• Attack & Penetration Offensive Security Tester…

    Robert Half (Philadelphia, PA)


    JOB REQUISITION

    Attack & Penetration Offensive Security Tester Manager

    LOCATION

    PHILADELPHIA

    ADDITIONAL LOCATION(S)

    CHICAGO, DALLAS

    JOB DESCRIPTION

    You Belong Here

     

    The Protiviti Career provides opportunity to learn, inspire, and advance within a collaborative and inclusive culture.  We hire curious individuals for whom learning is a passion. We lean into our mission: We Care. We Collaborate. We Deliver .

     

    At every level, we champion leaders who live our values of integrity, inclusion, innovation, and commitment to success . Imagining our work as a journey, we believe integrity guides our way, inclusion moves us forward together, innovation creates new destinations, and our commitment to success empowers us to deliver on our vision to be the most trusted global consulting firm.

     

    Where We Need You

     

    Protiviti is looking for an Attack & Penetration Manager to join our growing Technology Consulting team.

     

    What You Can Expect

     

    As a Manager , you’ll partner with our clients to solve complex business problems and provide impactful advice and solutions.  You’ll develop lasting relationships with client personnel and further these relationships through quality product delivery.  You’ll foster a network within the business community and serve as an ambassador of Protiviti in the market.   You will also be a mentor, trainer, and coach to Consultants and Senior Consultants as you facilitate the successful completion of project work plans.

     

    You will help execute adversary simulation assessments including but not limited to red teaming, purple teaming, and threat led penetration tests for clients from various industries. You will have access to a robust set of testing tools and equipment that has been built/developed to tackle hundreds of different adversary simulation needs. You will have opportunities to develop new tooling, design novel attacks, and simulate real-world threat actors in environments. Additionally, if you have ideas for new security services and demand for those services can be identified , we can help support that service’s development. We also encourage presenting at local, national, or international security conferences.

    What Will Help You Be Successful

    + You enjoy all things related to Pen Testing.

    + You are motivated to learn and interested in all things related to Cyber Security , including the latest trends and developments.

    + You thrive on challenges and the intricacies that come with trying to figure out how to target an organization and its entities and evading defensive controls.

    + You enjoy discussing technical and industry trends and seek opportunities to demonstrate and teach staff on the job.

    + You are passionate about delivering client satisfaction and demonstrating a growing level of industry and product competency and are able to articulate their value to your clients.

    + You seek opportunities to interact with and mentor personnel, including participating in the creation and rollout of training and developing skill sets.

    + You understand the business environment and potential client base for the solution and industry.

     

    Do Your Talents Include the Following?

     

    Technical Skills and Talents

    Red Teaming

    + Experience conducting red team engagements, demonstrating advanced knowledge of adversarial tactics, techniques, and procedures (TTPs).

    + Ability to emulate sophisticated real-world threat actors, including nation-state-level attackers and advanced persistent threats (APTs).

    + Understanding of defensive mechanisms (e.g., threat hunting, SIEM systems, EDR platforms, SOC operations) to create realistic simulations and bypass security controls.

    + Hands-on experience attacking cloud environments (AWS, Azure, GCP).

    Purple Teaming

    + Demonstrated ability to work collaboratively with defensive teams (SOC/Blue Team) to improve detection, response, and mitigation strategies.

    + Experience working with detection engineering or security analytics teams.

    + Familiarity with attack simulation methodologies (e.g., MITRE ATT&CK framework) to validate security controls and improve system resilience.

    Ransomware Simulation

    + Practical experience designing and executing ransomware scenarios to evaluate and strengthen an organization’s readiness and incident response.

    + Understanding of encryption techniques, data exfiltration methods, and persistence mechanisms commonly used by ransomware actors.

    Attack Scenario Design

    + Ability to craft realistic adversarial scenarios based on intelligence about emerging threats tailored to specific industries, technologies, and organizational risks.

    + Experience leveraging threat intelligence to simulate specific adversary groups, their tactics, and their infrastructure.

