Principal Security Consultant (CCSAM/CCRTM) - RTO

NetSPI pioneered Penetration Testing as a Service (PTaaS) and leads the industry in modern pentesting. Combining world-class security professionals with AI and automation, NetSPI delivers clarity, speed, and scale across 50+ pentest types, attack surface management, and vulnerability prioritization. The NetSPI platform streamlines workflows and accelerates remediation, enabling our experts to focus on deep dive testing that uncovers vulnerabilities others miss. Trusted by the top 10 U.S. banks and Fortune 500 companies worldwide, NetSPI has been driving security innovation since 2001. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team.

Join our mission as a Principal Security Consultant. We are seeking a seasoned security professional who combines deep technical expertise in adversarial simulation with exceptional communication skills to engage both executives and technical teams with equal impact. On our globally deployed Red Team you will compromise some of the world’s most sophisticated and heavily fortified networks. As an operator, you will collaborate with industry-leading experts while wielding cutting-edge proprietary tools that set the standard for offensive security operations. In this role, you will leverage your strategic problem-solving abilities, foster high-performance team dynamics, and drive innovative methodologies to deliver transformative engagements that consistently surpass client expectations.

Responsibilities:

• Lead comprehensive red team operations by serving as the primary technical operator on standard adversarial engagements, where you will strategically plan scenario execution, orchestrate team resources and timelines, and make critical technical decisions that drive successful outcomes in complex, high-stakes environments.
• Perform duties aligned to a red team manager and secondary operator on Regulated Red team engagements such as CBEST, TIBER, TLPT, iCAST, FEER etc. This is a dual responsibility where you will be an active operator as well as performing operational governance activities associated with this role in complex regulated red team engagements.
• Leverage deep technical expertise in operating systems, network architecture, and infrastructure fundamentals to execute sophisticated attack chains and navigate complex enterprise environments during red team operations.
• Pioneer cutting-edge offensive security capabilities in coordination with our dedicated malware and capability developers by researching, developing, and operationalizing innovative techniques, proprietary tools, and advanced methodologies that push the boundaries of adversarial simulation and red team effectiveness.
• Offer mentorship or coaching to growing team members, while sharing knowledge externally through blogs, webinar presentations, or presenting at conferences.
• Collaborate with cross-functional teams on key activities, including scoping initiatives, providing subject matter expertise in high-stakes sales presentations, and contributing strategic technical insights to marketing campaigns that showcase our capabilities.
• Help define, document, and continuously refine internal technical processes, service methodologies, and tactical procedures (TTPs) that standardize excellence across all engagements.
• Perform administrative tasks related to day-to-day consulting activities to ensure smooth business and engagement operations.

Minimum Qualifications:

• Bachelor’s degree or higher, with a focus on IT, Computer Science, Engineering or Math or equivalent experience.
• 5+ years of work experience performing adversarial simulation related engagements.
• Due to the nature of the role, the applicant must hold and be able to maintain a current CCRTM or CCSAM certification.
• Familiarity with offensive tools, based on applicable skillset.
• Deep technical familiarity with offensive and defensive IT concepts and protocols.
• Working knowledge of Windows, Linux and MacOS operating systems internals.
• Extensive understanding of the MITRE ATT&CK framework, OWASP Top 10, and other security frameworks.
• Ability to work independently and as part of a team.
• Proficient communication skills, both written and verbal.
• Willingness to travel up to 10% minimum.
• This position requires an 8-hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needs.

Preferred Qualifications:

• Ability to provide technical and QA oversight on the Red Team service line.
• Experience in one or more of the following programming or scripting languages (e.g., Python, PowerShell, Perl, C, C++, C#, Java, Nim, Rust, etc.).

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.