2 Kerberoasting Jobs

Senior Security Consultant (Network Penetration Tester) NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers. Join the mission as a Senior Security Consultant. We are seeking a skilled expert and detail-oriented Penetration Tester to conduct thorough security assessments, identify vulnerabilities, and provide expert recommendations to strengthen our clients' security posture. You will be responsible for performing Network (InPen) Penetration Testing, in addition to competencies in problem solving, client service, written/verbal communication, and project execution. You will work to deliver clear, actionable reports and contribute to the development of security best practices. Responsibilities : Conduct engagements on Network (InPen) Penetration Testing independently and provide technical oversight Perform internal, external and wireless network penetration tests Create, review and deliver reports for accuracy in technical oversight, perform weekly QA oversight, and provide mentoring support to others Create, deliver, and collaborate on penetration testing reports in diverse client environments, maintaining client-specific processes, reporting standards, and access protocols to help improve their security posture Research and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processes Act as a resource for internal team members as it relates to in-depth technical questions or best practices Participate in development, implementation, and oversight of testing, delivery, and management strategies for key client accounts Perform administrative tasks related to day-to-day consulting activities to ensure smooth business and engagement operations. Minimum Qualifications : Bachelors degree or higher, with a focus on IT, Computer Science, Engineering or Math or equivalent experience Minimum of 5+ years of experience in Network Penetration Testing with expertise on InPen testing. Experience with offensive toolkits used for network and web or mobile penetration testing Familiarity with offensive and defensive IT concepts and protocols Extensive understanding of the OWASP Top 10, MITRE ATT&CK framework, and various security frameworks. Working knowledge of Windows, Linux and MacOS operating systems internals and administration Experience mentoring or coaching to growing team members, while sharing knowledge externally through blogs, hosting webinars, or presenting at conferences Ability to work independently and as part of a team Proficient communication skills, both written and verbal Willingness to travel up to 5-10%, as required. This position requires an 8-hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needs Preferred Qualifications: Ability to provide technical and QA oversight on Network (InPen) service line Experience in one or more of the following programming or scripting languages (e.g., Ruby, Python, Perl, C, C++, Java, and C#) Offensive Security Certifications (e.g., GXPN, GPEN, OSCP, CISSP, GWAPT) We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.

Role & Responsibilities: Key highlights of the role are listed below (purely indicative and not limiting): This position would include the mentioned set of responsibilities but not limited to: Design and execute real-world adversary simulations, including full-scope red team engagements. Develop and implement custom attack methodologies for testing defenses against sophisticated cyber threats. Perform IT Infra VAPT, application testing, and cloud security assessments. Conduct Active Directory exploitation, lateral movement, and privilege escalation attacks. Utilize MITRE ATT&CK framework to model threats and enhance threat intelligence integration. Simulate social engineering attacks (phishing, vishing, physical security testing) to assess human risk factors. Research and develop custom exploits, scripts, and payloads to bypass security controls. Work with the blue team, SOC, and detection engineers to improve threat detection and response. Identify security gaps in monitoring, logging, and alerting systems and recommend improvements. Conduct post-engagement debriefs and develop detailed mitigation plans for security weaknesses. Manage and enhance VAPT toolsets, attack frameworks, and adversary emulation platforms. Assess the effectiveness of security policies, standards, and procedures to align with industry best practices. Provide input into security risk assessments and ensure alignment with compliance frameworks (NIST, ISO 27001, CIS). Perform continuous security testing and attack surface reviews to identify new threats. Provide technical consultation to development, IT, and security teams to improve secure coding practices. Deliver red team reports, threat assessments, and executive-level briefings. Job specific skills: Experience in offensive security, penetration testing, or red teaming. Deep understanding of network security, system vulnerabilities, and exploit development. Proficiency in red team tools such as Nessus, Nipper, Appscan, Cobalt Strike, Metasploit, Bloodhound, Empire, Mimikatz, Burp Suite etc. Hands-on expertise in Windows, Linux, and cloud security (AWS, Azure, GCP). Strong scripting skills in Python, PowerShell, Bash, or C/C++. Advanced Attack Techniques: Experience in Active Directory attacks, Kerberoasting, Golden/Silver Ticket attacks, and pass-the-hash techniques. Ability to find vulnerabilities after bypassing EDR, SIEM, firewalls, IDS/IPS, and endpoint security controls. Knowledge of privilege escalation, persistence mechanisms, and lateral movement techniques. Familiarity with zero-day vulnerability research and exploit development. Experience with phishing campaigns, credential harvesting, and OSINT reconnaissance. Understanding of physical penetration testing, badge cloning, and RFID attacks. Knowledge of security standards such as MITRE ATT&CK, NIST, ISO 27001, CIS, OWASP. Ability to assess and improve security policies, standards, and compliance controls. Strong analytical thinking, problem-solving skills, and attention to detail. Excellent communication skills, with the ability to convey technical findings to technical and non-technical audiences. Possess soft skills, Leadership, Mentorship & Knowledge Sharing Experience mentoring and training junior team members and cross-functional teams. Certifications (Preferred but not required) OSCP, OSEP, OSCE, CRTO, CISSP, GPEN, GXPN, Red Team Ops (RTO) or equivale