    Advanced Offensive Security Tooling

    + Proficiency in using and customizing offensive security tools such as Havoc, Sliver, and similar frameworks.

    + Experience in building or scripting custom tools and payloads for exploitation, lateral movement, and evasion.

    Network and System Exploitation

    + Deep knowledge of common attack vectors (e.g., lateral movement, privilege escalation, persistence techniques).

    + Familiarity with network protocols, Active Directory exploitation, cloud attack scenarios, and web application attack techniques.

    Operational Security ( OpSec ) Awareness

    + Ability to maintain effective operational security during engagements to avoid detection and maintain stealth.

    + Experience or knowledge of bypassing security measures such as endpoint detection and response (EDR), intrusion detection/prevention systems (IDS/IPS), and other monitoring tools.

    Electronic / Remote Social Engineering

    + Proven ability to execute advanced social engineering attacks, including phishing, vishing, and smishing campaigns, tailored to evade detection and successfully achieve engagement objectives .

    + Familiarity with tools and platforms used for managing phishing campaigns (e.g., Evilginx and similar frameworks).

    + Deep understanding of pretext development—crafting believable, targeted scenarios and personas that replicate real-world adversarial attempts.

    + Experience conducting reconnaissance-based OSINT (Open-Source Intelligence) to gather information about targets and enhance the effectiveness of social engineering efforts.

    Physical Security Assessments:

    + Ability to evaluate physical security controls (e.g., building access mechanisms, surveillance systems, alarm systems) to identify gaps and simulate breaches.

    + Experience with covert entry techniques, such as lock-picking, bypassing access control systems, RFID cloning, and badge spoofing.

    + Demonstrated ability to execute tailgating, and surveillance operations to test operational security processes.

    + Knowledge of facility security best practices, including implementation of defense-in-depth strategies for physical environments.

    + Strong awareness of laws, ethical boundaries, and company policies related to physical security testing.

     

    Soft Skills

    Collaboration and Communication

    + Ability to effectively communicate technical findings and adversarial simulation results to non-technical audiences, including executive leadership.

    + Ability to identify , describe, report and present vulnerabilities, observations and standard remediation activities in comprehensive yet actionable reports, to include clear demonstration of risk to clientele post-engagement.

    Creative Problem Solving

    + Talent for identifying innovative methods to push testing forward in unconventional ways when roadblocks present themselves.

    + Passion for out-of-the-box thinking and designing novel attack methodologies.

    Analytical Mindset

    + Skill in analyzing complex systems to identify root causes of vulnerabilities and address defensive gaps.

    + A desire for constant learning and self-improvement.

    Research and Development

    + Demonstrated ability to stay ahead of the curve on emerging attack techniques, vulnerabilities, and trends in offensive security.

    + Regularly practices continuous learning and self-study.

    + Track record of conducting offensive security research—e.g., discovering new vulnerabilities, developing exploit techniques, or publishing security-related blogs/tools.

    + Active participation in security communities or conferences, such as Black Hat, DEF CON, BSides , or similar events.

    Additional Skills & Attributes

    + Ability to work with a diverse portfolio of clients across industries.

    + Proficiency in Python, PowerShell, Bash, or other languages for automation and developing custom offensive security tools.

    + Knowledge of exploit development, malware reverse engineering, or shellcode development.

    + Familiarity with compliance-driven testing frameworks (e.g., PCI DSS, GDPR, or ISO 27001).

    Your Educational and Professional Qualifications

    + Bachelor’s degree in a relevant discipline ( e.g MIS, CIS, EE, IT, IS, CE, CS, etc.)

    + 5+ years working in professional services or industry.

    + Proficiency in Microsoft Office suite applications with specific emphasis on Word, Excel and PowerPoint. Secondary emphasis on Visio and Access.

    + Certifications such as OSCP, GIAC, CISSP, OSCE/OSWE, OSED, CRTO, GXPN, CEH, eCPPT , or similar SANS 600 or 700 level course work are strongly preferred.

