$130000 - $150000
ProCircular is about relationships and trust. Our experts provide practical recommendations to proactively manage risk, meet regulatory commitments, and address the latest cyber threats. We are a fast-growing, boutique cyber & compliance firm that moves fast and offers an opportunity to get in, make a difference and wear many hats. As a privately held entity decisions are made locally.
People are at the center of our philosophy, and quality is the cornerstone. We build trust by being approachable, realistic, and unbiased. Each client’s unique goals guide our work, and every project produces a tangible result and a clear roadmap. We’re passionate about cybersecurity, serious about quality, and built around people.
Not only are we a cool company doing cool things, but we also really care about our employees and encourage an innovative and open environment offering nice and even some unique benefits for our team members to take advantage of. We strive to be flexible and results-driven.
This senior position is responsible for executing tactical penetration testing and red team engagements against a multitude of client networks and applications. You will be expected to apply your security mindset both technically and strategically to ensure results are relevant, realistic, impactful, and clearly communicated both internally and to client stakeholders.
To perform this job successfully, an individual must be able to perform each essential job function satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability. This is not an entry-level position. We are seeking candidates with demonstrated experience.
Essential Job Functions (include but are not limited to the following)
- Demonstrate the ability to perform the following activities:
- Gain a working and business level knowledge of ProCircular engagement toolset.
- Assist, and execute security assessments:
- Host, and service vulnerability assessments and penetration testing (external and internal).
- Web application vulnerability assessments and smoke testing.
- Social engineering engagements (Phishing, Vishing, and Physical).
- Execute War-dial exercises as need arises.
- VPN vulnerability assessments and penetration testing.
- Wireless vulnerability assessments and penetration testing.
- Execution of cloud-based vulnerability assessments and penetration testing.
- Execution of Purple Team Engagements.
- GAP analysis of client security policies and procedures.
- Execution of Tabletop or Attack Simulations.
- Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
- Assist in the development of tools to enhance current automation of service offerings.
- Perform research to identify new ways of achieving your mission.
- Create comprehensive after-action and client-facing deliverable reports.
- Provide accurate, complete, and timely written documentation for all project phases including ongoing status reports and deliverables detailing technical issues identified and their associated business risks.
- Establish & maintain rapport with client technical staff.
- Manage engagement and client related issues, or where appropriate, escalate to the management team or PMO team.
- Identify & recommend improvements in ProCircular’s methodology and internal processes.
- A thought leader in the security space, a senior consultant should perform research and develop. whitepapers/presentations/etc., regarding relevant security topics, tools, and techniques.
- Mentoring of all non-senior level roles to include interns, juniors, and consultants.
- Operate with integrity and accountability. Uphold the values of ProCircular and abide by the Company
The requirements listed below are representative of the knowledge skills and abilities required. Employees who do not possess the requirements for a job at the time of hire will not be considered for the position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Required Skills and Experience:
- Problem solving and path finding ability applicable to all environments regardless of experience level with them
- Deep understanding in red team operations, attacker TTPs, and penetration testing of cloud security, active directory, and application security.
- Experience with attacking cloud-based environments, software development technologies, and web applications
- Demonstrated competency in multiple security disciplines
- Experience with programming and scripting languages, like PowerShell, Python, .NET, C#, etc.).
- Experience with tools including Cobalt Strike, C2 infrastructure, Nmap, Burp Suite.
- Knowledge of MITRE ATT&CK, Kill Chain, and other frameworks or open-source projects and its uses within the cyber security community.
- Strong root cause analysis skills.
- Ability to shift perspectives rapidly and demonstrate applied critical thinking.
- Ability to think holistically and identify areas of technical and non-technical risk.
- Thorough understanding of the latest security principles, techniques, and protocols.
- Capable of working independently and in a team environment.
- Flexible and adaptable to changing work environment.
- Ability to prioritize multiple tasks and manage time efficiently.
- Excellent written and verbal communication skills.
- Must be able to efficiently use Microsoft Word and Excel.
Desired Skills and Experience:
- Knowledge of concepts and experience building red team infrastructure.
- Knowledge of advanced cyber threats and adversary methodologies, and cyber threat intelligence.
- Strong understanding of operations security (OPSEC), defense evasion, and anti-forensics techniques
- Familiarity and experience with AWS, GCP, and Azure.
- High level of competency in cloud automation technologies, such as Terraform
- Familiarity with container technologies.
- Relationships or a professional working background with industries including education, health care, government, manufacturing, and financial
- Public and private sectors; for profit and non-profit industries
- Understanding of businesses & different industry operations and applicability of security and cyber security to those industries.
Education and Experience Requirements:
- Bachelor’s degree or equivalent experience in Computer Science, Information Security, or related field
- Solid references from co-workers and former employers
- Minimum of 3 years’ experience in cybersecurity.
- Minimum of 2 years’ experience of real-world penetration testing and client delivery.
- One or more security and penetration testing certifications (ex. OSCP, OSCE, GPEN, GWAPT, etc.)
- Military security clearance a plus.
The primary language of ProCircular is English. Excellent communication skills are required, defined as the ability to:
- Actively listen for total comprehension
- Ask questions that enhance the understanding of a certain topic
- Relay information and/or instruction in a descriptive and understandable fashion in both written and verbal format
Reasoning Ability Requirements:
High-functioning, reasoning abilities are necessary to meet deadlines, prioritize company and customer needs, and work in a high functioning collaborative team environment.
No supervisor responsibilities
Frequent Travel - valid driver's license required