Lead Security Consultant - Offensive Security

Cyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients. We specialize in multi-technology, complex environments with the speed and agility needed to tackle the most advanced cyber threats. We leverage our global scale and decades of experience to accelerate our clients’ cyber outcomes through a full lifecycle of cybersecurity services. We are a global company with operating centers in the United States, Canada, the United Kingdom, and India.

About the Role:

We are seeking a highly skilled and experienced Lead Security Consultant specializing in penetration testing to join our cybersecurity consulting team. In this role, you will lead complex security assessments, manage client relationships, and provide technical leadership and mentorship to junior consultants. You will work across various industries to help clients identify and mitigate security vulnerabilities in their networks, applications, and systems.

• Lead and execute advanced penetration tests across internal/external networks, web/mobile apps, APIs, cloud, and wireless environments
• Perform vulnerability assessments and exploit development to assess system and application security
• Design and conduct red and purple team exercises simulating real-world adversary tactics (TTPs)
• Develop assessment plans and tailor testing methodologies to client environments
• Create detailed, high-quality reports and present findings to technical and executive audiences
• Serve as client-facing lead throughout the engagement lifecycle (scoping to post-delivery support)
• Mentor junior consultants and support development of internal tools and methodologies
• Research emerging threats, attack techniques, and offensive security tools
• Support presales efforts including scoping, proposals, and client presentations
• Conduct threat analysis and provide mitigation guidance based on trends and attack patterns
• Correlate and analyze threat data to identify indicators of compromise and attacker behaviour
• Produce threat intelligence summaries and track evolving trends across industries
• Collaborate on cross-functional research projects under tight deadlines
• Develop tools, scripts, and automated processes to enhance testing and reporting workflows

• 5+ years of hands-on experience in penetration testing and offensive security in the following areas:
• Executing network, wireless, web application, and API penetration tests
• Experience with Active Directory (AD) and Kerberos
• Experience conducting vulnerability management and assessments
• Experience conducting social engineering assessments
• Experience conducting Purple Team and Red Team exercises
• Deep understanding of network protocols, operating systems, web technologies, and application security concepts
• Strong experience with industry-standard tools (e.g., Burp Suite, Cobalt Strike, Metasploit, Nmap, Nessus, etc.)
• Demonstrated experience conducting Red Team operations or simulated adversary engagements
• Proficiency in scripting or coding (Python, Bash, PowerShell, etc.)
• Relevant certifications such as OSCP, OSCE, GPEN, GWAPT, or equivalent
• Excellent communication skills, both written and verbal
• Ability to lead teams and manage client expectations in high-pressure environments
• Source code review for control flow and security flaws
• General knowledge of the MITRE ATT&CK Framework