Senior Consultant Offensive Security

Job Description: Senior Consultant –
Offensive Security (VA/PT, Red Team, AD, Cloud)

Location: Noida (preferred)/ Remote
Experience: 7–12+ years in security assessment

Role Summary

We are seeking a Senior Consultant – Offensive Security to lead
and deliver end -to -end offensive security engagements including Vulnerability
Assessments (VA), Penetration Testing (web and infrastructure), Red
Teaming/purple teaming, Attack Surface Discovery, Active Directory (AD)
security assessments, and Cloud Security assessments (AWS/Azure/GCP). This
role requires strong hands -on testing expertise, ability to scope and manage
complex engagements, produce high -quality reports, and communicate risk and
remediation guidance effectively to both technical and executive stakeholders.

Key Responsibilities

1) Delivery & Technical Execution

• Lead and
  execute Vulnerability Assessments across internal/external
  environments, validate findings, and prioritize risk.
  
• Perform Web
  Application Penetration Testing (OWASP Top 10, business logic testing,
  API security testing).
  
• Conduct Infrastructure
  / Network Penetration Testing across enterprise networks, segmentation
  testing, and security control validation.
  
• Execute Red
  Team engagements including adversary emulation, stealthy operations, attach
  surface discovery, and attack -path discovery; coordinate purple team activities with defenders.
  
• Conduct Active
  Directory assessments: privilege escalation paths, tiering model
  review, delegation abuse, misconfigurations, ADCS weaknesses, lateral
  movement simulation, and remediation roadmaps.
  
• Perform Cloud
  Security Assessments for AWS/Azure/GCP including IAM review, network
  security, storage exposure, logging/monitoring, KMS/secrets, and
  cloud -native attack paths.
  
• Assess container/Kubernetes and CI/CD security (where applicable), including misconfigurations and
  supply -chain risks.
  

2) Scoping, Planning & Stakeholder
Management

• Own engagement
  lifecycle: requirements gathering, scoping, rules of engagement, test
  planning, execution, and closure.
  
• Work with
  customers to define objectives, timelines, success criteria, and
  realistic testing constraints.
  
• Provide risk -based
  guidance aligned with business impact and threat models.
  

3) Reporting & Advisory

• Produce clear,
  accurate, and actionable deliverables:
  
• Executive
  summaries and risk narratives
  
• Technical
  findings with evidence and reproduction steps
  
• Remediation
  guidance and compensating controls
  
• Attack path
  diagrams and kill -chain mapping (for red team/AD)
  
• Conduct
  readouts for technical teams and leadership; support remediation
  validation / retesting.
  
• Map findings to
  relevant frameworks and standards where required (e.g., MITRE
  ATT&CK, NIST, CIS, OWASP, ISO 27001).
  

4) Quality, Mentorship & Practice
Development

• Ensure
  consistency and quality across test execution and reporting.
  
• Mentor junior
  consultants; provide peer reviews on findings and reports.
  
• Contribute to
  internal tooling, checklists, playbooks, and reusable test artifacts.
  
• Support
  pre -sales activities: assist with proposals/SOW content, estimates, and
  solutioning (as needed).
  

Required Technical Skills

• Strong hands -on
  experience with:
  
• Web App / API
  testing (authentication, authorization, session management,
  SSRF, XXE, deserialization, injection classes, business logic, rate
  limiting)
  
• Infrastructure
  testing (AD environments, Windows/Linux, segmentation,
  VPN/remote access, common services)
  
• Active
  Directory attack techniques (Kerberos abuse, delegation
  abuse, credential dumping, misconfigurations, ADCS)
  
• Cloud security (AWS/Azure/GCP core services; IAM, networking, storage, logging, key
  management)
  
• Proficiency
  with common tools (examples—equivalents acceptable):
  
• Burp Suite,
  Nmap, Tenable, Metasploit, BloodHound, Impacket, CrackMapExec/NetExec,
  Responder, Horizon3
  
• Cloud tooling:
  AWS/Azure/GCP CLI, ScoutSuite/Prowler/AzureHound (or similar)
  
• Scripting/automation: Python, PowerShell, Bash (at least one strong)
  
• Strong
  understanding of security concepts: crypto basics, authN/authZ, secure
  architecture, detection/monitoring fundamentals, threat modeling.
  

Required Experience &
Qualifications

• 7+ years in offensive
  security / security assessment delivery (VA/PT/red team/AD/cloud).
  
• Proven
  experience leading engagements end -to -end and interacting directly with
  customers.
  
• Ability to
  write high -quality reports with clear remediation and prioritization.
  
• Experience
  working in enterprise environments with complex networks and identity
  architectures.
  

Preferred Skills / Nice -to -Haves

• Experience with EDR evasion tradeoffs, OPSEC, and red -team infrastructure (where
  allowed by ROE).
  
• Mobile
  application testing (iOS/Android), thick client testing, or wireless
  assessments.
  
• Kubernetes/container
  security assessments and CI/CD pipeline reviews.
  
• Experience with
  compliance -driven assessments and control validation (SOC2/ISO/CIS
  benchmarks).
  
• Familiarity
  with SIEM/EDR telemetry and detection engineering concepts (for purple
  teaming).
  

Certifications (Preferred)

One or more of the following (or equivalent experience):

• OSCP,
  OSCE/OSWE, OSEP, CRTO, GXPN, GPEN
  
• AWS Security
  Specialty / Azure Security Engineer / GCP security certs
  
• CEH (less
  preferred unless combined with strong hands -on experience)
  

Key Competencies

• Strong
  analytical and problem -solving skills; ability to chain weaknesses into
  attack paths.
  
• Excellent
  communication: can translate technical issues into business risk.
  
• Independent,
  organized, and capable of managing multiple engagements.
  
• High ethics and
  professionalism; strict adherence to rules of engagement and
  confidentiality.