Open - National Search | direct hire
Our client is a national consulting firm with a business risk services team focused on cyber risks. Their cyber risk professionals help companies build cybersecurity strategy into the overall business strategy to fend off third-party, criminal and internal risk, and guard proprietary and customer data.
Essential Duties And Responsibilities
- Manage and lead the performance of technical cybersecurity assessments, including network penetration testing, red teaming, web application tests and vulnerability assessments.
- Supervise and conduct cybersecurity control assessments in accordance with industry frameworks and leading practices.
- Assist with the performance of compromise assessments to identify indicators of compromise within an organization’s network and systems.
- Perform cyber threat and risk assessments.
- Manage the end-to-end client engagement process, including planning, execution, and reporting.
- Perform quality review of engagement fieldwork, results and deliverables.
- Develop and present tailored recommendations to mitigate cyber threats and risks to both a technical and executive audience.
- Supervise, train and mentor other Cyber Risk team members on client engagements and evaluate the performance of the staff for engagement reviews and year-end performance reviews.
- Proactively interact with key client management to foster a positive relationship, gather information, resolve problems and make recommendations for improvements.
- Work with clients to plan an engagement strategy, define objectives, and address cyber- related risks and issues.
- Assist firm partners and senior management on business development opportunities and new client pursuits, including proposals and prospective client meetings.
- Remain current and apply knowledge of cybersecurity trends and risks.
- Participate in the firm's on-going recruiting efforts as needed.
- Attend professional development and training sessions on a regular basis.
- Adhere to the highest degree of professional standards and strict client confidentiality.
- Other job duties as assigned.
- Bachelor's and/or Master’s degree in Information Technology, Computer Science or Cybersecurity related field is required.
- 5+ years of related cybersecurity experience in a similar consulting practice or function, servicing cross- industry clients at a national level.
- One or more of the following technical certifications is required: OSCP, OSCE, GXPN, GPEN.
- One or more security industry certifications is preferred: CISSP, GSEC, CISM
- Experience leading and performing network penetration testing and the successful exploitation of vulnerabilities. Exploit development is a plus.
- Experience testing web applications for common security vulnerabilities as referenced by OWASP, including, but not limited to, input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues.
- Experience performing vulnerability scanning with an enterprise vulnerability scanner.
- Hands-on working experience with commercial and open source network and application security testing tools, such as Kali Linux, Nessus, Qualys, Core Impact, Metasploit, Webinspect, Burp Suite, NMAP and Wireshark.
- Experience documenting technical testing and assessment results in a formal report format and presenting results to both a technical and executive audience.
- Threat and compromise assessment and threat intelligence platform knowledge and experience is a plus.
- Experience in reviewing security configurations of common network devices (routers, switches, firewalls) and server operating systems (Windows and Linux) is preferred.
- Knowledge of TCP/IP and computer networking.
- Understanding and working knowledge of common security frameworks (e.g., NIST CSF, CIS CSC, ISO 27001/2) is preferred.
- Ability to supervise other firm staff and lead assigned projects effectively.
- Exceptional client service and communication skills, with a demonstrated ability to develop and maintain outstanding client relationships.
- Ability to manage multiple client engagements and competing priorities in a rapidly growing, fast- paced, interactive, results-based team environment.
- Strong leadership, recruiting, training and mentoring skills, coupled with excellent verbal, written and presentation skills.
- Excellent analytical, organizational and project management skills.
- Ability to work additional hours as needed and travel on a regular basis to clients as required.