Responsibilities will vary based on background but will typically include:
Lead and deliver offensive security and penetration testing engagements across multiple industries, ensuring high‑quality technical execution and clear, actionable reporting.
Manage and grow key client relationships, helping shape and advance their offensive security, red teaming, and broader cybersecurity strategies.
Communicate effectively with client stakeholders and project leaders to maintain strong relationships and ensure alignment on engagement goals.
Build and maintain deep client trust by consistently delivering high‑value insights and exceptional service.
Support business development activities, including scoping offensive security engagements and contributing to proposals.
Conduct offensive security assessments aligned to industry frameworks and regulatory expectations, including but not limited to NIST CSF, NIST SP 800‑53, ISO 27001, DORA, FFIEC, and other relevant standards.
Assist clients in designing and implementing remediation strategies to strengthen their security posture, including hardening recommendations, detection engineering insights, and improvements to incident response processes.
Clearly articulate technical findings, exploitation paths, and recommendations to both technical and executive audiences, in writing and verbally.
Identify opportunities to enhance engagement methodologies, tooling, and internal processes.
Required Qualifications
4+ years of relevant experience in offensive security, penetration testing, red teaming, or a closely related discipline.
Willingness to travel up to 30% to client sites for engagements.
Strong technical expertise in areas such as network and application penetration testing, adversary simulation, exploit development, cloud security testing, and/or social engineering.
Familiarity with key compliance standards and regulatory frameworks (e.g., NIST CSF, NIST SP 800‑53, ISO 27001, DORA, FFIEC).
Strong interpersonal skills with experience in a professional services firm, consultancy, or similar client‑facing environment.
Demonstrated ability to collaborate effectively with cross‑functional teams.
Requirements
Bachelor's degree in cybersecurity, information technology, computer science, or a related field from an accredited institution.
One or more relevant cybersecurity certifications such as OSCP, CISSP, CISM, CISA, or similar.
Experience with red team operations, purple team engagements, threat emulation, or adversary‑focused methodologies (MITRE ATT&CK, threat modeling, etc.).
Familiarity with scripting or development languages commonly used in offensive tooling (e.g., Python, PowerShell, C#, Bash).
RSM does not intend to hire entry level candidates who will require sponsorship now OR in the future (i.e. F-1 visa holders). If you are a recent U.S. college / university graduate possessing 1-2 years of progressive and relevant work experience in a same or si
Additional Information
We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, culture and talent experience and our ability to be compelling to our clients. You'll find an environment that inspires and empowers you to thrive both personally and professionally. There's no one like you and that's why there's nowhere like RSM.
Rsm · Charlotte