Trainings, talks, and more with a Halloween twist at Specter Bash, Oct 7-10! Learn more
Aug 21 2024 | Duane Michael

Life at SpecterOps: The Red Team Dream

Share

TL;DR

We are hiring consultants at various levels. The job posting can be found under the Consultant opening here: https://specterops.io/careers/#careers

Introduction

Hey there! I’m Duane Michael, a Managing Consultant and red teamer at SpecterOps. Over the past four years, I’ve had a front-row seat to the company’s incredible journey. In that time, we’ve grown by almost 100 employees, built a product, created new teams and capabilities, trained thousands of students, and performed countless unique and challenging penetration tests and red team exercises.

I’m always chatting with applicants, friends, and fellow security geeks about SpecterOps and the unique blend of challenges and opportunities we offer. There’s a certain SpecterOps “sparkle” that’s hard to define but easy to recognize — a passion for pushing the boundaries of security, a collaborative spirit, and a commitment to growth. I find myself wishing I could bottle this essence and share it with a wider audience, hoping to attract more individuals who can contribute to and benefit from this special culture. This blog aims to illuminate some facets of the SpecterOps sparkle that red teamers will find particularly appealing.

The list is not comprehensive and there are many additional benefits and perks to working here that I won’t cover in this blog.

Focus on Personal Sustainability

Burnout is real in this industry. Most of our leadership, all the way to the top, including our CEO and COO, are former operators and understand the importance of sustainability. We know how easy it is to get sucked down the rabbit hole researching the latest technique or Windows bug (feature). We have a flexible time off policy and we will strongly encourage you to take at least four weeks off during the year.

We also recognize that “utilization” is not the consultant’s responsibility; it’s a function of the sales pipeline and scheduling. While we track time to ensure projects are scoped and effectively resourced, you won’t be stressed about meeting arbitrary utilization targets. Your job is to do your best work.

Consultancies are known for their high travel cadence. That was certainly true before 2020, but on-site assessment requirements have significantly decreased post-COVID. An unfortunate side effect of reduced client travel is reduced face-to-face interactions and collaboration. Do you like to travel occasionally to meet up with your team? We offer a “discretionary travel” benefit, where you can optionally fly out to one of our offices for one week per quarter to collaborate with your project team face-to-face. We also coordinate larger department events, where we run hackathons and play mini-golf. Regardless of your travel appetite, we have something for everyone.

Pro-tip: Instructing our training courses is a great way to travel, especially internationally. I’ve had the privilege to take four trips to Europe in two years to teach Adversary Tactics: Red Team Operations.

Professional Development

Our people are what makes us unique, so we invest in you! The most obvious way we invest in our people is through monetary budget benefits, such as our $5000/year professional development (PD) budget and our $5250/year higher education budget. Still, there’s so much more. Money is only half of the equation. PD requires time and a lot of it. We provide all Specters three weeks of PD time to spend in flexible ways, including (but not limited to) training courses, research, tool development, and blog or conference talk creation.

Most recently, I used some of my PD time to develop the Misconfiguration Manager project, blog, and SO-CON and Troopers conference talks. Other Specters commonly use this time for training or progress toward their professional goals.

Details

In addition to personal PD time, we offer various opportunities for consultants to get hands-on experience for one to six months in other areas of the company outside of consulting. We refer to these temporary assignments as “details.” Some teams you may be assigned or request a detail on include:

Internal and Community Products (ICP): The development team responsible for many of the open-source projects SpecterOps is known for, such as Mythic and Ghostwriter. A detail to this team entails development on one of the projects and serves as a great way to flex and build your development muscles.

Earlier this year, Jonathan Owens, one of our Consultants, spent two months detailed to the ICP team to work on the C# Mythic agent, Apollo.

Research and Development (R&D): Our R&D team focuses on large-scale, open-ended research problems and they’re always looking for more. If you have a research idea, you can submit a proposal and you may earn a detail to the team to research and flesh out your idea!

In 2023, Evan McBroom spent three months with the R&D team to research Windows authentication packages and develop the LSA Whisperer tool. Max Harley also spent three months with the R&D team to help build Nemesis.

Internal Product Discovery: Think R&D but specifically working on creating and proving new attack paths in BloodHound!

Our offensive Principal Consultant, Hope Walker, is working with the Product Discovery team to build additional Azure attack paths into BloodHound.

