Principal Offensive Security Engineer (macOS)

SpecterOps is seeking a principal offensive security engineer to support adversary simulation and detection engagements, perform security research, develop offensive tooling, and create and provide security related training for the macOS platform. In this role you would serve as an internal subject matter expert for the macOS platform.

A successful candidate will have excellent technical skills, impeccable soft skills, and be a well-organized, self-directed individual.

Salary Range (Base salary annually, commensurate with experience): $160,000 - $200,000

Location: This position is remote, based in the U.S. with optional travel quarterly for in person company events and other ad hoc meetings.

Responsibilities

• Serve as a subject matter expert (SME) for offensive macOS operations and related technical capability development

• Contribute to the development of macOS based agents for the Mythic C2 framework

• Contribute new or improve existing content for SpecterOps training courses and assist in the delivery of course offerings (e.g., primary instruction and student support)

• Serve as a primary instructor for the SpecterOps Adversary Tactics: Mac Tradecraft course at private and public offerings (including at BlackHat USA)

• Conduct security related research into the macOS platform

• Publish security related content for the macOS platform (e.g., blogs, webinars, white papers, conference talks)

• Plan and conduct offensive engagements ranging in size, scope, focus, and approach

• Effectively communicate findings, attack paths, and recommendations, and strategy to technical and executive client stakeholders through written reports and verbal presentations

• Build scripts, tools, or methodologies to enhance offensive services

• Utilize common offensive security testing tools and tradecraft

• Stay up to date with cutting-edge adversary tradecraft and vulnerabilities

• Effectively communicate successes and obstacles with fellow team members and team lead(s)

• Interface with client contact(s) and staff in a constructive and professional manner

• Participate in engagements from kickoff through remediation, and mentoring less experienced team members in relevant macOS tradecraft

• Train team members in adversary Tactics, Techniques, and Procedures (TTPs) and tools

Requirements

• A minimum of 5 years experience in offensive security

• Strong knowledge of the macOS operating system internals and current security challenges

• Proficient with Objective-C or Swift

• Familiarity with ARM (M1/2)-based macOS machines

• Experience with XPC, TCC, and the hardened runtime on macOS

• Experience with post-exploitation frameworks such as Mythic, Cobalt Strike, Metasploit, Sliver, or Covenant

• Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy

• Strong written/verbal communication and interpersonal skills

• Willingness to develop and deliver training content as a lead course instructor

• Willingness to mentor and train fellow consultants

• Willingness to support delivery of public and private training offerings (e.g., providing lab support, fielding student questions, etc)

• Ability to travel domestically and internationally an average of 25% over the course of one year

• Must be able to pass a criminal background check

Desired Qualifications

• Strong portfolio of public community contributions (e.g., research, conference presentations, blog posts, white papers, public tool development)

• Reverse Engineering skills: familiar with debuggers, disassemblers, network protocols, file formats, sandboxes, and hardware/firmware internals 

• Familiarity with JXA

• Experience leading small teams and engagements

• Experience communicating with clients and delivering presentations

• Experience independently managing client projects

• Aptitude for technical writing, including assessment reports, presentations and operating procedures

• Ability to contribute to the majority of offensive security service offerings as part of a team for the full project lifecycle

• Determination to better self and the overall information security community through research efforts and release through blog posts, conference talk delivery, open-source tool release, and white paper publication

• Proficient with Active Directory and related offensive techniques

• Proficient with Windows and *NIX-based operating systems and related offensive techniques

• Proficient with networking concepts and related offensive techniques

Nice to Haves

• Bachelor's degree (or above) in a technical field

• Experience participating in and/or leading Fortune 1000 and/or large Federal Government security assessments

• Experience in technical writing

• Experience working for a service-based information security consultancy

• Experience developing and/or providing technical training

• Desire to travel internationally and domestically on a more frequent basis (more than 50%)

What We Offer

• Health/Dental/Vision: 100% covered for employee and family

• Life insurance: 100% covered

• 401(k): up to 4% match

• Equity and a potential bonus based on company performance

• Flexible paid leave

• Flexible work schedule

• Open intellectual property policies; allow researchers to retain rights over open sourced research and tools

• $225 monthly internet and cell phone stipend

• $1,000 annual technology/work from home budget

• $5,000 annual training/conference budget

• In person and virtual employee events throughout the year

• And of course, company swag! 

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

#LI-REMOTE