Consultant- Attack and Penetration

At Optiv, we’re on a mission to help our clients make their businesses more secure. We’re one of the fastest-growing companies in a truly essential industry. Join us.

**Who we are looking for**:
An Attack & Penetration Consultant is a highly skilled penetration tester capable of performing complex assessments while maintaining a business focus and meeting client requirements. This position will work both independently and as part of a team to perform Security Assessments including vulnerability assessments, penetration tests, red team assessments, wireless security assessments, and social engineering. An Attack & Penetration Consultant also contributes to the development and continuous improvement of the Security Assessment practice through various team and industry contributions.

**How you'll make an impact**:

- Assess an organization’s network security posture using automated tools and manual techniques to identify and verify common security vulnerabilities.
- Use creative approaches to identify vulnerabilities that are commonly missed in security assessments.
- Exploit vulnerabilities and identify specific, meaningful risks to clients based on industry and business focus.
- Perform complex wireless attacks both against wireless clients and access points.
- Use social engineering techniques to obtain sensitive information, network access and physical access to client sites.
- Assess physical security controls by lock picking, tailgating, dumpster diving and other evasive techniques.
- Execute opportunistic, blended, and chained attack scenarios that combine multiple weaknesses to compromise client environments.
- Create comprehensive assessment reports that clearly identify root cause and remediation strategies.
- Interface with client personnel to gather information, clarify scope and investigate security controls.
- Execute projects using established methodology, tools, and documentation.
- Collaborate with other team members and practices to complete client projects and practice contributions.
- Provide support in the ongoing development of security assessment offerings through tool creation and process improvement.
- Perform other duties as assigned.

**Qualifications for success**:

- Prior experience performing Vulnerability Assessments, Penetration Tests, Wireless Security Assessments and or Social Engineering to enterprise-level organizations.
- Ability to travel 25-40% of the time to client sites.
- OSCP, OSEP, OSWE certifications strongly preferred
- Bachelor’s Degree from a four-year college or university in Information Assurance, Computer Science, Management Information Systems, or related area of study; or related experience and/or training; or equivalent combination of education and experience strongly preferred.

Demonstrated ability to deliver projects using well-defined methodology across various security assessment disciplines including:

- Ability to combine multiple separate findings to execute complex attacks.
- Ability to manually validate vulnerabilities identified during assessments.
- Ability to identify, describe and report vulnerabilities and standard remediation activities, to include clear demonstration of risk to clients through post-exploitation activities required.
- Mastery of commercial and open-source security tools required (Nessus, Nexpose, SAINT, Qualys, Burp, Nmap, Kali, Metasploit, Meterpreter, Wireshark, Kismet, Aircrack-ng etc.).
- Familiarity with many different network architectures, network services, system types, network devices, development platforms and software suites required (Linux, Windows, Cisco, Oracle, Active Directory, JBoss,.NET, etc.) required.
- Familiarity with command and control (C2) frameworks, such as Cobalt Strike, Mythic, Covenant, etc.
- Passion for creating tools and automation to make common tasks more efficient preferred.
- Knowledge of programming and scripting for development of security tools preferred.
- Demonstrated ability to create comprehensive assessment reports required.
- Must be able to work well with customers and self-manage through difficult situations, focus on client satisfaction.
- Ability to convey complex technical security concepts to technical and non-technical audiences including executives required.
- Ability to work both independently as well as on teams required.
- Willingness to collaborate and share knowledge with team members required.
- Proven ability to review and revise reports written by peers required.
- Demonstrated effective time management skills, ability to balance multiple projects simultaneously and the ability to take on large and complex projects with little or no supervision required.

**With Optiv you can expect**:

- A company committed to championing Diversity, Equality, and Inclusion through our Affinity groups including, Black Employee Network, Disabled Employee Network, Latino Employee Network, Optiv Pride (LGBTQIA+), Veterans Support Network, and Women's Network.
- Work/life b