Established in 2014 and based in Charleston, South Carolina, Soteria's expertise in the cybersecurity domain is predicated upon the accumulated practical experience across all team members. Soteria's security professionals have held leading positions in private industries, state governments, and federal intelligence communities.

Driven by this combined pool of knowledge as well as the belief that “Security is for Everyone,” Soteria offers advisory services and solutions which are significantly differentiated from the security status quo. Soteria treats each client as a unique case deserving of individualized security insights and specialized hands-on assistance.

About the role

What you'll do

• Perform network penetration testing, web and mobile application security testing, source code reviews, vulnerability analysis, wireless network assessments, red team exercises, physical testing, and social engineering assessments.

• Communicate with prospective and existing clients to understand their security needs, business requirements, and other motivating factors.

• Develop tailored tactical and strategic recommendations to address findings.

• Develop comprehensive and accurate reports and presentations for both technical and executive audiences.

• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.

• Engage with prospective clients in pre-sales meetings and provide technical input for scoping engagements.

• Lead offensive security engagements through the entirety of project lifecycles, including kickoff, delivery, and closeout.

• Research and incorporate attacker tools, tactics, techniques, and procedures.

• Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements.

• Perform quality assurance peer reviews of Advisory and Offensive Security assessment reports and deliverables.

• Assist Soteria Leadership in the development of security standards and best practices for the organization and recommend security enhancements as needed.

• Manage relationships with clients post-engagement as a trusted security partner.

• Maintain competence in security trends, technologies, and practices through self-study and participation in the security community.

• Collaborate with Soteria's Detection and Response Team (DART) to develop new capabilities for detecting bleeding edge offensive techniques.

• Coach and mentor offensive security team members.

• Provide continual improvement to offensive security team processes and documentation. 

• Along with billable consulting, this role will require strong soft skills

Qualifications

• 5-7 years of experience in at least three of the following:

  • Network penetration testing and manipulation of network assets and infrastructure

  • Red team operations and purple team delivery, including adversary emulation

  • Web and/or mobile application assessments

  • Cloud penetration testing and manipulation of cloud infrastructure

  • Developing, extending, or modifying exploits, shellcode or exploit tools

  • Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)

  • Reverse engineering malware, data obfuscators, or ciphers

  • Source code review for control flow and security flaws

• Previous experience working for internal or external customers in a consultant capacity

• Strong knowledge of tools used for network, cloud, web application, and wireless security testing.

• Thorough understanding of network protocols and data on the wire.

• Experience with automation of tasks using languages such as Powershell, Perl, Python, Ruby, etc.

• Ability to successfully interface with clients (internal and external).

• Ability to document and explain technical details in a concise, understandable manner.

• Ability to manage and balance time among multiple competing tasks.

• Mastery of *nix/Mac/Windows operating systems GUI and terminal.