Principal Penetration Tester
Altus Consulting seeks a seasoned cybersecurity professional to spearhead our penetration testing initiatives. As a key member of our elite team, you'll play a crucial role in safeguarding some of the world's most critical digital infrastructure.
Core Responsibilities:
- Design and execute sophisticated penetration tests across complex networks, systems, and applications
- Craft compelling, actionable reports that translate technical findings into clear business impact
- Collaborate closely with clients to develop tailored remediation strategies that drive meaningful security improvements
- Push the boundaries of penetration testing innovation through research and development of novel TTPs
- Contribute to Altus Consulting's thought leadership efforts via publications, presentations, and industry forums
- Lead quality assurance initiatives for our suite of penetration testing services
- Engage in cross-functional collaboration to enhance our overall security offerings
Ideal Candidate Profile:
We are seeking candidates with a degree in Computer Science, Computer Engineering, or a related technical field. Alternatively, we will consider individuals with equivalent professional experience that demonstrates comparable skills and knowledge.
To be considered equivalent, candidates should be able to prove or quantify their experience through:
- Relevant work history demonstrating hands-on experience in computer science/engineering principles
- Completed projects or certifications that align with our technical requirements
- Demonstrated proficiency in key skills like programming languages, algorithms, software design, etc.
- Relevant coursework or training if transitioning from another field
We value both formal education and practical experience. Candidates who can show they have acquired equivalent knowledge through non-traditional means (e.g. self-study, online courses, bootcamps) are encouraged to apply.
Applicants should be prepared to discuss their qualifications in detail during the interview process.
Key Skills to Focus On:
- Programming languages like Python, Java, C++, Linux scripting
- Network and application security knowledge
- Familiarity with security assessment tools
- Threat modeling and cryptography skills
- Knowledge of operating systems (Windows, Linux, macOS)
- Experience with penetration testing frameworks and tools
Highly Valued Certifications:
- OSCE (Offensive Security Certified Professional)
- OSCP (Online Courses I'm Secure Pwnage)
- CPTS (Certified Penetration Testing Specialist)
- GPEN (GIAC Penetration Tester)
- GXPN (GIAC Exploit Programmer)
- CRTO (Certified Red Team Operator)
Additional Considerations:
- Familiarity with emerging threats and attack vectors in cloud and containerized environments
- Experience with automated vulnerability scanning and exploitation platforms
- Knowledge of security frameworks and regulations relevant to commercial companies
- Track record of contributing to open-source security projects or publishing research in the field
What We Offer:
- Competitive compensation and benefits package
- Opportunities for professional development
- Collaborative, dynamic work environment
- Chance to work on cutting-edge security challenges
About Our Team:
Altus Consulting believes it's essential to keep innovating while safeguarding our digital infrastructure. Our team ensures that we maintain a secure operating environment and preserve the trust of our customers, partners, and stakeholders. We bring together a variety of services and capabilities to help prevent fraud, detect threats, and manage digital risk and access. In addition to mitigating attack risks and securing cloud transformation, we foster in our team members a culture of innovation and reliability.
Key Campaign Activities:
- Execute full-scale, assumed breach, and transparent/collaborative campaigns
- Develop, curate, and leverage offensive security tooling
- Manage and configure campaign infrastructure
- Research and develop attacks on vulnerable systems and defensive tooling (e.g., AntiVirus, EDR, XDR)
- Provide ongoing consulting to defense teams as they design and implement responses to campaign findings
We're looking for candidates who can leverage their expertise in scripting, development, attack infrastructure, social engineering, and offensive security tooling to execute simulated attacks against our clients' networks and subsidiaries spanning the globe.
If you're passionate about pushing the boundaries of cybersecurity and want to join a team that's reshaping how organizations defend against modern threats, we encourage you to apply. Together, we can create a safer digital world for all.
