Senior Consultant Offensive Security (Noida)

Job Description: Senior Consultant – Offensive Security<\/span> <\/span> <\/b> (VA/PT, Red Team, AD, Cloud)<\/b> <\/span> <\/span> <\/p> Location:<\/span> <\/span> <\/b> Noida (preferred)/ Remote Experience:<\/b> 7–12+ years in security assessment<\/span> <\/span> <\/p> Role Summary<\/span> <\/span> <\/b> <\/p> We are seeking a Senior Consultant – Offensive Security<\/b> to lead and deliver end -to -end offensive security engagements including Vulnerability Assessments (VA), Penetration Testing (web and infrastructure), Red Teaming/purple teaming, Attack Surface Discovery, Active Directory (AD) security assessments, and Cloud Security assessments<\/b> (AWS/Azure/GCP). This role requires robust hands -on testing expertise, ability to scope and manage complex engagements, produce high -quality reports, and communicate risk and remediation guidance effectively to both technical and executive stakeholders.<\/span> <\/span> <\/p> Key Responsibilities<\/span> <\/span> <\/b> <\/p> 1) Delivery & Technical Execution<\/span> <\/span> <\/b> <\/p>
- Lead and execute Vulnerability Assessments<\/b> across internal/external environments, validate findings, and prioritize risk.<\/span> <\/span> <\/li>
- Perform Web Application Penetration Testing<\/b> (OWASP Top 10, business logic testing, API security testing).<\/span> <\/span> <\/li>
- Conduct Infrastructure / Network Penetration Testing<\/b> across enterprise networks, segmentation testing, and security control validation.<\/span> <\/span> <\/li>
- Execute Red Team engagements<\/b> including adversary emulation, stealthy operations, attach surface discovery, and attack -path discovery; coordinate purple team<\/b> activities with defenders.<\/span> <\/span> <\/li>
- Conduct Active Directory assessments<\/b>: privilege escalation paths, tiering model review, delegation abuse, misconfigurations, ADCS weaknesses, lateral movement simulation, and remediation roadmaps.<\/span> <\/span> <\/li>
- Perform Cloud Security Assessments<\/b> for AWS/Azure/GCP including IAM review, network security, storage exposure, logging/monitoring, KMS/secrets, and cloud -native attack paths.<\/span> <\/span> <\/li>
- Assess container/Kubernetes<\/b> and CI/CD security (where applicable), including misconfigurations and supply -chain risks.<\/span> <\/span> <\/li> <\/ul> 2) Scoping, Planning & Stakeholder Management<\/span> <\/span> <\/b> <\/p>
- Own engagement lifecycle: requirements gathering, scoping, rules of engagement, test planning, execution, and closure<\/b>.<\/span> <\/span> <\/li>
- Work with customers to define objectives, timelines, success criteria<\/b>, and realistic testing constraints.<\/span> <\/span> <\/li>
- Provide risk -based guidance<\/b> aligned with business impact and threat models.<\/span> <\/span> <\/li> <\/ul> 3) Reporting & Advisory<\/span> <\/span> <\/b> <\/p>
- Produce clear, accurate, and actionable deliverables:<\/span> <\/span> <\/li>
- Executive summaries and risk narratives<\/span> <\/span> <\/li>
- Technical findings with evidence and reproduction steps<\/span> <\/span> <\/li>
- Remediation guidance and compensating controls<\/span> <\/span> <\/li>
- Attack path diagrams and kill -chain mapping (for red team/AD)<\/span> <\/span> <\/li> <\/ul>
- Conduct readouts for technical teams and leadership; support remediation validation / retesting.<\/span> <\/span> <\/li>
- Map findings to relevant frameworks and standards where required (e.g., MITRE ATT&CK;, NIST, CIS, OWASP, ISO 27001<\/b>).<\/span> <\/span> <\/li> <\/ul> 4) Quality, Mentorship & Practice Development<\/span> <\/span> <\/b> <\/p>
- Ensure consistency and quality across test execution and reporting.<\/span> <\/span> <\/li>
- Mentor junior consultants; provide peer reviews on findings and reports.<\/span> <\/span> <\/li>
