Sr. Security Consultant - Penetration Testing

About Stratascale

As a digital and cybersecurity services company, Stratascale exists to help the Fortune 1000 transform the way they use technology to advance the business, generate revenue, and respond quickly to market demands. We call it Digital Agility. To learn more about how we’re shaping the future of digital business and a more secure world, visit stratascale.com.

Job Description Summary

The Sr. Security Consultant - Penetration Testing is a critical role within Stratascale’s Adversarial Operations team who will assist in leading and supporting the development and delivery of a diverse range of continuous threat and exposure management consulting, penetration testing, and operational service programs to a portfolio of our clients. This position is remote with a Home Office setup as determined by Stratascale management.

Role Description

• Perform penetration testing against complex environments covering both external, internal, web application, and other forms of offensive security engagements.
• Consult and document attack surface, threats, and vulnerability improvements based on team’s overall assessment of client’s environment.
• Perform full assessment and threat modeling against industry best practices to identify control weaknesses and assess the effectiveness of existing controls.
• Perform root cause analysis on identified vulnerabilities and attack surface weaknesses to determine technical solutions to be presented to client along with recommendations for remediations.
• Collaborate with client’s security teams to understand mitigation or resolutions for findings discovered by analysts.
• Review threat intelligence for specific threat vectors that align with client's industry or potentially impacted by to utilize in attack path modeling.
• Assist in defining, measuring, and quantifying business risk and vulnerability impacts to clients their stakeholders.
• Provide subject matter expertise and technical support on remediation, cloud security, governance, compliance, and core infrastructure systems.
• Assist customers with strategies, use of platforms, technical and compliance analysis, and implementing automation.
• Develop and deliver governance models, security frameworks, compliance reporting, and security assessments.
• Collaborate with internal sales and technical teams to support the solution sales cycle, qualify opportunities, and ensure successful solution delivery.
• Identify customer needs and requirements, recommend appropriate solutions, and proactively identify areas for improvement.
• Execute consulting projects by creating and completing deliverables, ensuring client needs and practice obligations are met.
• Develop and deliver training content, curricula, and workforce development programs, including in-person and remote sessions.
• Participate in customer and internal meetings, providing technical guidance and facilitating discussions.
• Stay educated on new product technologies, industry trends, and emerging capabilities within the practice.
• Develop and optimize cross practice capabilities, collaborate with peer practice leaders, and mentor other consultants.

Behaviors and Competencies

• Communication: Effectively communicate complex ideas to diverse audiences and mentor others.
• Relationship Building: Own complex team initiatives and drive results through collaboration.
• Self-Motivation: Take ownership of initiatives and drive results independently.
• Negotiation: Lead complex negotiations and drive consensus.
• Impact and Influence: Rally teams towards common goals, creating positive influence.
• Business Development: Own significant business initiatives and drive results.
• Emotional Intelligence: Use emotional information to guide behavior and help others.
• Detail-Oriented: Oversee multiple projects, ensuring accuracy and identifying errors.
• Follow-Up: Own tasks, collaborate on follow-ups, and drive completion.
• Presenting: Use visual aids, storytelling, and persuasive techniques effectively.
• Delegation: Distribute responsibilities, balance workload, and ensure role understanding.
• Analytical Thinking: Use advanced techniques to solve complex problems and communicate solutions.
• Critical Thinking: Synthesize information from various sources for strategic decisions.
• Technical Troubleshooting: Own complex technical problems and collaborate on solutions.

Skill Level Requirements

This role requires an intermediate level of proficiency across several key areas, including:

• Planning and executing penetration tests across diverse environments.
• Proficiency with offensive security methodologies like PTES, OWASP, MITRE ATT&CK.
• Deep hands-on experience with common offensive tooling and techniques.
• Ability to assess and attack cloud services (AWS, Azure, GCP).
• Strong web application testing skills across modern architectures.
• Working knowledge of Active Directory and Azure AD attack paths.
• Proficiency with social engineering and phishing engagements.
• Competence in scripting and automation (Python, PowerShell, Bash, Go, JavaScript).
• Ability to develop clear exploit proofs-of-concept and reproduce vulnerabilities.
• Strong reporting and communication skills for diverse stakeholders.
• Experience collaborating in red/purple team exercises.
• Familiarity with vulnerability management workflows and responsible disclosure.
• Proficiency with productivity and documentation tools (Word, Excel, PowerPoint, Outlook).

Other Requirements

• Completed Bachelor’s Degree in a related field or relevant work experience required.
• 5–7 years of hands-on penetration testing/red team experience delivering engagements.
• Ability to travel for events and on-site testing engagements as needed.
• Advanced industry certifications preferred (e.g., OSCP, OSEP, OSWE, GXPN, GPEN, CRTO, CRTP, PNPT; CISSP or CSSLP a plus).
• Demonstrated understanding of legal/ethical considerations and data handling.

The estimated annual pay range for this position is $165,000 - $205,000 which includes a base salary and bonus. The compensation for this position is dependent on job-related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual. Benefits may include, but are not limited to, medical, vision, dental, 401K, and flexible spending.

Key skills/competency

• Penetration Testing
• Offensive Security
• Cloud Security (AWS, Azure, GCP)
• Web Application Testing
• Active Directory Security
• Threat Modeling
• Scripting (Python, PowerShell)
• Vulnerability Management
• Red/Purple Teaming
• Client Consultation