Ensign is hiring !
Associate Consultant, Security Testing and Red Teaming
Roles and Responsibilities
- Conduct penetration testing engagements under the guidance of senior consultants, including:
- Web application penetration testing
- Network and infrastructure penetration testing (internal and external)
- Cloud security testing (e.g. AWS, Azure, GCP)
- Mobile application penetration testing
- IOT penetration testing
- OT penetration testing
- Execute assigned testing activities responsibly and professionally, following defined scopes, rules of engagement, and methodologies.
- Identify, validate, and exploit security vulnerabilities using industry-standard tools and manual techniques.
- Document findings clearly and accurately, including technical details, evidence, and remediation recommendations.
- Assist in preparing high-quality technical reports and contribute to executive-level summaries.
- Participate in engagement activities such as kick-off calls, scoping discussions, and post-engagement briefings where appropriate.
- Collaborate with team members during testing, including peer reviews and technical walkthroughs.
- Maintain detailed testing notes, logs, and artifacts to support quality assurance and reporting.
- Continuously develop technical skills across penetration testing, exploitation techniques, and security fundamentals.
- Stay current with emerging vulnerabilities, attack techniques, and offensive security tooling.
- Over time, support or participate in broader offensive security activities, such as:
- Adversary simulation and red teaming exercises
- Automation or tooling development
- Security research and proof-of-concept development
Requirements
- Offensive Security Certified Professional (OSCP) certification is required.
- Strong understanding of penetration testing methodologies and ethical hacking principles.
- Solid foundations in:
- TCP/IP networking
- Operating systems (Windows and Linux)
- Web application architecture and common vulnerabilities
- Exposure to scripting or programming (e.g. Python, Bash, PowerShell).
- Familiarity with common vulnerability classes (e.g. OWASP Top 10, misconfigurations, credential abuse).
- Basic understanding of Active Directory security concepts.
- Exposure to cloud platforms or containerised environments will be useful.
- Hands-on experience using common penetration testing tools (e.g. Burp Suite, Nmap, Metasploit, BloodHound).
- Ability to write clear, structured, and technically accurate documentation and reports.
- Strong desire to grow into advanced offensive security and red teaming roles.
- Strong analytical mindset and problem-solving skills.
- Professional conduct, integrity, and respect for confidentiality.