Principal Consultant, Offensive Security (Unit 42)

OverviewPrincipal Consultant, Offensive Security (Unit 42) — The Principal Consultant on the Offensive Security team focuses on assessing and challenging the security posture across a portfolio of clients. The role utilizes a variety of tools, acts as a key team member and leader in client engagements, and serves as the client’s advocate for cybersecurity best practices with strong recommendations.Your CareerThe Principal Consultant on the Offensive Security team is focused on assessing and challenging the security posture across a comprehensive portfolio of clients. The individual will utilize a variety of tools developed and act as a key team member and leader in client engagements. They will be the client’s advocate for cybersecurity best practices and will provide strong recommendations in this domain.Your ImpactPerform red and purple team assessments (with and without industry regulator oversight), assumed breach assessments (red team engagements with a pre-deployed implant), ransomware readiness reviews (assessing susceptibility to modern ransomware threats), threat analysis and social-engineering assessmentsDevelop scripts, tools, and methodologies to automate and streamline internal processes and engagementsConduct cloud penetration testing engagements to assess workloads (e.g., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and exploit identified weaknesses with client permissionLead scoping and services overview conversations with clients for prospective engagements, presenting testing approaches and methodologies to audiences from technical to executive levelsDetermine processes and procedures for assignments; on large engagements, lead technical workstreams with guidance as requiredLead client communications on engagements, including highly technical matters, ensuring inquiries are answered promptlyDeliver engagement leadership through to completion, manage engagement economics to meet deadlines and budgets, and uphold high quality standardsMentor and coach new team members, lead by example, delegate tasks, and provide feedback to ensure high-quality resultsTravel as needed to meet business demandsQualifications8+ years of professional experience with cybersecurity tools, technologies, and methods focused on Red/Purple TeamingDeep understanding of how malicious software works (malware, trojans, rootkits, etc.)Ability to modify known or craft custom exploits manually without dependence on consumer toolsAbility to create bypasses to security tools and weaponize payloads for social-engineering engagementsExperience with evasion techniquesStrong experience with Active Directory and attack kill chainExperience with penetration testing, administering and troubleshooting major Linux, Windows, and cloud IaaS/PaaS/SaaS providers (AWS, GCP, Azure)Experience with scripting and coding (Perl, Python, Ruby, Bash, C/C++, C#, Java)Ability to read and interpret results from mobile code, malicious code, and antivirus softwareExperience with threat-intelligence led red teaming frameworks (e.g., CORIE, CBEST, TIBER-EU)Track record of driving innovation and improvement in your area of expertise and identifying emerging trendsBachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or equivalent experienceProfessional certifications such as OSCE, OSCP, CREST CRT, GPEN, CCSASAdditional InformationThe Team: Unit 42 brings together threat researchers and security consultants to create an intelligence-driven, response-ready organization focused on adversary readiness and protecting customers.Our Commitment: We solve problems, take risks, and challenge cybersecurity’s status quo. We are committed to diverse, inclusive teams and provide accommodations for qualified individuals with disabilities. If you require assistance, contact accommodations@paloaltonetworks.com.EEO Statement: Palo Alto Networks is an equal opportunity employer. All qualified applicants will receive consideration without regard to protected characteristics.Seniority levelAssociateEmployment typeFull-timeJob functionConsultingIndustries: Computer and Network Security #J-18808-Ljbffr