Consultant, Cyber Adversarial Emulation

Ensign is hiring !

Consultant, Cyber Adversarial Emulation

Duties and Responsibilities

• Conduct Vulnerability Assessments (VA), Penetration Testing (PT) and Red Teaming across various technologies but not limited to networks, web, mobile, thick client applications, cloud environments (AWS, Azure, GCP, alicloud), kubernetes and operational technology (OT)
• Enhance internal VAPT and red team capabilities by developing scripts, automating processes and researching the latest exploitation Tactics, Techniques and Procedures (TTPs) used by threat actors.
• Provide technical support to the pre-sales team and ensure clear communication of complex client requirements.
• Lead and mentor a team of consultants, ensuring effective communication of vulnerabilities and remediation recommendations to clients. Foster a culture of innovation, continuous improvement and knowledge sharing within the team.
• Organise and participate in Capture-The-Flag (CTF) events, both internally and externally.
• Collaborate with other cybersecurity teams within Ensign to provide actionable insights to clients.

Requirements

• Familiarity with cyber security principles (e.g. networking, web development, vulnerability classes) and industry best practices (e.g. OWASP Top 10, MITRE ATT&CK Framework and Cybersecurity Code of Practice (CCOP))
• Experienced in consulting, including both internal and client-facing engagements
• Ability to lead projects independently and communicate effectively with clients.
• Proficiency in programming/scripting languages such as .NET, Python, Bash and PowerShell.
• Possess relevant cybersecurity certifications (OSCP, OSCE3, CRT, CRTO) or accredited experience through CTF participation and Bug Bounties.
• Willing to travel internationally when required.

Preferred Qualifications/Skills

• At least 5 years of consulting experience
• Proficient with security testing tools such as Nessus, Burp Suite, Frida, dex2jar, etc.
• Offensive Cyber Security Certifications (e.g. OSCP, CRT preferred)
• Experience in mobile application security testing (Android/iOS).
• Familiarity with red teaming tools such as Cobalt Strike, GoPhish, Sliver etc.
• Expertise in source code review using automated scanners such as Checkmarx
• Experience in reverse engineering or malware development
• Competency in static and dynamic analysis
• Experience working in diverse security testing environments, including using jump hosts, VPNs, testing in GCC AWS/Azure, and both onsite and remote setups.
• A self-motivated learner with a passion for developing and leading teams to deliver professional services and enhance local capabilities.