Position: Senior Security Consultant- Threat & Attack Simulation- Remote (Anywhere in the U.S.)
GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation's top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.
Location: Remote (United States). Travel up to 25% for onsite assessments, client engagements, and company event attendance
Why GuidePoint TAS Team?
You’ll work alongside some of the sharpest offensive security professionals in the industry on diverse, challenging engagements — from red teaming Fortune 500 companies to cloud penetration tests against complex multi-cloud environments and purple team exercises that directly improve client detection capabilities. We invest in your growth through training budgets, certification support, conference sponsorship, and dedicated research time. Your ideas directly shape our service offerings, and your published research and conference talks build your personal brand while advancing the practice.
GuidePoint’s Threat & Attack Simulation Practice provides attack-oriented professional services including Red Teaming, Purple Teaming, Network Penetration Testing, Cloud Penetration Testing, Social Engineering, and custom assessments to address unique security concerns for our clients. Our service offerings evolve continuously in response to emerging threats and diverse client needs — your creativity and expertise will help us stay ahead.
About the Role
As a Senior Security Consultant, you will be a technically skilled and reliable team member who delivers exceptional results across the full range of our offensive security offerings. Your primary responsibilities include performing challenging and complex assessments, mentoring less experienced team members, and contributing to the practice’s growth and improvement.
What You’ll DoLead and Execute Offensive Engagements
• Lead and execute assessments including red team operations, purple team exercises, external and internal network penetration tests, cloud penetration tests, application and API security assessments, Active Directory security reviews, wireless security assessments, social engineering campaigns, and custom engagements — with minimal technical oversight
• Map assessment activities to the MITRE ATT&CK framework and align engagements with industry methodologies such as PTES, OWASP, and NIST guidelines
• Perform reconnaissance, exploitation, post-exploitation, lateral movement, and privilege escalation across enterprise environments including on-premises infrastructure, cloud platforms (AWS, Azure, GCP), and hybrid architectures
• Assess cloud-native environments including IAM configurations, serverless functions, container orchestration, and Infrastructure-as-Code deployments
• Conduct application and API penetration testing targeting OWASP Top 10 vulnerabilities, business logic flaws, and authentication/authorization weaknesses
• Evade defensive controls including EDR, NDR, email security gateways, and network segmentation during red team operations
Deliver High-Quality Reporting
• Author comprehensive assessment deliverables tailored to both technical and executive audiences that fully detail technical execution, root‑cause deficiencies, business impact, and realistic remediation strategies
• Communicate findings confidently to both technical teams and non‑technical leadership, translating complex attack chains into clear business risk
Build and Improve the Practice
• Contribute to marketing and thought leadership through publishing research, speaking at industry conferences, authoring blog articles and whitepapers, hosting webinars, and developing security tools
• Build automation, orchestration, and scripting solutions to reduce manual processes, improve efficiency, and enable new capabilities for evolving client needs
• Develop and improve offensive tooling, custom implants, and C2 infrastructure to support assessment operations
• Assist with practice development including improving…