Security Consultant - Pen Testing

Whether you’re an experienced professional or just getting started, your contributions matter at Fortra. If you’re passionate about tackling meaningful challenges alongside talented team members committed to helping each other succeed, all while having lots of fun, we want to hear from you. We offer competitive benefits and salaries, personal and professional development opportunities, flexibility, and much more! 

At Fortra, we’re breaking the attack chain. Ready to join us? 

The Fortra Security Consultant serves as a highly skilled and experienced penetration tester and trusted advisor with deep expertise across multiple offensive security disciplines. The Security Consultant role is focused on delivering security consulting services, with an emphasis on cloud penetration testing, red team engagements, and infrastructure assessments. The Security Consultant will plan and execute advanced security assessments, simulating real-world attack scenarios to identify potential risks and help our clients strengthen their security posture. A Fortra Security Consultant should possess a profound understanding of computer science and networking, along with an analytical and offensive mindset when approaching networks, applications, and operating systems.  The ideal Security Consultant thrives in unfamiliar environments, rapidly adapts to new technologies and tactics, and creatively approaches complex problems from an attacker’s perspective.  They will demonstrate deep knowledge of penetration testing methodologies, offensive security tooling, threat actor TTPs, and be able to clearly communicate technical findings and business risks to both technical teams and executive stakeholders. Additional responsibilities may include application security assessments, external network testing, social engineering engagements, and hardware testing as the Fortra Security Consultant progresses through internal qualification paths.

WHAT YOU'LL DO

• General Penetration Testing: Perform tests across web, mobile, and API applications, internal and external networks, wireless environments, and physical access controls.
• Red Team Operations: Plan, execute, and report on operations including assumed breach, initial access, lateral movement, persistence, and data exfiltration.
• Cloud Penetration Testing: Conduct assessments across AWS, Azure, and GCP, identifying misconfigurations, privilege escalation paths, identity attacks, and container security issues.
• Offensive Tooling: Use and customize tools such as Cobalt Strike, Outflank, Core Impact, Silver, BloodHound, Burp Suite, develop and utilize custom tooling; and develop custom scripts for post-exploitation and evasion.
• Threat Simulation: Develop realistic threat scenarios based on MITRE ATT&CK, APT tactics, and current breach trends.
• Reporting: Write detailed, high-quality reports outlining technical vulnerabilities and exploitation techniques, severity levels, steps to reproduce, and actionable remediation steps.
• Client Communication: Brief clients on findings and provide strategic guidance on remediation, overall risk reduction, and tactics to increase security posture.
• Methodology Development: Contribute to the advancement of internal testing methodologies, tooling creation and improvements, and red team infrastructure.
• Security Research: Stay current with emerging threats, CVEs, offensive tactics, and evolving cloud security techniques.
• Skill Development: Perform ongoing research, analysis, and testing to enhance individual and team technical capabilities.
• Engagement Scoping: Assist in defining scope, estimating effort, and drafting statements of work (SOWs), including recommending tailored solutions for client needs.
• Mentorship: Coach and mentor less experienced staff, or those less experienced in specific expertise areas, to support professional development and service excellence.
• Team Training: Train colleagues on areas of expertise and develop repeatable learning paths to support scalable team growth.
• Content Development: Contribute to creating blog posts, articles, marketing or training materials, and participating in webinars or customer conferences.

REQUIRED QUALIFICATIONS

• Bachelor’s degree in Computer Science, Information Technology, or a related field, or equivalent experience.
• 3+ years of professional experience in penetration testing and offensive security consulting.
• At least 2 years of experience conducting red team operations.
• At least 2 years of practical experience in cloud penetration testing (AWS, Azure, etc.), including identification and exploitation of misconfigurations and IAM vulnerabilities.
• Generalized penetration testing experience in areas such as infrastructure penetration testing, and manual web, mobile, or API penetration testing.
• Ability to simulate real-world adversarial techniques and develop creative attack chains in controlled environments.
• Strong understanding of network protocols, Active Directory, privilege escalation techniques
• Demonstrated experience with C2 frameworks (Cobalt Strike, Silver, etc.)
• Proficiency in scripting or coding languages (Python, PowerShell, Bash, etc.)

PREFERRED QUALIFICATIONS

• Experience leading technical projects, mentoring peers, or contributing to the development of team best practices.
• Familiarity with application development in C, ASP, C#, Objective-C, Java, or .NET
• Prior experience with Cloud Security or Development Security Operations a plus
• Experience with mentoring and training within teams and partnering with Marketing teams to create valuable content for customers and prospects.

KEY COMPETENCIES

• Security and Technical Leadership: Expert-level security and technical knowledge and the ability to mentor and guide other team members through complex technical issues.
• Customer Focus: A strong commitment to understanding customer needs and delivering timely, accurate, and comprehensive testing and reporting results.
• Collaboration: Effective communication and collaboration within the team and partnering with cross-functional teams to solve for security consulting team infrastructure and tooling needs.
• Adaptability: Ability to handle a range of complex technical challenges during testing and tooling development.
• Analytical Thinking: Skilled in analyzing complex technical scenarios and determining potential opportunities.
• Proactive Problem Solving: Ability to identify critical project risks, drive preventive solutions, and maintain customer satisfaction through unanticipated testing challenges.

Visit our website to learn more about why employees choose to work for Fortra. Remember to connect with us on LinkedIn.

As an EEO/Affirmative Action Employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, veteran or disability status.