Lead Offensive Security Specialist

Location: Remote
Department - Risk Consulting: Technology Assurance (Cyber Security)
Reports to: Head of Offensive Security (OffSec)

Job Overview:

At ThriftTech Solutions, we seek a Lead Offensive Security Specialist to drive our cybersecurity efforts. This role involves supporting the execution of our comprehensive offensive security services, deeply understanding client needs, crafting innovative solutions, and communicating findings with exceptional clarity. Our ambition is to cement our status as trusted advisors to our clients in the face of evolving cyber threats.

Key Responsibilities:

Client Engagement and Account Management:

  • Work closely with clients to grasp their cybersecurity concerns.
  • Convert complex client issues into solutions that align with our Offensive Security offerings at ThriftTech Solutions.
  • Master understanding of project schedules, resource allocation, and pricing.
  • Become familiar with our approach to proposals, occasionally leading in proposal creation and presentations.
  • Assist in growing existing client relationships and securing new business opportunities.
  • Learn about the sectors and industries ThriftTech Solutions targets.

Offensive Security:

  • Perform various types of penetration testing, including:
    • Vulnerability assessments and ongoing monitoring
    • Testing external infrastructure
    • Managing external attack surfaces
    • Assessing web applications and APIs
    • Conducting phishing and spear phishing exercises
    • Testing internal networks
    • Evaluating mobile applications for Android and iOS
    • Securing Operational Technology (OT) and Internet of Things (IoT)
    • Testing cloud environments
    • Gathering Open-Source Intelligence (OSINT)
    • Reviewing configurations of cloud services, applications, hardware builds, and firewalls

Delivery & Client Communications:

  • Present findings through reports, presentations, and briefings.
  • Stay updated on threat intelligence, including threat actors and industry developments in security practices and tools.
  • Create and present client-specific threat profiles, assessments, and dark web investigations.

Project Management:

  • Support virtual CISO (vCISO) initiatives by leveraging ThriftTech Solutions' full suite of expertise and resources.
  • Work alongside incident response, ethical hacking, and digital forensics teams to enhance client support.
  • Help manage ongoing client relationships through retainers.
  • Assist with the delivery of our Attack Surface Management (ASM) service.

Internal Initiatives and Strategy:

  • Contribute to internal projects focused on product development, process refinement, technological advancements, and efficiency.
  • Help adapt security frameworks to produce innovative products.
  • Question established methods and propose new strategies to improve our services.
  • Enhance documentation and refine testing methodologies as needed.

Professional Development and Domain Knowledge:

  • Dedicate to ongoing professional growth in all aspects of cybersecurity, meeting personal development goals.
  • Engage in at least one formal external training course each financial year, in addition to internal training.
  • Share expertise with colleagues, contributing to internal education efforts and initiatives.

Qualifications:

Minimum Requirements to Apply for the Role:

Experience

  • A minimum of 5 to 8 years working in Information Security or a related technology field, including at least 2 years of leadership in relevant areas.

Education

  • Bachelor’s degree in Computer Science from an accredited institution, or equivalent professional experience.

Certifications

  • Holding advanced security certifications such as CISSP, OSCP, OSCE, or their equivalents.

Technical Skills

  • Proven track record in leading and performing penetration tests, red team, purple team, and technical vulnerability assessments.
  • Extensive experience with security assessments of infrastructure, operating systems (including Active Directory), and applications, measured against industry benchmarks.
  • Proficient in conducting cloud security assessments for environments like Azure, AWS, and Google Cloud.
  • Advantageous: Experience in Operational Technology (OT) security assessments.

Professional Engagement

  • A demonstrated history in security research with experience in presenting at or attending cybersecurity conferences.

Soft Skills

  • Exceptional written and verbal communication skills, adept at facilitation, leadership, business development, and delivering presentations.

Competitive Benefits Package:

  • Health insurance
  • Dental and vision care
  • Retirement plans
  • Paid time off, including vacation, sick days, and public holidays
  • Parental leave options

Professional Development:

  • Reimbursement for continuing education and certification courses
  • Access to industry conferences and workshops
  • In-house training programs or mentorship opportunities
  • Clear career progression paths within the organization

Work-Life Balance/ Integration:

  • Fully Remote, with flexible working hours
  • Wellness programs & gym membership discounts
  • Mental health support services
  • Time off

How to Apply

Please send your resume, a cover letter detailing your offensive security experience, and any relevant certifications or work samples to: connect@tt-solutions.co.za.