Senior Offensive Security Consultant

Role Overview

We are seeking an experienced and highly capable Senior Offensive Security Consultant to join our client's cybersecurity team. This role is designed for a practitioner with strong hands-on expertise in offensive security, who can independently lead complex engagements, mentor junior consultants, and act as a trusted technical advisor to clients.

Ideally, you should have deep experience in VAPT, adversarial techniques, and real-world exploitation across network, web, and enterprise environments, with the ability to translate technical findings into meaningful risk narratives and actionable remediation guidance.

Key Responsibilities

• Lead and execute end-to-end offensive security engagements, including network, web application, mobile application, and infrastructure penetration testing.
• Validate and exploit identified vulnerabilities to demonstrate real-world impact and business risk.
• Produce high-quality technical and executive-level reports with clear risk narratives and actionable remediation recommendations.
• Serve as a technical or project lead during engagements, providing guidance, mentorship, and quality assurance to junior consultants.
• Act as a key technical point of contact for clients, including walkthroughs of findings and remediation discussions.
• Contribute to the development and improvement of internal testing methodologies, tools, and playbooks.
• Stay current with emerging threats, exploitation techniques, and offensive security research.
• Support pre-sales and scoping activities by providing technical input when required.

Requirements

• Experience: Minimum 5 years of hands-on experience in offensive security, penetration testing, or red teaming.
• Mandatory Certifications: OSCP, CRT, OSWE
• Strong understanding of network protocols, operating systems, Active Directory environments, and web application architectures.
• Deep knowledge of common attack techniques, vulnerabilities and frameworks (e.g., OWASP Top 10, MITRE ATT&CK, CWE).
• Highly proficient with industry-standard offensive security tools and comfortable with custom scripting and automation.
• Strong analytical mindset with the ability to think like an attacker and chain multiple weaknesses together.
• Excellent written and verbal communication skills, particularly in explaining technical risk to non-technical stakeholders.