Hiring.fm
Ensign InfoSecurity

Lead Consultant, Security Testing and Red Teaming

Singapore Full time

Ensign is hiring !

Responsibilities:

  • Define, maintain and continuously improve technical and delivery standards for penetration testing, adversarial simulation and other security testing services.

  • Review and validate methodologies, frameworks and assessment tools to ensure alignment with industry standards and best practices such as MITRE ATT&CK, OWASP, PTES and NIST standards.

  • Provide oversight on reporting quality, documentation and deliverable consistency across teams.

  • Lead project delivery in planning and arranging testing activities, including the assignment of consultants, breakdown of testing efforts and delegation of activities.

  • Plan and execute complex security testing assignments.

  • Oversee end-to-end planning, scoping and execution for complex engagements starting from the pre-sales phase.

  • Conduct technical reviews and quality assurance assessments of engagements.

  • Lead the design and implementation of the training and capability development roadmaps, including mentorship programmes, workshops and technical exercises.

  • Champion a culture of continuous learning, collaboration and technical excellence.

  • Develop brand reputation across the industry in various ways, such as by conducting trainings, giving talks at conference and writing technical blog posts

Requirements:

  • At least 7 years of working experience, with at least 5 years of experience in cyber security consulting with a focus on offensive security.

  • Proven record of technical leadership.

  • Strong understanding of industry standards, frameworks and best practices such as OWASP, PTES and NIST standards.

  • Knowledge and experience in threat modelling using frameworks such as DREAD and STRIDE.

  • Hands-on technical depth in multiple domains, including web penetration testing, network penetration testing, Linux systems and Active Directory exploitation.

  • Familiarity with the engagement lifecycle from pre-sales to delivery.

  • Must be OSCP-certified.

  • Hands-on experience in scripting languages such as Bash and Python.

  • Excellent written and verbal communication skills.

Preferred skills and qualities:

  • Professional certifications such as OSCE3 and CREST CRT are preferable.

  • Experience with developing bespoke tools and frameworks such as automated

  • scanning tools for cloud penetration testing and C2 frameworks for red teaming.

  • Experience in software engineering, including web application development.

  • Understanding of global regulatory landscape for technology and cyber risk.