Attack & Penetration Offensive Security Tester Manager

You Belong Here

The Protiviti Career provides opportunity to learn inspire and advance within a collaborative and inclusive culture. We hire curious individuals for whom learning is a passion. We lean into our mission: We Care. We Collaborate. We Deliver.

At every level we champion leaders who live our values of integrity inclusion innovation and commitment to success. Imagining our work as a journey we believe integrity guides our way inclusion moves us forward together innovation creates new destinations and our commitment to success empowers us to deliver on our vision to be the most trusted global consulting firm.

Where We Need You

Protiviti is looking for an Attack & Penetration Manager to join our growing Technology Consulting team.

What You Can Expect

As a Manager youll partner with our clients to solve complex business problems and provide impactful advice and solutions. Youll develop lasting relationships with client personnel and further these relationships through quality product delivery. Youll foster a network within the business community and serve as an ambassador of Protiviti in the market.You will also be a mentor trainer and coach to Consultants and Senior Consultants as you facilitate the successful completion of project work plans.

You will help execute adversary simulation assessments including but not limited to red teaming purple teaming and threat led penetration tests for clients from various industries. You will have access to a robust set of testing tools and equipment that has been built/developed to tackle hundreds of different adversary simulation needs. You will have opportunities to develop new tooling design novel attacks and simulate real-world threat actors in environments. Additionally if you have ideas for new security services and demand for those services can be identified we can help support that services development. We also encourage presenting at local national or international security conferences.

What Will Help You Be Successful

• You enjoy all things related to Pen Testing.

• You are motivated to learn and interested in all things related to Cyber Security including the latest trends and developments.

• You thrive on challenges and the intricacies that come with trying to figure out how to target an organization and its entities and evading defensive controls.

• You enjoy discussing technical and industry trends and seek opportunities to demonstrate and teach staff on the job.

• You are passionate about delivering client satisfaction and demonstrating a growing level of industry and product competency and are able to articulate their value to your clients.

• You seek opportunities to interact with and mentor personnel including participating in the creation and rollout of training and developing skill sets.

• You understand the business environment and potential client base for the solution and industry.

Do Your Talents Include the Following

Technical Skills and Talents

Red Teaming

• Experience conducting red team engagements demonstrating advanced knowledge of adversarial tactics techniques and procedures (TTPs).

• Ability to emulate sophisticated real-world threat actors including nation-state-level attackers and advanced persistent threats (APTs).

• Understanding of defensive mechanisms (e.g. threat hunting SIEM systems EDR platforms SOC operations) to create realistic simulations and bypass security controls.

• Hands-on experience attacking cloud environments (AWS Azure GCP).

Purple Teaming

• Demonstrated ability to work collaboratively with defensive teams (SOC/Blue Team) to improve detection response and mitigation strategies.

• Experience working with detection engineering or security analytics teams.

• Familiarity with attack simulation methodologies (e.g. MITRE ATT&CK framework) to validate security controls and improve system resilience.

Ransomware Simulation

• Practical experience designing and executing ransomware scenarios to evaluate and strengthen an organizations readiness and incident response.

• Understanding of encryption techniques data exfiltration methods and persistence mechanisms commonly used by ransomware actors.

Attack Scenario Design

• Ability to craft realistic adversarial scenarios based on intelligence about emerging threats tailored to specific industries technologies and organizational risks.

• Experience leveraging threat intelligence to simulate specific adversary groups their tactics and their infrastructure.

Advanced Offensive Security Tooling

• Proficiency in using and customizing offensive security tools such as Havoc Sliver and similar frameworks.

• Experience in building or scripting custom tools and payloads for exploitation lateral movement and evasion.

Network and System Exploitation

• Deep knowledge of common attack vectors (e.g. lateral movement privilege escalation persistence techniques).

• Familiarity with network protocols Active Directory exploitation cloud attack scenarios and web application attack techniques.

Operational Security (OpSec) Awareness

• Ability to maintain effective operational security during engagements to avoid detection and maintain stealth.

• Experience or knowledge of bypassing security measures such as endpoint detection and response (EDR) intrusion detection/prevention systems (IDS/IPS) and other monitoring tools.

Electronic / Remote Social Engineering

• Proven ability to execute advanced social engineering attacks including phishing vishing and smishing campaigns tailored to evade detection and successfully achieve engagement objectives.

• Familiarity with tools and platforms used for managing phishing campaigns (e.g. Evilginx and similar frameworks).

• Deep understanding of pretext developmentcrafting believable targeted scenarios and personas that replicate real-world adversarial attempts.

• Experience conducting reconnaissance-based OSINT (Open-Source Intelligence) to gather information about targets and enhance the effectiveness of social engineering efforts.

Physical Security Assessments:

• Ability to evaluate physical security controls (e.g. building access mechanisms surveillance systems alarm systems) to identify gaps and simulate breaches.

• Experience with covert entry techniques such as lock-picking bypassing access control systems RFID cloning and badge spoofing.

• Demonstrated ability to execute tailgating and surveillance operations to test operational security processes.

• Knowledge of facility security best practices including implementation of defense-in-depth strategies for physical environments.

• Strong awareness of laws ethical boundaries and company policies related to physical security testing.

Soft Skills

Collaboration and Communication

• Ability to effectively communicate technical findings and adversarial simulation results to non-technical audiences including executive leadership.

• Ability to identify describe report and present vulnerabilities observations and standard remediation activities in comprehensive yet actionable reports to include clear demonstration of risk to clientele post-engagement.

Creative Problem Solving

• Talent for identifying innovative methods to push testing forward in unconventional ways when roadblocks present themselves.

• Passion for out-of-the-box thinking and designing novel attack methodologies.

Analytical Mindset

• Skill in analyzing complex systems to identify root causes of vulnerabilities and address defensive gaps.

• A desire for constant learning and self-improvement.

Research and Development

• Demonstrated ability to stay ahead of the curve on emerging attack techniques vulnerabilities and trends in offensive security.

• Regularly practices continuous learning and self-study.

• Track record of conducting offensive security researche.g. discovering new vulnerabilities developing exploit techniques or publishing security-related blogs/tools.

• Active participation in security communities or conferences such as Black Hat DEF CON BSides or similar events.

Additional Skills & Attributes

• Ability to work with a diverse portfolio of clients across industries.

• Proficiency in Python PowerShell Bash or other languages for automation and developing custom offensive security tools.

• Knowledge of exploit development malware reverse engineering or shellcode development.

• Familiarity with compliance-driven testing frameworks (e.g. PCI DSS GDPR or ISO 27001).

Your Educational and Professional Qualifications

• Bachelors degree in a relevant discipline (e.g MIS CIS EE IT IS CE CS etc.)

• 5 years working in professional services or industry.

• Proficiency in Microsoft Office suite applications with specific emphasis on Word Excel and PowerPoint. Secondary emphasis on Visio and Access.

• Certifications such as OSCP GIAC CISSP OSCE/OSWE OSED CRTO GXPN CEH eCPPT or similar SANS 600 or 700 level course work are strongly preferred.

• Relevant cloud security certifications (e.g. CCSK AWS Certified Security - Specialty) for targeting cloud infrastructure.

Our Hybrid Workplace

Protiviti practices a hybrid model which is a combination of working in person with a purpose and working remotely. This model creates meaningful experiences for our people and our clients while offering a flexible environment. The ratio of remote to in-person requirements vary by client project team and other business factors. Our people work both in-person in local Protiviti offices and on client sites which can include local or out-of-state travel based on our projects and client requests and commitments.

#LI-Hybrid