    + Relevant cloud security certifications (e.g., CCSK, AWS Certified Security - Specialty) for targeting cloud infrastructure.

     

    Our Hybrid Workplace

     

    Protiviti practices a hybrid model, which is a combination of working in person with a purpose and working remotely. This model creates meaningful experiences for our people and our clients while offering a flexible environment. The ratio of remote to in-person requirements vary by client, project, team, and other business factors. Our people work both in-person in local Protiviti offices and on client sites, which can include local or out-of-state travel based on our projects and client requests and commitments .

     

    #LI-Hybrid

     

    Protiviti is not registered to hire or employ personnel in the following states – West Virginia, Alaska.

     

    Starting salary is based on a full-time equivalent schedule. Placement in the range is dependent upon experience, skills and geographic work location. Below is the salary range for this job.

     

    $129,000.00 - $205,000.00

     

    Our annual bonus plan provides eligible employees additional cash and/or discretionary stock compensation opportunities. Below is the bonus target opportunity for this job.

     

    12%

     

    The total cash range is estimated from the sum of the base salary range plus the bonus target opportunity. Below is the estimated total cash range for this job.

     

    $144,480.00 - $229,600.00

     

    Employees are eligible for medical, dental, and vision coverages, FSA and HSA healthcare accounts, life and accident insurance, adoption and fertility assistance, paid parental leave up to 10 weeks, and short/long term disability. We offer eligible employees a company 401(k) savings and investment plan with an employer match of 50% on the first 6% of your contributions. We provide Choice Time Off (CTO) for vacation, personal needs, and sick time. The amount of (CTO) varies based on years of service. New hires receive up to 20 days of CTO per calendar year. Protiviti also recognizes up to 11 paid holidays each calendar year. Learn more about the variety of rewards we offer at Protiviti at https://www.protiviti.com/sites/default/files/2025-01/2025\_u.s.\_benefit\_highlights.pdf .

     

    Any benefits outlined are part of our reward offerings for full-time employees in the U.S. Your Open Enrollment materials, insurance contracts, plan documents and Summary Plan Descriptions together comprise the official plan document which legally governs the administration of your benefit plans. Protiviti reserves the right to terminate or amend your benefit plans in any way and at any time.

     

    Protiviti is an Equal Opportunity Employer. M/F/Disability/Veteran

     

    As part of Protiviti’s employment process, any offer of employment is contingent upon successful completion of a background check.

     

    Protiviti is committed to being an equal employment employer offering opportunities to all job seekers, including individuals with disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to apply for a position, please contact us by sending an email to [email protected] or call 1.855.744.6947 for assistance.

    In your email please include the following:

    + The specific accommodation requested to complete the employment application.

    + The location(s) (city, state) to which you would like to apply.

     

    For positions located in San Francisco, CA: Protiviti will consider qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

     

    For positions located in Los Angeles County, CA: Protiviti will consider for employment qualified applicants with arrest or conviction records in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

     

    Protiviti is not registered to hire or employ personnel in the following states – West Virginia, Alaska.

     

    Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.

    JOB LOCATION

    PA PRO PHILADELPHIA

    Protiviti (www.protiviti.com (https://www.protiviti.com/us-en) ) is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Protiviti and our independent and locally owned Member Firms provide clients with consulting and managed solutions in finance, technology, operations, data, analytics, digital, legal, HR, governance, risk and internal audit through our network of more than 85 offices in over 25 countries.

     

    Named to the 2025 Fortune 100 Best Companies to Work For® (https://www.greatplacetowork.com/certified-company/1271638) list, Protiviti has served more than 80 percent of Fortune 100 and nearly 80 percent of Fortune 500 companies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI (https://www.roberthalf.com/us/en) ). Founded in 1948, Robert Half is a member of the S&P 500 index.

     

    Click HERE (https://learnmore.protiviti.com/joinourtalentcommunity) to receive insights to life at Protiviti and be among the first to hear about new career opportunities that align with your areas of interest.