The Manager, Security Consulting Services serves as a leader of a team of highly skilled and experienced penetration testers. The right candidate has many of the same skills and can act as a trusted advisor with deep expertise across multiple offensive security disciplines for our internal teams and our customers. The Manager, Security Consulting Services role is focused on managing delivery of our security consulting services and leading the team which delivers them, while providing strategic direction for research, training, tooling and automation efforts. With The Manager will plan and ensure execution of advanced security assessments, simulating real-world attack scenarios to identify potential risks and help our clients strengthen their security posture. They should possess a profound understanding of computer science and networking, along with an analytical and offensive mindset when approaching networks, applications, and operating systems in order to lead the team with their expertise. The ideal candidate thrives when working to develop and grow teams, and thrives technically in unfamiliar environments, rapidly adapting to new technologies and tactics, and creatively approaching complex problems from an attacker’s perspective. They will demonstrate deep knowledge of penetration testing methodologies, offensive security tooling, threat actor TTPs, and be able to clearly communicate technical findings and business risks to both technical teams and executive stakeholders. Additional responsibilities may include assessment of tools and resources for the team, doing hands-on pentesting work in training efforts and in cases of emergent customer needs.

WHAT YOU'LL DO

• Team Leadership: Manage an existing team of security consultants, helping to drive direction of the team’s research, overseeing testing efforts, and ensuring the quality of services delivered to our customers.
• Design, Refine and Manage Team Methodology: Help design, refine, and manage pentesting methodologies across multiple testing disciplines, and train the team on these methodologies.
• Sales Partnership: Partner closely with our Sales team in order to provide guidance on services and packages available, answer questions, and interface with potential customers.
• Manage Project and Team Knowledge: Document critical project information and internal knowledge to support ongoing testing efforts by the team, as well as continued growth for team members.
• Internal Training: Develop and execute training plans for current and future team members, creating an archive of training materials to propel team success; this includes creating business cases for specific training purchases, leveraging other experts within Fortra, and delivering self-created and taught trainings.
• Project & Report Reviews: Review and evaluate project results for quality and effectiveness of pentesting efforts by the team; Research, write, and review reports for delivery to customers.
• Automation & Tooling: Automate common testing techniques and create tooling to improve efficiency for the team.
• Research and Team Direction: Assist in developing the research direction for the Security Consulting Services team and provide
• Background in Pentesting Competencies: Be able to execute on pentesting projects to assist the team, including pentesting efforts in areas such as internal network pentesting, social engineering, red team operations, cloud penetration testing, or other pentesting specialty areas.
• Offensive Tooling Familiarity: Able to use and customize tools such as Cobalt Strike, Outflank, Core Impact, Silver, BloodHound, Burp Suite, develop and utilize custom tooling; and develop custom scripts for post-exploitation and evasion.
• Threat Simulation: Develop realistic threat scenarios based on MITRE ATT&CK, APT tactics, and current breach trends.
• Reporting: Write detailed, high-quality reports outlining technical vulnerabilities and exploitation techniques, severity levels, steps to reproduce, and actionable remediation steps.
• Client Communication: Brief clients on findings and provide strategic guidance on remediation, overall risk reduction, and tactics to increase security posture.
• Methodology Development: Contribute to the advancement of internal testing methodologies, tooling creation and improvements, and red team infrastructure.
• Security Research: Stay current with emerging threats, CVEs, offensive tactics, and evolving cloud security techniques.
• Skill Development: Perform ongoing research, analysis, and testing to enhance individual and team technical capabilities.
• Engagement Scoping: Assist in defining scope, estimating effort, and drafting statements of work (SOWs), including recommending tailored solutions for client needs.
• Mentorship: Coach and mentor less experienced staff, or those less experienced in specific expertise areas, to support professional development and service excellence.
• Content Development: Contribute to creating blog posts, articles, marketing or training materials, and participating in webinars or customer conferences.

QUALIFICATIONS

• Bachelor’s degree in Computer Science, Information Technology, or a related field, or equivalent experience.
• 3+ years of professional experience in penetration testing and offensive security consulting.
• At least 2 years of experience conducting red team operations.
• At least 2 years of practical experience in cloud penetration testing (AWS, Azure, etc.), including identification and exploitation of misconfigurations and IAM vulnerabilities.
• Generalized penetration testing experience in areas such as infrastructure penetration testing, and manual web, mobile, or API penetration testing.
• Ability to simulate real-world adversarial techniques and develop creative attack chains in controlled environments.
• Strong understanding of network protocols, Active Directory, privilege escalation techniques
• Demonstrated experience with C2 frameworks (Cobalt Strike, Silver, etc.)
• Proficiency in scripting or coding languages (Python, PowerShell, Bash, etc.)

PREFERRED QUALIFICATIONS

• Experience leading technical projects, mentoring peers, or contributing to the development of team best practices.
• Familiarity with application development in C, ASP, C#, Objective-C, Java, or .NET
• Prior experience with Cloud Security or Development Security Operations a plus
• Experience with mentoring and training within teams and partnering with Marketing teams to create valuable content for customers and prospects.

KEY COMPETENCIES

• Security and Technical Leadership: Expert-level security and technical knowledge and the ability to mentor and guide other team members through complex technical issues.
• Customer Focus: A strong commitment to understanding customer needs and delivering timely, accurate, and comprehensive testing and reporting results.
• Collaboration: Effective communication and collaboration within the team and partnering with cross-functional teams to solve for security consulting team infrastructure and tooling needs.
• Adaptability: Ability to handle a range of complex technical challenges during testing and tooling development.
• Analytical Thinking: Skilled in analyzing complex technical scenarios and determining potential opportunities.
• Proactive Problem Solving: Ability to identify critical project risks, drive preventive solutions, and maintain customer satisfaction through unanticipated testing challenges.