Senior Security Consultant- Threat & Attack Simulation- Remote (Anywhere in the U.S.) jobs in United States
cer-icon
Apply on Employer Site
company-logo

GuidePoint Security · 9 hours ago

Senior Security Consultant- Threat & Attack Simulation- Remote (Anywhere in the U.S.)

positionUnited States
timeFull-time
remoteRemote
seniorityMid, Senior Level
date4+ years exp

GuidePoint Security provides trusted cybersecurity expertise, solutions, and services to help organizations minimize risk. As a Senior Security Consultant, you will lead and execute offensive security engagements, mentor team members, and contribute to the growth of the practice while fostering strong client relationships.

Cyber SecurityInformation TechnologySecurity
check
Comp. & Benefits
check
H1B Sponsor Likelynote

Responsibilities

Lead and execute assessments including red team operations, purple team exercises, external and internal network penetration tests, cloud penetration tests, application and API security assessments, Active Directory security reviews, wireless security assessments, social engineering campaigns, and custom engagements — with minimal technical oversight
Map assessment activities to the MITRE ATT&CK framework and align engagements with industry methodologies such as PTES, OWASP, and NIST guidelines
Perform reconnaissance, exploitation, post-exploitation, lateral movement, and privilege escalation across enterprise environments including on-premises infrastructure, cloud platforms (AWS, Azure, GCP), and hybrid architectures
Assess cloud-native environments including IAM configurations, serverless functions, container orchestration, and Infrastructure-as-Code deployments
Conduct application and API penetration testing targeting OWASP Top 10 vulnerabilities, business logic flaws, and authentication/authorization weaknesses
Evade defensive controls including EDR, NDR, email security gateways, and network segmentation during red team operations
Author comprehensive assessment deliverables tailored to both technical and executive audiences that fully detail technical execution, root-cause deficiencies, business impact, and realistic remediation strategies
Communicate findings confidently to both technical teams and non-technical leadership, translating complex attack chains into clear business risk
Contribute to marketing and thought leadership through publishing research, speaking at industry conferences, authoring blog articles and whitepapers, hosting webinars, and developing security tools
Build automation, orchestration, and scripting solutions to reduce manual processes, improve efficiency, and enable new capabilities for evolving client needs
Develop and improve offensive tooling, custom implants, and C2 infrastructure to support assessment operations
Assist with practice development including improving existing service offerings, creating new offerings, and identifying emerging assessment areas such as AI/LLM security testing
Mentor junior and mid-level team members through regular one-on-one and group technical sessions, knowledge sharing, and hands-on guidance during engagements
Build strong client relationships by providing interactive, collaborative support and guidance that maximizes the value of every engagement
Represent GuidePoint professionally during pre-sales calls, scoping discussions, and client debriefs

Qualification

OSCP certificationOffensive security assessmentsActive Directory techniquesOffensive security toolsetsScriptingProgrammingCloud penetration testingApplication security testingClient relationship buildingWritten communicationTime management

Required

OSCP (Offensive Security Certified Professional) certification
Minimum of 4 years of experience performing offensive security assessments (penetration testing, red teaming, or adversary emulation)
Minimum of 2 years of experience in an enterprise-level consulting or professional services role
Intermediate knowledge of and practical experience with Active Directory attack techniques and privilege escalation
Proficiency in at least one scripting or programming language (Python, PowerShell, Bash, C#, or Go)
Experience with offensive security toolsets such as Cobalt Strike, Metasploit, Burp Suite, BloodHound, Impacket, or similar commercial and open-source frameworks
Strong written communication skills with the ability to produce client-ready reports that rarely require significant revision before delivery
Ability to manage time effectively across concurrent engagements and communicate issues promptly when they arise

Preferred

Internal operational security experience (non-consulting) in an enterprise environment
6+ years of combined IT and information security experience
Hands-on cloud penetration testing experience across AWS, Azure, or GCP, including IAM abuse, serverless exploitation, container breakout, and cloud-native attack paths
Application and API security testing experience (OWASP Top 10, business logic testing, source code review)
Experience with AI/LLM security assessments (prompt injection, data exfiltration, model manipulation)
Practical experience evading modern defensive controls (EDR bypass, NDR evasion, AMSI bypass, ETW patching)
Experience developing custom offensive tools, loaders, or C2 frameworks
Active community involvement: conference speaking, blog or whitepaper authoring, open-source tool development, podcast appearances

Benefits

Yearly training budget to support certifications, as it relates to the role
Conference sponsorship (attendance and speaking)
Dedicated research and development time
Remote-first work environment with flexible scheduling
Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)
Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
12 corporate holidays and a Flexible Time Off (FTO) program
Healthy mobile phone and home internet allowance
Eligibility for retirement plan after 2 months at open enrollment
Pet Benefit Option

Company

GuidePoint Security

twittertwittertwitter
company-logo
GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations minimize risk.
dateFounded in 2011
location
Reston, Virginia, USA
people-size1001-5000 employees
web-link
https://www.guidepointsecurity.com/

H1B Sponsorship

GuidePoint Security has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (11)
2024 (14)
2023 (2)
2022 (1)

Funding

Current Stage
Late Stage
Total Funding
unknown
Key Investors
Audax Private Equity
2023-10-10Private Equity

Leadership Team

leader-logo
Michael Volk
Chairman & CEO
linkedin
J
Joe Leonard
CTO & VP Security Strategy
linkedin

Recent News

Business Wire
1Password Accelerates Channel Momentum with Expanded Global Partner Program to Capture Identity Security Demand Across SaaS and AI-Driven Work
2026-02-05
GlobeNewswire
Gigamon Recognizes Top Global Partners at 2026 Sales Kickoff
2026-01-22
Business Wire
Ransomware Victims and Threat Groups Surge to Record Levels, GuidePoint Security Finds
2026-01-16
Company data provided by crunchbase