Offensive Security Senior Consultant (Nationwide)

company banner
Security, Consultant, Testing, Engineering, Network, Wireless, Access, Python, IT, Computer, Consulting, CISSP
Full Time

Job Description

Work you'll do

As a Sr. Offensive Security Consultant, you will be on the front lines with our clients supporting them with their cloud and Offensive Security needs. You will work with our Offensive Security team to provide attack-oriented professional services such as (but not limited to): Red/Purple Team Operations, Penetration Testing, Breach and Attack Simulations, Cloud Penetration Testing, Social Engineering, and a variety of ad-hoc custom assessments to address unique information security concerns for clients. In this role you will:
  • Deliver professional services, including but not limited to Red Team Assessments, Purple Team Assessments, Network Penetration Tests, Wireless Security Assessments, Onsite and Remote Social Engineering, and a variety of custom assessments
  • Create and write comprehensive assessment reports that are technical and managerial to describe the engagement, scope, risks, and remediation recommendations
  • Develop marketing materials and participate in marketing activities such as creating research, speaking at conferences, authoring materials and presenting thought leadership
  • Knowledge of security testing frameworks and standards such as OSSTMM, OWASP, NIST SP 800-115, Lockheed Martin's Kill Chain, and MITRE ATT&CK
  • Use automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet the rapidly changing needs of our clients
  • Mastery of commercial and open source security tools including, but not limited to: Nmap, Nessus, BurpSuite, Cobalt Strike, Metasploit, Wireshark, and Aircrack-ng
  • Assist with Practice development, including improving existing offerings, creating new offerings, and mentoring team members
  • Perpetually strengthen relevant skills, knowledge, and abilities to stay at the forefront of the information security industry
  • Foster client relationships by providing support, information, and guidance
  • Maintain a strong desire to learn, adapt, and improve along with a rapidly growing company
  • Perform other duties as assigned
  • Serve as a subject matter expert on cloud cyber risk for at least one of the leading cloud platforms preferably AWS, Microsoft Azure/ Office 365.
  • Provide technical security support for cloud-native (e.g., AAD) and third-party security services and resolve service-related issues through research, troubleshooting, and working with cloud service providers and third-party security solution vendors.
  • Support proof of concept and production deployments of these cloud technologies.
  • Perform technical health checks for cloud platforms/environments prior to broader deployment and assist clients with configuration of cloud platform scanning tools, and delivery of cloud security and compliance reports.
  • Design and develop cloud platform-specific security policies, standards, and procedures for management group and account/subscription management and configuration (e.g. Azure Policy, Azure Security Center, AWS Config), identity management and access control, firewall management, auditing and monitoring, security incident and event management, data protection, user and administrator account management, SSO, conditional access controls and password/secrets management.
  • Troubleshoot problems with cloud infrastructure (e.g., domain name service, virtual network peering, dedicated cloud connectivity services - Azure ExpressRoute, AWS DirectConnect, Google Cloud Dedicated Interconnect) and resources (e.g., virtual machines, virtual networks, cloud databases) in a multi-cloud vendor environment and document technical platform issues, analysis, client communication, and resolution as part of cyber risk mitigation steps.
  • Assist clients in the selection and tailoring of approaches, methods, and tools to support cloud adoption for secure migration of existing workloads to a cloud vendor. This may cover services such as tenant setup and service configuration focused on cloud cyber risk mitigation, IAM (e.g., PIM/PAM, MFA, SSO, Conditional Access), data protection (e.g., DLP, encryption, PKI), network security (e.g., firewalls, WAF), etc.
  • Perform cloud orchestration and automation (Continuous Integration and Continuous Delivery (CI/CD)) in single and multi-tenant environments using tools like Terraform, Ansible, Puppet, Chef, Salt etc.
  • Design, implement, manage, and automate DevSecOps capabilities in cloud offerings using CI/CD toolsets and automation (e.g., Boto3, Lambda, Azure Functions, Google Functions, Python, JSON).
  • Support and enable junior team members across both technical and management leadership capacities.
  • Provide internal cloud security technical training to Advisory personnel as needed.
  • Support the team on proposals, whitepapers, proof of concepts, technical eminence materials and firm initiatives.


  • 6+ years combined in IT and information security experience
  • 4+ years of experience performing offensive/attack-oriented security assessments
  • 2+ years of experience in an enterprise-level customer delivery services role
  • Experience with various public cloud components and architectures with Azure / AWS strongly preferred.
  • Experience in evading security detection controls

  • Other lab-based certifications such as OSCP, OSCE, GIAC, and GSE are preferred
  • Other relevant industry certifications, such as GPEN and GCIH
  • InfoSec community involvement, such as conference speaking, blog/whitepaper authoring, and podcast speaking/producing
  • Experience building security tool APIs and/or services.
  • Experience building/automating Red Team Infrastructure.
  • Experience building/automating Attack Defense labs.
  • BA/BS Degree ideally in Computer Science, Cyber Security, Information Security, Engineering or Information Technology.
  • Previous Consulting or Big 4 experience preferred.
  • Certifications such as: CISSP, AWS/Azure Security/DevOps/Professional Certifications, completion of Red Teaming Labs
  • Excellent writing and verbal communication skills.
  • Strong project management and organizational skills.
  • Knowledge of business process, user provisioning process, and security maintenance processes.

Additional Requirements
  • Travel up to 50% (While 50% of travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice).
  • Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
  • Identify opportunities to improve services delivered to our clients.
  • Experience with leading multiple distributed teams across different geographies.
  • Excellent teamwork and interpersonal skills.

Company Information

Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world’s most admired brands, including nearly 90% of the Fortune 500® and more than 7,000 private companies. Our people come together for the greater good and work across the industry sectors that drive and shape today’s marketplace—delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthier society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Now celebrating 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte’s more than 330,000 people worldwide connect for impact on our website.

Dice Id : 10106525
Position Id : 41302
Originally Posted : 6 months ago

Similar Positions at Deloitte

Workday Security Senior Consultant
  • Phoenix, AZ
  • 1 day ago
SAP Security & GRC Senior Consultant
  • Phoenix, AZ
  • 1 day ago
SAP Security & GRC Senior Consultant
  • Phoenix, AZ
  • 1 day ago
IAM Senior Consultant Active Directory
  • Phoenix, AZ
  • 6 hours ago