While not officially a “detail,” we also have ample opportunity to make short-form improvements for Consulting Services, which we call “service improvement.” These assignments may include updates to tradecraft, improvements to our offensive CI/CD pipeline, or new tool features.

Lastly, we offer an awesome program called “ICP Sponsorship” where you can submit a project, tool, or idea for sponsorship under the ICP department. This is official backing of your project by SpecterOps and warrants four weeks of development time and a budget for marketing material or development costs. You retain all intellectual property (see below).

Some recent highlights of our ICP Sponsorship program are Nemesis, HardHatC2, SCCMHunter, Maestro, Misconfiguration Manager, and SharpSCCM.

Operations

At SpecterOps, we like challenges and every assessment is different. Our clients are extremely mature and you may find yourself attacking or evading new technology that you’ve never encountered before. That’s OK because we don’t hire for specific skill sets; we hire for aptitude, ability to adapt, and passionate curiosity. We welcome and encourage failure, as that helps us grow. We require humility in the form of requesting help when you need it. We have a culture of supporting one another where everyone is a resource to everyone else. This approach puts the collective knowledge of SpecterOps behind every operation.

Our project managers handle much of the administrative heavy lifting so you can focus on the technical work. Our projects typically span two weeks or more, giving you time to dive deep. And when it’s time to document your findings, we’ll give you an entire week dedicated solely to reporting. Our awesome Technical Editor will ensure your report has that “SpecterOps Sparkle” so you’re not bogged down by style guide rules.

Our infrastructure deployment automation and offensive CI/CD pipeline streamline operations so you can focus on operating, not setup and deployment. Our Technical Services team serves as our “special operations,” providing support on engagements when you get stuck or need advice. You’ll always have a teammate to collaborate with, as we have a two-person integrity requirement for all operations.

Career Progression

At SpecterOps, your technical skills should continue to grow, regardless of your role. Unlike traditional paths that often lead consultants away from hands-on work, we foster a culture where technical expertise is valued at every level. Whether you’re drawn to management, consulting, tool development, or deep technical specialization, your passion for hacking will always have a home here. Our Managers have experience operating in the trenches and understand the importance of career progression. They serve as advocates for Consultants, attempting to align the individual with the projects or focus areas they’re interested in.

Our Associate Consultant position is focused on learning and growth. The manager’s responsibility is to help you develop and evolve into a Consultant and Senior Consultant.

Our Consultant position focuses on being a strong individual contributor. A Consultant can be assigned to any project while developing into a project lead for some service lines.

The Senior Consultant position is meant to be terminal, meaning you don’t have to progress beyond that level if you don’t want to while still earning annual merit salary increases. However, if you do want to progress beyond Senior Consultant, we have three paths available: Principal Consultant, Service Architect, and Managing Consultant.

  • Principal Consultants continue consulting while managing client partnerships and performing scoping. They are the people we rely on to solve nebulous consulting-related problems.
  • Service Architects are the special operators I mentioned above. In addition to providing technical support on operations, they architect new services and improve existing ones.
  • Managing Consultants are the first level of leadership. They manage other consultants of all levels while still performing operations and client projects.

Build Your Brand

Ok, you’re sold, but let me drive the point home…

Remember how I said we invest in you? Much of our marketing material and value comes from our open-source tools, blog posts, research, etc., but we want you to build your own personal brand. SpecterOps will pay the travel costs associated with conference presentations. Want to submit to a CFP in Switzerland? We got you.

We want our Specters to do these things, but we want them to remain yours. SpecterOps has a highly unique open intellectual property (IP) policy. If you perform research or develop an open-source tool, it remains yours. You will publish tools on your personal code repository and blogs on your personal blog of choice.

Take the Next Step

In closing, SpecterOps truly takes a unique approach to employee growth and development. We focus on balance, support, and interesting work.

We are hiring consultants at various levels and would love to hear from you. The job posting (including salary bands) can be found under the Consultant openings here: https://specterops.io/careers/#careers

As a follow-up to this blog, I will publish another short blog about our interview process, what we look for, and the keys to success!

Please feel free to reach out to me on X or LinkedIn if you have any questions about SpecterOps or the role, or directly to careers@specterops.io.

Life at SpecterOps: The Red Team Dream was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.