Consultant - Defensive Capability

SpecterOps is looking for mid-level to senior defensive consultants to serve on the Consulting Services team as analysts, detection engineers, and program developers. The SpecterOps Adversary Detection service line provides strategic advisory positions to mature our customer’s internal detection capabilities. They often perform independent assessments to determine the overall state of a customer's detection program or to proactively identify adversaries operating silently in a customer’s environment. Additionally, our consultants frequently support SpecterOps training offerings by developing course content and delivering training during public and private events.

A successful candidate will have excellent technical skills, impeccable soft skills, and be a well-organized, self-directed individual.

Salary Range: Base salary annually, commensurate with experience.  

• Associate Consultant - $90,000 - $120,000
• Consultant - $120,000 - $140,000
• Senior Consultant - $140,000 - $160,000

Location: This position is remote, based in the U.S. with optional travel quarterly for in person company events and other ad hoc meetings.

• Candidate must be authorized to work and reside in the United States; we do not currently sponsor immigration visas

Responsibilities

• Create evasion-resilient detections based on independent research alongside supporting resources, documentation, and automation
• Evaluate existing detection content in client environments and make improvements as necessary
• Evaluate the maturity of common security operations roles and functions, including: threat intelligence, threat hunting, detection engineering, SOC operations, incident response, and security engineering
• Utilize common security tooling, including: EDR, SIEM, and live response tools
• Utilize and provide guidance regarding common telemetry sources, including: EDR, Sysmon, Windows Event Logging, SIEM, WAF, IDS/IPS, cloud platforms (Azure, AWS, GCP), and others
• Build scripts, tools, or methodologies to enhance investigation processes
• Serve as a subject matter expert (SME) in one of the following areas: detection engineering, network, memory, and/or disk forensics, log analysis, malware triage, or reverse engineering
• Effectively communicate successes and obstacles with fellow team members and team lead(s)
• Interface with client contact(s) and staff in a constructive and professional manner
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
• Effectively communicate investigative findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
• Assist with scoping prospective engagements, participating in investigations from kickoff through remediation, and mentoring less experienced staff
• Contribute new or improve existing content for SpecterOps training courses and assist in the delivery of course offerings (instruction, student support, etc.)
• (Senior Consultant) Create and deliver at least two pieces of content a year (e.g., blog post, conference presentation, workshop, or webinar)

Requirements (All Positions)

• Ability to travel domestically and internationally up to an average of 25% over the course of one year
• Must be able to pass a criminal background check
• Desire to embody our core values of passionate curiosity, consistent improvement, empathy, sustainability, humility, and empowerment through transparency 

As an Associate Consultant, your primarily responsibility will be to learn. You will engage, participate, and contribute to the execution of a variety of services and projects. In doing so, you will actively develop a basic understanding of the SpecterOps Adversary Simulation service line and develop skills in one or more technical areas.

Desired Qualifications (Associate Consultant)

• Foundational knowledge of defensive security concepts and assessments
• Foundational knowledge of security principles, policies, and industry best practices
• Working knowledge of Windows and *NIX-based operating systems
• Working knowledge of networking concepts
• Working knowledge of Active Directory
• Working knowledge of programming or scripting languages, such as C#/.NET, C++, Python, PowerShell, Bash, etc.
• Aptitude for technical writing, including assessment reports, presentations, and operating procedures
• Strong written/verbal communication and interpersonal skills
• Determination to better self and the overall information security community through research efforts and release through blog posts, conference talk delivery, open-source tool release, and white paper publication
• Willingness to support delivery of public and private training offerings (e.g., providing lab support, fielding student questions, etc.) 

As a Consultant, you will independently contribute to significant services and projects. You will be responsible for the entire lifecycle of small to medium services and projects.

Desired Qualifications (Consultant)

• Meets desired qualifications for an Associate Consultant, plus the following
• Foundational knowledge of offensive security concepts and assessments
• Working knowledge of common regulatory requirements and governance frameworks
• Working knowledge of attacker techniques and commonly used offensive tools
• Working knowledge of Windows and NIX disk and memory forensics
• Proficient with Windows and NIX-based operating systems and related defensive controls
• Proficient with networking concepts and related defensive controls
• Proficient with Active Directory and related defensive controls
• Proficient with defensive security concepts and assessments
• Ability to lead small to medium sized services and projects
• Ability to communicate effectively with customers, team members and upper management for project delivery
• Ability to contribute to most defensive service offerings (e.g., detection engineering, maturity assessment, purple team assessment, program development, etc.) as part of a team for the full project lifecycle
• Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy

As a Senior Consultant, you will be responsible for the entire lifecycle of significant services and projects.

Desired Qualifications (Senior Consultant)

• Meets desired qualifications for a Consultant, plus the following
• A clear expert in one or more service lines and/or technical areas
• Ability to lead and execute most defensive service offerings (e.g., detection engineering, maturity assessment, purple team assessment, program development, etc.) 
• Experience leading small teams and engagements
• Experience managing multiple projects at once
• Experience communicating with clients and delivering presentations
• Experience independently managing client projects
• Willingness to develop and deliver training content as a lead course instructor
• Willingness to mentor and train fellow consultants

Nice to Haves (All Positions)

• Bachelor's degree in a technical field
• Experience participating in and/or leading Fortune 1000 and/or large Federal Government security assessments
• Public community contributions (e.g., conference presentations, blog posts, white papers, public tool development)
• Experience in administering, attacking, or defending Windows/Active Directory, Linux, and/or macOS environments
• Experience working in a Security Operations Center (SOC) environment
• Experience in technical writing
• Experience working for a service-based information security consultancy
• Experience in malware analysis and reverse engineering
• Experience in executing offensive techniques (red teaming, pentesting, etc)
• Experience documenting detections via the Alerting and Detection Strategy framework
• Experience developing and/or providing technical training
• Desire to teach and train students in defensive techniques
• Desire to travel internationally and domestically on a more frequent basis (more than 50%)

What We Offer 

• Health/Dental/Vision/life insurance: 100% covered for both the employee and their family  
• Flexible time off policy   
• 10+ paid holidays annually  
• 401(k) with up to 4% company match  
• Equity and a potential bonus based on company performance  
• Remote work: $2,000 first year allowance to set up home office  
• Open intellectual property policies; allow researchers to retain rights over open sourced research & tools
• $150 monthly cell phone and internet reimbursement  
• $5,000 annual professional development allowance  
• $5,250 towards continuing education or student loan repayment  
• $100 monthly reimbursement for lifestyle, wellness, pet insurance or home office expenses  
• A one-time $10,000 benefit towards family planning   
• In person and virtual employee events throughout the year  
• And of course, company swag!  

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. 

Unsolicited resumes are not accepted 

#LI-REMOTE