compliance findings. Audit & Controls - Serve as the primary liaison for internal and external auditors. - Develop and maintain IT control frameworks and documentation. - Oversee testing of IT General Controls (ITGCs) and security controls. - Monitor corrective actions resulting from audits and assessments. - Ensure evidence collection and audit readiness across IT functions. Security Governance - Collaborate with cybersecurity leadership on security governance initiatives. - Support security awareness and policy compliance programs. - Measure control effectiveness through metrics and reporting. - Participate in incident response reviews and post-incident risk assessments. - Promote a culture of security and accountability throughout the organization. Leadership & Team Management - Build, mentor, and lead IT GRC professionals. - Establish departmental goals, KPIs, and performance metrics. - Manage GRC budgets, vendors, and consulting engagements. - Foster collaboration among IT, Security, Legal, Privacy, Internal Audit, and business units. Qualifications - Bachelor's degree in Information Technology, Cybersecurity, Information Systems, Risk Management, Business Administration, or related field. - Master's degree preferred. - 10+ years of progressive IT, cybersecurity, audit, risk, or compliance experience. - 5+ years in a leadership or management role. - Experience leading enterprise GRC programs. - Demonstrated experience with regulatory compliance and security frameworks. - Experience working with executive leadership and audit committees. Requirements - CISSP (Certified Information Systems Security Professional) - CISM (Certified Information Security Manager) - CRISC (Certified in Risk and Information Systems Control) - CGEIT (Certified in Governance of Enterprise IT) - CISA (Certified Information Systems Auditor) - ISO 27001 Lead Auditor or Lead Implementer Benefits - Enterprise Risk Management (ERM) - IT Governance Frameworks - Cybersecurity Risk Assessment Methodologies - Audit and Control Testing - Third-Party Risk Management - Policy Development and Management - Security and Compliance Monitoring Tools - Governance, Risk & Compliance Platforms (Archer, ServiceNow GRC, OneTrust, AuditBoard, LogicGate, etc.) - Metrics, Reporting, and Executive Dashboard Development Additional Information - A Note to our Recruitment Partners: We really appreciate the interest, but MCG currently manages hiring through our internal team. We love getting to know our candidates directly! Because of this, we don’t accept unsolicited resumes from agencies at this time. If we ever need an extra hand, we’ll be sure to reach out to the community. Thanks for understanding! - MCG is an equal opportunity employer prohibiting discrimination based on race, color, creed, religion, sex, marital status, physical or mental disability, and any other protected classes stated by applicable federal and state laws. - DVM is committed to providing equal employment opportunities to qualified individuals with disabilities and to act in accordance with regulations and guidance issued by the Equal Employment Opportunity Commission (EEOC).


