Summary

Role Responsibilities

• Manage a team of talented information security professionals and clearly communicate unmet needs to practice leadership
• Deliver Threat & Attack Simulation’s professional services as needed to enable your team and cover for busy seasons, unexpected absences and client requests
• Author and review comprehensive assessment deliverables that are tailored to both technical and managerial audiences with fully detailed technical execution steps, core deficiencies, and realistic remediation strategies
• Contribute to marketing initiatives via activities such as publishing research, speaking at industry conferences, authoring blog articles and whitepapers, hosting webinars, and developing security tools
• Support pre-sales activities by providing guidance to the scoping team to enable them to make adjustments to standard project scoping guidelines as needed based on feedback from the delivery team
• Assist with Practice development, including improving existing offerings, creating new offerings, and mentoring team members
• Perpetually strengthen relevant skills, knowledge, and abilities to stay at the forefront of the information security industry
• Foster strong client relationships and represent GuidePoint well by providing interactive and collaborative support, information, and guidance to ensure delivery of maximum value
• Work closely with delivery team members to address customer concerns and disarm incendiary client interactions by working towards a mutually agreeable solution
• Maintain a strong desire to learn, adapt, and improve along with a rapidly-growing company
• Perform typical managerial functions such as performance reviews, expense approvals, time entry approvals, etc. in a timely manner
• Continue fostering team culture by building relationships with team members and embracing the "No Jerks" culture
• Unwavering loyalty to a particular word processing tool (e.g. nano, vim, emacs, etc.) and willingness to argue about which is superior on a weekly basis
• Strong desire to work collectively with the team to mentor, coach, and guide the next generation of professionals
• Perform other duties as assigned

Education, Credentials, and Experience

• InfoSec community involvement, such as conference speaking, blog/whitepaper authoring, and podcast speaking/producing experience is preferred, or at least the willingness to try
• 3+ years of recent penetration testing experience is preferred; penetration testing experience is required
• Several years of experience delivering work as a consultant and practicing soft skills, interacting with clients, and improving process efficiency and documentation is strongly preferred
• Experience leading a team of consultants is directly relevant to this role and is preferred, but not explicitly required as long as you are willing to be coached and have very strong consulting and recent penetration testing experience
• Internal operational experience is strongly preferred
• Lab-based certifications, such as OSCP and OSCE along with practical training from providers such as HackTheBox pro labs and similar are preferred
• Exceptional written communication skills and attention to detail that can be leveraged to review deliverables for clear and accurate articulation of findings to both technical and managerial audiences is required
• Strong ability to come up with solutions to potentially unprecedented problems where there is no guidance, both internal to the team and with client-facing issues
• Able to confidently discuss report findings, both the type of vulnerability/attack and how to mitigate/remediate the risk, with both a technical and non-technical audience
• Proven effectiveness in offensive security activities with commercial and open-source tools and ability to still demonstrate impact without overwhelmingly popular but exceedingly detectable tools like Metasploit
• Strong familiarity with PCI DSS penetration testing requirements and experience navigating related scope conversations
• Fundamental familiarity and exposure to one or more primary cloud hosting providers (AWS, GCP, Azure) is beneficial
• Basic familiarity with common offensive security scripting languages such as Python, PowerShell, Go, etc.