Infrastructure Security Consultant
Washington, DC | direct hire
Our client is a national consulting firm with a business risk services team focused on cyber risks. Their cyber risk professionals help companies build cybersecurity strategy into the overall business strategy to fend off third-party, criminal and internal risk, and guard proprietary and customer data.
· Adhere to the highest degree of professional standards and strict client confidentiality.
· Execution of assigned client engagements from start to finish, which includes the engagement planning, directing, and completion of IT security assessment deployments while managing those engagements to budget.
· Apply current knowledge of IT and cyber trends and to identify security and risk management issues and other opportunities for improvement.
· Perform vulnerability assessments, security configuration reviews, penetration tests, web application security assessments, and security program assessment activities.
· Assist clients in planning and executing remediation plans identified in assessment activities.
· Work with the client to plan an engagement strategy, define objectives, and address technology- related controls risks and issues.
· Proactively interact with key client management to gather information, resolve problems and make recommendations for improvements.
· Ability to manage multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment.
· Additional duties as assigned.
· Familiarity with threat and vulnerability management solutions, including Qualys, Rapid 7, Brinqa, Kenna.
· Assessing, designing and implementing application security programs, including facilitating a secure SDLC and performing code analysis.
· Assessing, designing and implementing end-point security solutions and platforms. Hands-on working experience with relevant enterprise technology (E.g. McAfee, Symantec, Carbon Black, etc)
· Experience with the secure configuration of various infrastructure platforms and devices such as Microsoft Windows, Unix / Linux, and common network devices (routers, switches, firewalls).
· Working knowledge of cybersecurity industry best practices and guidance, including NIST Cybersecurity Framework, OWASP, CIS Critical Security Controls, ISO 27001/2.
· Understanding of TCP/IP protocol suite.
· Experience in project management and the ability to clearly communicate security technology issues verbally on both a formal and informal basis to all levels of client staff.
· Exceptional client service and communication skills, with a demonstrated ability to develop and maintain outstanding client relationships.
· Ability to work additional hours as needed and travel on a regular basis to clients as required.
· Travel for this position can go as high as 60%.