Principal Consultant, Offensive Security, Proactive Services (Unit 42) - Fort Me

Overview

Our Mission: Being the cybersecurity partner of choice, protecting our digital way of life. Our vision is a world where each day is safer and more secure than the one before. We are looking for innovators who are committed to shaping the future of cybersecurity.

Who We Are

We protect our customers and value the unique ideas of every team member. Our values include disruptive innovation, collaboration, execution, integrity, and inclusion. We support development and personal wellbeing through programs designed to give you choice in how you are supported, including a FLEXBenefits wellbeing spending account with over 1,000 eligible items, mental and financial health resources, and personalized learning opportunities.

Your Career

The Principal Consultant on the Offensive Security team focuses on assessing and challenging the security posture across a comprehensive portfolio of clients. The individual will use a variety of tools, act as a key team member and leader in client engagements, advocate for cybersecurity best practices, and provide strong recommendations in this domain.

Your Impact

• Assist in developing internal infrastructure design for research, development, and testing focused on offensive security
• Conduct periodic network scans to identify vulnerabilities
• Perform client penetration testing to find vulnerabilities or weaknesses that could be exploited, using open-source, custom, and commercial tools
• Assist in scoping engagements by articulating penetration approaches and methodologies to audiences from technical to executive levels
• Generate reports that clearly communicate testing details, results, and remediation recommendations to clients
• Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements
• Conduct IT application testing, cybersecurity tool and systems analysis, system and network administration, and support sustainment of IT systems
• Conduct threat hunting and/or compromise assessments to identify active or dormant indicators of compromise using Unit 42 and Palo Alto Networks’ threat hunting tools
• Assist Unit 42 Leadership in developing security standards and best practices and recommend security enhancements as needed
• Perform cyber risk assessments using frameworks such as NIST CSF, ISO 27001/2, PCI, CIS Top 20, CMMC, or other industry tools
• Conduct cloud penetration testing engagements to assess workloads (AWS, GCP, Azure, containers, or other PaaS/SaaS) for vulnerabilities and attempt exploitation with client permission
• Provide recommendations to clients on security measures to monitor and protect data and systems, including response and recovery from data breaches
• Travel as needed to meet business demands (on average 30%)

Your Experience

• 6+ years in offensive security with subject matter expertise in at least three core service offerings (network penetration testing, phishing, web app pen testing, red team, physical pen tests, source code analysis, wireless pen testing)
• Experience managing a team of consultants
• Deep understanding of how malware works (malware, trojans, rootkits, etc.)
• Ability to craft/customize exploits to evade detection by prominent EDRs
• Strong knowledge of tools and techniques for network, wireless, and web app penetration testing
• Familiarity with web app pen testing and code auditing
• Experience with cyber risk assessments using industry standards
• Experience with penetration testing, administering, and troubleshooting Linux, Windows, and major cloud providers (AWS, GCP, Azure)
• Experience with scripting and programming (e.g., Perl, Python, Ruby, Bash, C/C++, C#, Java)
• Experience with industry tools (Nessus, OpenVAS, Mythic, Metasploit, Burp Suite Pro, Cobalt Strike, BloodHound)
• Knowledge of application, database, and web server design and implementation
• Knowledge of vulnerability assessments, web/cloud app security testing, red teaming, security operations, or hunting
• Knowledge of open security testing standards/projects (OWASP & MITRE ATT&CK)
• Ability to scope new opportunities with clients, including drafting statements of work and proposals
• Demonstrated potential to contribute externally (speaking, conferences, publications) and to deliver quickly and effectively
• Ability to understand all aspects of the business and Palo Alto Networks products
• Collaborative, with strong internal and external relationship-building across PANW functions
• Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or equivalent experience; or equivalent military experience
• Mandatory DoD Security Clearance Requirements; active TS/SCI clearance; Counterintelligence Scope Polygraph preferred
• Mandatory location and onsite support requirements; candidates must live near a major US military installation to facilitate support for an ongoing DoD contract; close proximity to Fort Meade preferred
• Role requires onsite work in a classified workspace at a US military installation for the first year; continued onsite work may be required for client needs

The Team

Unit 42 Consulting is Palo Alto Network’s security advisory team. We provide incident response, risk management, and digital forensics services with a focus on long-term security posture improvement.

Compensation Disclosure

The compensation offered depends on qualifications, experience, and location. For offers at the posted level, base salary for non-sales roles ranges from 151,000 to 208,000 USD per year, with potential base salary plus target bonus for sales roles. The package may include restricted stock units and a bonus. Benefits details available at the benefits page; no external links included here.

Our Commitment

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation, please contact us at accommodations at paloaltonetworks dot com. Palo Alto Networks is an equal opportunity employer. We value diversity and ensure equal consideration for all applicants regardless of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, disability, political affiliation, protected veteran status, race, religion, sex, or sexual orientation. All information will be kept confidential according to EEO guidelines.