Associate Consultant, Security Testing and Red Teaming

Ensign is hiring !

Roles and Responsibilities

• Conduct penetration testing engagements under the guidance of senior consultants, including:
  • Web application penetration testing
  • Network and infrastructure penetration testing (internal and external)
  • Cloud security testing (e.g. AWS, Azure, GCP)
  • Mobile application penetration testing
  • IOT penetration testing
  • OT penetration testing
• Execute assigned testing activities responsibly and professionally, following defined scopes, rules of engagement, and methodologies.
• Identify, validate, and exploit security vulnerabilities using industry-standard tools and manual techniques.
• Document findings clearly and accurately, including technical details, evidence, and remediation recommendations.
• Assist in preparing high-quality technical reports and contribute to executive-level summaries.
• Participate in engagement activities such as kick-off calls, scoping discussions, and post-engagement briefings where appropriate.
• Collaborate with team members during testing, including peer reviews and technical walkthroughs.
• Maintain detailed testing notes, logs, and artifacts to support quality assurance and reporting.
• Continuously develop technical skills across penetration testing, exploitation techniques, and security fundamentals.
• Stay current with emerging vulnerabilities, attack techniques, and offensive security tooling.
• Over time, support or participate in broader offensive security activities, such as:
  • Adversary simulation and red teaming exercises
  • Automation or tooling development
  • Security research and proof-of-concept development

Requirements

• Offensive Security Certified Professional (OSCP) certification is required.
• Strong understanding of penetration testing methodologies and ethical hacking principles.
• Solid foundations in:
  • TCP/IP networking
  • Operating systems (Windows and Linux)
  • Web application architecture and common vulnerabilities
• Exposure to scripting or programming (e.g. Python, Bash, PowerShell).
• Familiarity with common vulnerability classes (e.g. OWASP Top 10, misconfigurations, credential abuse).
• Basic understanding of Active Directory security concepts.
• Exposure to cloud platforms or containerised environments will be useful.
• Hands-on experience using common penetration testing tools (e.g. Burp Suite, Nmap, Metasploit, BloodHound).
• Ability to write clear, structured, and technically accurate documentation and reports.
• Strong desire to grow into advanced offensive security and red teaming roles.
• Strong analytical mindset and problem-solving skills.
• Professional conduct, integrity, and respect for confidentiality.