- Contribute to internal tooling, checklists, playbooks, and reusable test artifacts.<\/span> <\/span> <\/li>
- Support pre -sales activities: assist with proposals/SOW content, estimates, and solutioning (as needed).<\/span> <\/span> <\/li> <\/ul> Required Technical Skills<\/span> <\/span> <\/b> <\/p>
- Strong hands -on experience with:<\/span> <\/span> <\/li>
- Web App / API testing<\/span> <\/span> <\/b> (authentication, authorization, session management, SSRF, XXE, deserialization, injection classes, business logic, rate limiting)<\/span> <\/span> <\/li>
- Infrastructure testing<\/span> <\/span> <\/b> (AD environments, Windows/Linux, segmentation, VPN/remote access, common services)<\/span> <\/span> <\/li>
- Active Directory attack techniques<\/span> <\/span> <\/b> (Kerberos abuse, delegation abuse, credential dumping, misconfigurations, ADCS)<\/span> <\/span> <\/li>
- Cloud security<\/span> <\/span> <\/b> (AWS/Azure/GCP core services; IAM, networking, storage, logging, key management)<\/span> <\/span> <\/li> <\/ul>
- Proficiency with common tools (examples—equivalents acceptable):<\/span> <\/span> <\/li>
- Burp Suite, Nmap, Tenable, Metasploit, BloodHound, Impacket, CrackMapExec/NetExec, Responder, Horizon3<\/span> <\/span> <\/li>
- Cloud tooling: AWS/Azure/GCP CLI, ScoutSuite/Prowler/AzureHound (or similar)<\/span> <\/span> <\/li>
- Scripting/automation: Python, PowerShell, Bash<\/b> (at least one strong)<\/span> <\/span> <\/li> <\/ul>
- Strong understanding of security concepts: crypto basics, authN/authZ, secure architecture, detection/monitoring fundamentals, threat modeling.<\/span> <\/span> <\/li> <\/ul> Required Experience & Qualifications<\/span> <\/span> <\/b> <\/p>
- 7+ years<\/span> <\/span> <\/b> in offensive security / security assessment delivery (VA/PT/red team/AD/cloud).<\/span> <\/span> <\/li>
- Proven experience leading engagements end -to -end and interacting directly with customers.<\/span> <\/span> <\/li>
- Ability to write high -quality reports with clear remediation and prioritization.<\/span> <\/span> <\/li>
- Experience working in enterprise environments with complex networks and identity architectures.<\/span> <\/span> <\/li> <\/ul> Preferred Skills / Nice -to -Haves<\/span> <\/span> <\/b> <\/p>
- Experience with EDR evasion tradeoffs<\/b>, OPSEC, and red -team infrastructure (where allowed by ROE).<\/span> <\/span> <\/li>
- Mobile application testing (iOS/Android), thick client testing, or wireless assessments.<\/span> <\/span> <\/li>
- Kubernetes/container security assessments and CI/CD pipeline reviews.<\/span> <\/span> <\/li>
- Experience with compliance -driven assessments and control validation (SOC2/ISO/CIS benchmarks).<\/span> <\/span> <\/li>
- Familiarity with SIEM/EDR telemetry and detection engineering concepts (for purple teaming).<\/span> <\/span> <\/li> <\/ul> Certifications (Preferred)<\/span> <\/span> <\/b> <\/p> One or more of the following (or equivalent experience):<\/span> <\/span> <\/p>
- OSCP, OSCE/OSWE, OSEP, CRTO, GXPN, GPEN<\/span> <\/span> <\/b> <\/li>
- AWS Security Specialty / Azure Security Engineer / GCP security certs<\/span> <\/span> <\/b> <\/li>
- CEH<\/span> <\/span> <\/b> (less preferred unless combined with strong hands -on experience)<\/span> <\/span> <\/li> <\/ul> Key Competencies<\/span> <\/span> <\/b> <\/p>
- Strong analytical and problem -solving skills; ability to chain weaknesses into attack paths.<\/span> <\/span> <\/li>
- Excellent communication: can translate technical issues into business risk.<\/span> <\/span> <\/li>
- Independent, organized, and capable of managing multiple engagements.<\/span> <\/span> <\/li>
- High ethics and professionalism; strict adherence to rules of engagement and confidentiality.<\/span> <\/span> <\/li> <\/ul> <\/div> <\/span> Apply on Kit Job: kitjob.in/job/4ndo6e