Principal Security Consultant (Red Team Operator)

NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.

NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers.

Join our mission as a Principal Security Consultant. We're seeking a seasoned security professional who combines deep technical expertise in adversarial simulation with exceptional communication skills to engage both executives and technical teams with equal impact.

Our globally deployed Red Team to compromise some of the world's most sophisticated and heavily fortified networks. As an operator, you'll collaborate with industry-leading experts while wielding cutting-edge proprietary tools that set the standard for offensive security operations.

In this role, you'll leverage your strategic problem-solving abilities, foster high-performance team dynamics, and drive innovative methodologies to deliver transformative engagements that consistently surpass client expectations.

Responsibilities:

• Lead comprehensive red team operations by serving as the primary technical operator on both threat intelligence-driven and standard adversarial engagements, where you'll strategically plan scenario execution, orchestrate team resources and timelines, and make critical technical decisions that drive successful outcomes in complex, high-stakes environments.
• Leverage deep technical expertise in operating systems, network architecture, and infrastructure fundamentals to execute sophisticated attack chains and navigate complex enterprise environments during red team operations.
• Pioneer cutting-edge offensive security capabilities in coordination with our dedicated malware and capability developers by researching, developing, and operationalizing innovative techniques, proprietary tools, and advanced methodologies that push the boundaries of adversarial simulation and red team effectiveness.
• Offer mentorship or coaching to growing team members, while sharing knowledge externally through blogs, webinar presentations, or presenting at conferences.
• Collaborate with cross-functional teams on key activities, including scoping initiatives, providing subject matter expertise in high-stakes sales presentations, and contributing strategic technical insights to marketing campaigns that showcase our capabilities.
• Help define, document, and continuously refine internal technical processes, service methodologies, and tactical procedures (TTPs) that standardize excellence across all engagements.

Minimum Qualifications:

• Bachelor’s degree or higher, with a focus on IT, Computer Science, Engineering or Math or equivalent skills/experience
• For UK operations, the ability to hold or maintain security clearance may be required
• 5+ years of work experience performing adversarial simulation related engagements
• Experience performing threat intelligence-led adversarial attack simulations in accordance with a regulatory framework (i.e., CBEST, GBEST, TIBER-EU, HKMA iCAST, etc.)
• Recognized Red Team or Penetration testing specific qualifications such as CCSAS, CCSAM, CRTO, OSED, OSCE (GXPN, GPEN, OSCP, GWAPT or similar certifications may also be considered)
• Familiarity with offensive tools, based on applicable
• Deep technical familiarity with offensive and defensive IT concepts and protocols
• Working knowledge of Windows, Linux and MacOS operating systems internals
• Extensive understanding of the OWASP Top 10, MITRE ATT&CK framework, and various security frameworks
• Ability to work independently and as part of a team
• Proficient communication skills, both written and verbal
• Willingness to travel up to 5-10% minimum
• This position requires an 8-hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needs in line with scenario context

Preferred Qualifications:

• Experience in one or more of the following programming or scripting languages (e.g., Ruby, Python, Perl, C, C++, Java, and C#)

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.