What are the responsibilities and job description for the Offensive Security Consultant position at Richey May?
About the Role:
Richey May is seeking a highly skilled Offensive Security Consultant to join our growing Cybersecurity Consulting team. In this role, you will leverage your deep expertise in offensive security to perform comprehensive assessments, including red team exercises and web application penetration testing, for a diverse client base. This position requires a dynamic individual who thrives on tackling complex security challenges and has a proven ability to communicate technical findings to both technical and non-technical stakeholders. The ideal candidate has a passion for security research, developing and refining offensive techniques, and mentoring others while delivering impactful results that help clients stay ahead of evolving cyber threats.
Richey May is seeking a highly skilled Offensive Security Consultant to join our growing Cybersecurity Consulting team. In this role, you will leverage your deep expertise in offensive security to perform comprehensive assessments, including red team exercises and web application penetration testing, for a diverse client base. This position requires a dynamic individual who thrives on tackling complex security challenges and has a proven ability to communicate technical findings to both technical and non-technical stakeholders. The ideal candidate has a passion for security research, developing and refining offensive techniques, and mentoring others while delivering impactful results that help clients stay ahead of evolving cyber threats.
Key Responsibilities
Offensive Security Assessments:
- Lead and deliver comprehensive offensive security engagements, with a focus on:
- AppSec exercises including Web application, API, Threat Modeling, Secure Software Development Lifecycle and mobile application penetration testing.
- Red team exercises simulating real-world attack scenarios.
- Social engineering campaigns (phishing, vishing, smishing, physical).
- Internal and external network penetration testing.
- Wireless and hardware security assessments is a nice to have.
- Create detailed, high-quality reports with actionable recommendations tailored to client environments.
- Present findings and Risk analysis to technical and non-technical client teams
Research and Development:
- Research, develop, and test new offensive security tools, tactics, and methodologies.
- Publish findings and contribute to the security community via blogs, whitepapers, and presentations.
- Maintain and enhance internal toolsets, environments, and GitHub repositories.
Leadership and Mentorship:
- Provide technical mentorship to junior team members, fostering growth within the team.
- Define and improve processes, methodologies, and success criteria for offensive security engagements.
- Lead projects, ensuring timely delivery and high-quality results.
Client Engagement:
- Cultivate client relationships to understand their unique challenges and identify security opportunities.
- Develop and deliver compelling presentations to communicate findings and recommendations.
- Support the development of Statements of Work (SOWs), including scope, approach, and effort estimates.
Cross-Functional Collaboration:
- Collaborate with internal teams on incident response, risk assessments, and managed security services.
- Support the cybersecurity consulting practice in delivering emerging services aligned with industry demand.
Qualifications Experience:
- 5 years of hands-on offensive security experience across diverse environments.
- 3 years in consulting or equivalent information security roles.
- Bachelor’s degree in cybersecurity, computer science, or a related field (or equivalent experience).
- Certifications: Offensive security certifications such as OSCP, OSCE, GPEN, GWAPT, GCPN (or equivalent) preferred.
Technical Skills:
- Expertise in penetration testing tools and methodologies (e.g., Burp Suite, Nessus, Metasploit, Nmap, Cobalt Strike, Frida, OWASP ZAP).
- Proficiency in scripting and programming languages (Python, Ruby, C/C , etc.).
- Strong understanding of network protocols, operating systems, and IT architectures.
- Knowledge of relevant frameworks (STRIDE, PASTA, OWASP, PTES, SAMM, OSSTMM MITRE ATT&CK) and their application in offensive engagements.
Soft Skills:
- Exceptional organizational skills and attention to detail.
- Strong communication skills, with the ability to tailor technical findings to diverse audiences.
- Self-starter with the ability to manage multiple projects and deadlines independently.
- Research-oriented mindset, with a passion for continuous learning and knowledge sharing.
Additional Requirements:
- U.S. work authorization required without future sponsorship needs.
- Availability to travel occasionally for on-site client engagements or team collaboration
Pay:
- $110,000 - $130,000 per year
Benefits:
We proudly offer 32 days of paid time off and ten paid holidays for this role to ensure you have a life outside the office. We offer more paid time off as you progress in your career with us. Our robust benefits package includes full or partial employer-paid employee medical, employer health savings account contribution, employer-paid life insurance, employer-paid short- and long-term disability, paid parental leave, and a 401k match. Other voluntary benefits include accident, hospital indemnity, critical illness, health flexible spending account, dependent care flexible spending account, vision, dental, and medical for dependents. We also offer certification bonuses, continuing professional education, and education reimbursement. Our wellness programs also include an employee assistance program, paid bereavement leave, and our Mental Health First Aid team, which has employees trained to support mental wellness throughout the firm. Employees are eligible for a performance-based incentive bonus on top of base salary.
Richey May & Co., LLP is an Equal Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, religion(including religious dress and grooming), national origin and ancestry, physical and mental disability, medical condition, genetic information, sex/gender, age, marital status, pregnancy, sexual orientation, gender identity/gender expression, citizenship status, military or veteran status, employment status, or any other characteristic protected by applicable federal, state, and local laws.
Richey May & Co., LLP offers reasonable accommodations in the hiring and employment process for individuals with disabilities. If you need assistance in the application or hiring process to accommodate a disability, you may request accommodation at any time.
Salary : $110,000 - $130,000
SAP Platform Security Consultant
Accenture -
Denver, CO
Microsoft Security Consultant
JobRialto -
Denver, CO
Water Operator
HEADWAYS CONSULTANT LLC -
Aurora, CO
