Job Overview

Ensign Consulting, we draw on our vast experience in cyber security and risk management and our insights into the tactics, techniques and procedures used by threat actors to help you anticipate threats, disrupt attacks and respond decisively.

Duties and Responsibilities

• Conduct penetration testing of systems and applications to identify, document, and present technical vulnerabilities and issues.
• Participate and lead Red Team engagements to remotely infiltrate, escalate privileges, and achieve full control of target networks, demonstrating advanced offensive capabilities.
• Assist in developing customized remediation plans based on technical findings and client business constraints to strengthen cybersecurity defenses.
• Utilize automation tools and techniques to streamline and enhance penetration testing and red teaming processes for improved efficiency and accuracy.
• Collaborate with cross-functional teams to assess security controls, technologies, and processes, exposing vulnerabilities and recommending proactive measures.
• Research, develop, and ideally present new offensive cyber techniques and security control bypasses to the broader cybersecurity community.
• Stay abreast of emerging threats, industry trends, and best practices, integrating new knowledge into penetration testing methodologies and techniques.
• Collaborate with clients and stakeholders to provide expert guidance on cybersecurity strategies, risk mitigation, and incident response.
• Foster a culture of continuous learning and knowledge sharing within the team and across the organization.
• Support pre-sales processes and working with the Business Development team to win new deals.

Requirements

• At least two years of proven experience in conducting penetration testing / red team engagements in diverse environments.
• Strong proficiency in developing and executing remediation plans tailored to client business constraints and technical findings.
• Demonstrated ability to dive into new industries and technology stacks, adapting quickly to new challenges and environments.
• Familiarity with cyber security principles (e.g. networking, web development, vulnerability classes) and industry best practices (e.g. OWASP Top 10, MITRE ATT&CK Framework)
• Experienced in consulting, including internal and client facing experiences
• Ability to independently lead a project and communicate with clients
• Excellent communication and presentation skills, with the ability to convey technical concepts to both technical and non-technical stakeholders.
• Knowledge of GRC (Governance, Risk, and Compliance) processes is a plus, with an understanding of information security management systems and relevant standards and frameworks (e.g., ISO 27001, NIST CSF).

Preferred Skills /Qualities

• At least 2 years’ experience in penetration testing or red teaming
• Relevant (or be willing to pursue) professional certifications such as OSCP, CRTP, eWPT, GPEN etc.
• Preparing high quality reports detailing security issues, making recommendations, and identifying remediations
• A self-motivated learner who is keen to develop and lead a team to be able to deliver professional services and grow local capabilities