Senior Consultant, Cyber Security Services

Stroz Friedberg Published: March 15, 2017

<p>&lt;p class="p1"&gt;&lt;span class="s1"&gt;This Senior Consultant will be part of a part of a cross-functional security risk team that gathers technical and procedural information, deploys necessary tools to test and validate IT infrastructure, identifies vulnerabilities, analyzes information derived from engagements to determine information security risks and provides remediation assistance.&lt;/span&gt;&lt;/p&gt;<br />
&lt;p class="p1"&gt;&lt;span class="s1"&gt;The responsibilities of this position include but are not limited to the following:&lt;/span&gt;&lt;/p&gt;<br />
&lt;ul class="ul1"&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Assess and investigate client IT security programs and environments via interviews and technical information analyses.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Understand existing client processes and controls with respect to electronic and non-electronic information security.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Develop client security programs by reviewing existing programs; conducting comprehensive reviews of threats; evaluating and analyzing relevant data points.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Engage in Security Architecture reviews, regulatory compliance initiatives and information security program reviews.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Assist with developing Information Security Plans and Policies, including those for Incident Response, customized to client requirements and risk profile.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Coordinate with Stroz Friedberg security specialists, incident response handlers, digital forensic experts, network engineers, system engineers and Web application engineers to explore and report on specific security risk issues in depth.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Provide recommendations on IT solutions to help clients manage information security risk.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Assess IT network and security architectures as they relate to managing identities and access privileges, delegated administration models, workflow and access control models.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Document results of security risk analyses and formally present to clients.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Track emerging security practices and contribute to building internal processes.&lt;/span&gt;&lt;/li&gt;<br />
&lt;/ul&gt;<br />
&lt;p class="p1"&gt;&lt;span class="s1"&gt;&lt;b&gt;Essential Job Functions&lt;/b&gt;&lt;/span&gt;&lt;/p&gt;<br />
&lt;p class="p1"&gt;&lt;span class="s1"&gt;This position requires handling multiple engagements with overlapping deadlines. A demonstrated ability to write clear, coherent and precise reports on a multiplicity of complex technical issues is essential. &lt;/span&gt;&lt;/p&gt;<br />
&lt;p class="p1"&gt;&lt;span class="s1"&gt;Expert level technical skills in some of the following areas:&lt;/span&gt;&lt;/p&gt;<br />
&lt;ul class="ul1"&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Hands on experience with Nmap, Nessus, Nexpose, Qualys, Burp, Kali, Metasploit, Meterpreter, Wireshark, Kismet, Aircrack-ng.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Hands on experience with network architecture, including network security.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Hands on experience with Active Directory security, including scans, best practices and security configuration.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Hands on experience with Application Security controls including design, dynamic scans, static code analysis.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Identity and access management (I&amp;amp;AM) experience with Active Directory, NTFS permissions, LDAP and Single Sign On (SSO) solutions.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Application and database security experience, including code reviews.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Network and security engineering experience, including log and network traffic capture analysis.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Experience with system hardening procedures for Windows, Linux, Unix.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Security operations experience with firewalls, IDS/IPS, SEIM platforms&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Security policy, governance, privacy or regulatory experience (e.g., NIST, ISO, HIPAA, PCI).&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Knowledge of BYOD and Mobile Device Management platforms.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Knowledge of programming and scripting for development of security tools and industry frameworks.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.).&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Knowledge of industry standard frameworks – NIST, ISO, HIPAA, PCI.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Knowledge of TCP/IP Protocols, network analysis and network/security applications.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Passion for creating tools and automating processes.&lt;/span&gt;&lt;/li&gt;<br />
&lt;/ul&gt;<br />
&lt;p class="p1"&gt;&lt;span class="s1"&gt;&lt;b&gt;Experience&lt;/b&gt;&lt;/span&gt;&lt;/p&gt;<br />
&lt;p class="p1"&gt;&lt;span class="s1"&gt;The ideal candidate would have 5+ years in progressively sophisticated roles in information security engineering and/ or IT technical project management.  The position requires a strong, diverse technical background and truly exceptional oral and written communications skills.  The candidate must demonstrate proven success in working in a team as well as independently and exhibit follow-through to understand root causes of issues. This position calls for an individual who exhibits thoughtful introspection but is also able to assess a broad spectrum of issues. A collaborative approach is a must, as well as the ability to effectively communicate with a wide range of technical and non-technical personnel. Finally, personal flexibility and the ability to travel globally is required.&lt;/span&gt;&lt;/p&gt;<br />
&lt;ul class="ul1"&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;3+ years of IT security engineering with expertise in either network or application security.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Experience performing security and risk assessment work.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Excellent written and verbal communication skills.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;Client facing consulting experience is a plus.&lt;/span&gt;&lt;/li&gt;<br />
&lt;li class="li1"&gt;&lt;span class="s1"&gt;IT security certifications (CISM, CISSP, OSCP, OSCE, GIAC) is a plus.&lt;/span&gt;&lt;/li&gt;<br />
&lt;/ul&gt;<br />
&lt;p class="p1"&gt;&lt;span class="s1"&gt;&lt;b&gt;Education&lt;/b&gt;&lt;/span&gt;&lt;/p&gt;<br />
&lt;p class="p1"&gt;&lt;span class="s1"&gt;Bachelors Degree in computer science or information technology.  Masters degree in information/computer science or a technology-related field preferred.&lt;/span&gt;&lt;/p&gt;</p>