Job Details

Job SummaryThe Associate Security Consultant – Vulnerability Management is a critical role within Stratascale's Adversarial Operations Group, assigned to the Vulnerability Management team. This individual will assist in leading and supporting the development and delivery of a diverse range of exposure management consulting, Vulnerability Management as a Service (VMaaS), and operational service programs to a portfolio of our clients.This position prefers candidates to be located on the West Coast.Role DescriptionConduct day‑to‑day VMaaS activities, including vulnerability scanning, asset discovery, scan policy configuration, and reporting.Independently conduct Attack Surface Control (ASC) engagements for a variety of clients, including the use of automated tools and manual micro‑penetration testing.With guidance from more senior consultants, monitor automated penetration testing tooling to identify and validate security weaknesses.Perform validation of vulnerability findings to eliminate false positives and determine actual risk.Collaborate with the penetration testing team to conduct further deep‑dive testing as needed based on vulnerability discoveries.Consult and document attack surface, threats, and vulnerability improvements based on the team's overall assessment of the client's environment.Perform assessment and threat modeling against industry best practices to identify control weaknesses and assess the effectiveness of existing controls.Perform root cause analysis on identified vulnerabilities and attack surface weaknesses to determine technical solutions to be presented to client along with recommendations for remediations.With guidance from more senior security consultants, collaborate with the client's security teams to understand mitigation or resolutions for findings discovered by analysts.Review Stratascale Cyber Threat Intelligence (CTI)-provided threat intelligence for specific threat vectors that align with the client's industry or potentially impact the client by using attack path modeling.Assist in defining, measuring, and quantifying business risk and vulnerability impacts to clients and their stakeholders.With guidance from more senior security consultants, provide technical support on remediation, cloud security, governance, compliance, and core infrastructure systems.With guidance from more senior security consultants, assist customers with strategies, use of platforms, technical and compliance analysis, and implementing automation.Execute consulting projects by creating and completing deliverables, ensuring client needs and practice obligations are met.Participate in customer and internal meetings as required, providing technical guidance and facilitating discussions.Stay educated on new product technologies, industry trends, and emerging capabilities within the practice.Behaviors and CompetenciesCommunication: Effectively communicate technical ideas and information to diverse audiences and collaborate with team members in client communications.Relationship Building: Contribute to team initiatives, collaborate with diverse groups, and support effective relationship management.Self‑Motivation: Take ownership of personal and professional initiatives, collaborate with others when necessary, and drive results through self‑motivation.Negotiation: Participate in negotiations and work collaboratively with others to drive consensus.Impact and Influence: Contribute positively to team goals and support a collaborative, results‑driven environment.Business Development: Support business development initiatives and collaborate with various stakeholders to contribute to business results.Emotional Intelligence: Use emotional information to guide thinking and behavior, manage, and/or adjust emotions to adapt to environments or achieve one's goal(s).Detail‑Oriented: Manage multiple tasks, maintain a high level of detail orientation, identify errors or inconsistencies at work, and ensure accuracy across all assignments.Follow‑Up: Take ownership of assigned tasks, collaborate with others in managing follow‑ups, and drive results through effective task completion.Presenting: Effectively use visual aids and clear communication techniques to present findings and engage both technical and non‑technical audiences.Time Management: Manage assigned responsibilities effectively, balance competing priorities, and seek guidance when needed.Analytical Thinking: Apply analytical techniques to solve problems, draw insights, and clearly communicate findings.Critical Thinking: Gather and synthesize information from various sources to support informed problem‑solving and decision‑making.Technical Troubleshooting: Troubleshoot technical problems, collaborate with others to develop solutions, and drive results in problem resolution.Skill Level RequirementsExperience with Vulnerability Management tools such as Tenable, Rapid7, Qualys, and Tanium to support day‑to‑day VMaaS delivery activities including scanning, asset management, and reporting. Foundational to IntermediateFamiliarity with offensive security methodologies and frameworks such as PTES, OWASP (WSTG/MASVS/ASVS), MITRE ATT&CK, and threat modeling to support risk‑based testing. Foundational to IntermediateAbility to develop exploit proofs‑of‑concept, reproduce vulnerabilities reliably, and support fix validation; familiarity with exploit development fundamentals is a plus. FoundationalReporting and communication skills, including writing technical reports with reproducible steps, risk ratings, and actionable remediation, and contributing to executive summaries with guidance; able to present findings to both technical and non‑technical stakeholders. IntermediateFamiliarity with vulnerability management workflows, responsible disclosure practices, and integration of pen test results into remediation programs and retesting cycles. Foundational to IntermediateProficiency with productivity and documentation tools such as Word, Excel, PowerPoint, and Outlook to produce test plans, findings reports, and final deliverables. IntermediateThe following skills are preferred, but not required:Experience supporting penetration tests across networks, web and mobile applications, APIs, wireless, and cloud environments, including participation in scoping, rules of engagement, and debriefs. Foundational to IntermediateFamiliarity with assessing cloud services (AWS, Azure, GCP) including IAM misconfigurations, storage, serverless, container/orchestration, and cloud networking, with an ability to communicate cloud‑specific remediation guidance. FoundationalWeb application testing skills including auth flows, access control, injection, deserialization, SSRF, XXE, business logic abuse, and modern app architectures (SPAs, microservices, GraphQL, WebSockets). Foundational to IntermediateFamiliarity with social engineering and phishing engagements, including payload development, infrastructure setup, pretexting, and measurement aligned to customer policies and legal constraints. FoundationalFoundational scripting and automation skills to support testing and proof‑of‑concept development using Python, PowerShell, Bash, and basic Go or JavaScript as needed. Foundational to IntermediateWorking knowledge of Active Directory and Azure AD attack paths (Kerberoasting, constrained/unconstrained delegation, ACL abuses, LAPS/MAPS, certificate services) and exposure to simulating enterprise attack chains. FoundationalHands‑on experience with common offensive tooling and techniques, including reconnaissance, enumeration, exploitation, post‑exploitation, lateral movement, and data exfiltration, along with foundational operational security practices. Foundational to IntermediateFamiliarity with red/purple team exercises and working alongside blue teams to translate findings into detection and hardening recommendations (e.g., SIEM detections, EDR tuning, hardening baselines). FoundationalOther RequirementsCompleted Bachelor's Degree in a related field or relevant work experience required.1–3 years of hands‑on penetration testing or vulnerability management experience, including exposure to engagements supporting mid‑to‑large enterprise environments.Ability to travel to SHI, Partner, and client events, and on‑site testing engagements as needed.Industry certifications preferred (e.g., CPTS, OSCP, PNPT, Security+, CySA+, or vendor‑specific VM certifications).Demonstrated understanding of legal/ethical considerations, testing authorization, and safe handling of client data.The estimated annual pay range for this position is $80,000 – $110,000 which includes a base salary and bonus. The compensation for this position is dependent on job‑related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual. Benefits may include, but are not limited to, medical, vision, dental, 401K, and flexible spending.Equal Employment Opportunity – M/F/Disability/Protected Veteran Status#J-18808-Ljbffr