Security Consultant - Penetration Testing

About Us

Since 1989, SHI International Corp. has helped organizations change the world through technology. We've grown every year since, and today we're proud to be a $16 billion global provider of IT solutions and services.

Over 17,000 organizations worldwide rely on SHI's concierge approach to help them solve what's next. But the heartbeat of SHI is our employees - all 7,000 of them. If you join our team, you'll enjoy :

Our commitment to diversity, as the largest minority- and woman-owned enterprise in the U.S.

Continuous professional growth and leadership opportunities.

Health, wellness, and financial benefits to offer peace of mind to you and your family.

World-class facilities and the technology you need to thrive - in our offices or yours.

Job Summary

The Security Consultant - Penetration Testing is a critical?role?within?Stratascale's?Adversarial Operations team who will?assist?in?leading and supporting the development and delivery of a diverse range of continuous threat and exposure management consulting, penetration testing, and?operational?service programs to a portfolio of our clients.

Role Description

Independently perform penetration testing against complex environments covering both external, internal, web application, and other forms of offensive security engagements.?

Consult and document attack surface, threats, and vulnerability?improvements based onteam'soverall assessment ofclient'senvironment.??

Perform full assessment and threat modeling against industry best practices to?identify?control weaknesses and assess the effectiveness of existing controls.??

Perform root cause analysis on?identified?vulnerabilities and attack surface weaknesses to?determine?technical solutions to be presented to client along with recommendations for remediations.??

Collaborate withclient'ssecurity teams to understand mitigation or resolutions for findings discovered by analysts.??

Review threat intelligence?for specific threat vectors that align with client's industry or potentially?impacted?by to?utilize?in attack path modeling.??

Assist?in defining,?measuring, and?quantifying?business risk and vulnerability impacts toclientstheir stakeholders.?

Provide subject matterexpertiseand technical support on remediation, cloud security, governance, compliance, and core infrastructure systems.

Assistcustomers with strategies, use of platforms, technical and compliance analysis, and implementing automation.

Execute consulting projects by creating and completing deliverables, ensuring client needs and practice obligations are met.

Develop and deliver training content, curricula, and workforce development programs, including in-person and remote sessions.

Participate in customer and internal meetings,providingtechnical guidance andfacilitatingdiscussions.

Stay educated on new product technologies, industry trends, and emerging capabilities within the practice.

Develop andoptimizecross practicecapabilities, collaborate with peer practice leaders, and mentor other consultants.

Behaviors and Competencies

Communication : Can effectively communicate complex ideas and information to diverse audiences, facilitate effective communication between others, and mentor others in effective communication.

Relationship Building : Can take ownership of complex team initiatives, collaborate with diverse groups, and drive results through effective relationship management.

Self-Motivation : Can take ownership of complex personal or professional initiatives, collaborate with others when necessary, and drive results through self-motivation.

Negotiation : Can take ownership of complex negotiations, collaborate with others, and drive consensus.

Impact and Influence : Can rally a team or group towards a common goal, creating a positive and persuasive influence.

Business Development : Can take ownership of significant business initiatives, collaborate with various stakeholders, and drive business results.

Emotional Intelligence : Can use emotional information to guide thinking and behavior, manage and / or adjust emotions to adapt to environments or achieve one's goal(s), and help others do the same.

Detail-Oriented : Can oversee multiple projects, maintaining a high level of detail orientation, identifying errors or inconsistencies in work, and ensuring accuracy across all tasks.

Follow-Up : Can take ownership of tasks, collaborate with others in managing follow-ups, and drive results through effective task completion.

Presenting : Can effectively use visual aids, storytelling, and persuasive techniques to enhance presentations and engage audiences.

Delegation : Can delegate responsibilities across a team, balancing workload, and ensuring all members understand their roles.

Analytical Thinking : Can use advanced analytical techniques to solve complex problems, draw insights, and communicate the solutions effectively.

Critical Thinking : Can integrate and synthesize information from various sources to inform strategic decision-making and problem-solving.

Technical Troubleshooting : Can take ownership of complex technical problems, collaborate with others to manage solutions, and drive results in problem resolution.

Skill Level Requirements

Expertisein planning, executing, and leading penetration tests across networks, web and mobile applications, APIs, wireless, and cloud environments, including scoping, rules of engagement, and debriefs. - Intermediate

Proficiencywith offensive security methodologies and frameworks such as PTES, OWASP (WSTG / MASVS / ASVS), MITRE ATT&CK, and threat modeling to drive risk-based testing. - Intermediate

Deep hands-on experience with common offensive tooling and techniques, including reconnaissance, enumeration, exploitation, post-exploitation, lateral movement, and data exfiltration, along with strong operational security practices. - Intermediate

Ability to assess and attack cloud services (AWS, Azure, GCP) including IAM misconfigurations, storage, serverless,container / orchestration,and cloud networking, and communicate cloud-specific remediation guidance. - Intermediate

Strong web applicationtesting?skills?includingauth flows, access control, injection, deserialization, SSRF, XXE, business logic abuse, and modern app architectures (SPAs, microservices,GraphQL,WebSockets). - Intermediate

Working knowledge of Active Directory and Azure AD attack paths (Kerberoasting,constrained / unconstraineddelegation, ACL abuses, LAPS / MAPS, certificate services), and the ability to simulate realistic enterprise attack chains. - Intermediate

Proficiencywith social engineering and phishing engagements, including payload development, infrastructure setup, pretexting, and measurement aligned to customer policies and legal constraints. - Intermediate

Competence in scripting and automation to accelerate testing and proof-of-concept development using Python, PowerShell, Bash, and basic Go or JavaScript as needed. - Intermediate

Ability to develop clear exploit proofs-of-concept, reproduce vulnerabilities reliably, andvalidatefixes; familiarity with exploit development fundamentals is a plus. - Intermediate

Strong reporting andcommunication?skills,including writing executive summaries and technical reports with reproducible steps, risk ratings, and actionable remediation, and presenting findings to both technical and non-technical stakeholders. - Intermediate

Experience collaborating in red / purple team exercises, working with blue teams, and translating findings into detection and hardening recommendations (e.g., SIEM detections, EDR tuning, hardening baselines). - Intermediate

Familiarity with vulnerability management workflows, responsible disclosure practices, and integration of pen test results into remediation programs and retesting cycles. - Intermediate

Proficiencywith productivity and documentation tools such as Word, Excel, PowerPoint, and Outlook to efficiently produce statements of work, test plans, and final reports. - Intermediate

Other Requirements

CompletedBachelor's Degreein a related field or relevant work experiencerequired

3-5years of hands-on penetration testing / red team experience delivering engagements for mid-to-large enterprises, includingleadingcomplex assessments.

Ability to travel to SHI, Partner, Customer events, and on-site testing engagements as needed.

Advanced industry certifications preferred (e.g., OSCP, OSEP, OSWE, GXPN, GPEN, CRTO, CRTP,PNPT;CISSP or CSSLP a plus).

Demonstrated understanding of legal / ethical considerations, testing authorization, and safe handling of client data.

The estimated annual pay range for this position is $110,000 - $145,000 which includes a base salary and bonus. The compensation for this position is dependent on job-related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual. Benefits may include, but are not limited to, medical, vision, dental, 401K, and flexible spending.

Equal Employment Opportunity - M / F / Disability / Protected Veteran Status