Position Summary:  International Firm’s Advisory professionals are progressive thinkers who create, protect, and transform value today, so our clients have the opportunity to thrive and grow.  Our advisory practice creates holistic solutions delivered by innovative, curious professionals who bring technical depth and industry insight to our clients.

The professionals in our Client’s Cyber Risk Advisory practice help organizations build cybersecurity strategy into their overall business strategy. This includes supporting our clients to identify and understand their cyber risk exposure, design and implement cybersecurity programs and solutions to mitigate cyber threats and protect their assets, and respond to cyber-attacks and incidents. Our Client’s Cyber Risk Advisory practice is in high-demand and rapidly growing, offering a rewarding and challenging working environment and great career growth potential.

As a member of our Client’s Cyber Defense Solutions team, you will have the opportunity to collaborate with our clients and deliver technical consulting services with a focus on identifying cyber threats, vulnerabilities and risks and supporting the design and implementation of operational security strategies, solutions and architectures.

The manager role offers an excellent opportunity to leverage and display your technical knowledge and experience while broadening your business and project management skills. Responsibilities include end-to-end cybersecurity engagement management, performance of cybersecurity assessments, design and implementation of operational security solutions, and developing and supervising other Firm Cyber Risk colleagues.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Manage and lead the performance of technical cybersecurity assessments, including network penetration testing, red teaming, web application tests and vulnerability assessments.
• Supervise and conduct cybersecurity control assessments in accordance with industry frameworks and leading practices.
• Assist with the performance of compromise assessments to identify indicators of compromise within an organization’s network and systems.
• Perform cyber threat and risk assessments.
• Manage the end-to-end client engagement process, including planning, execution, and reporting.
• Perform quality review of engagement fieldwork, results and deliverables.
• Develop and present tailored recommendations to mitigate cyber threats and risks to both a technical and executive audience.
• Supervise, train and mentor other Cyber Risk team members on client engagements and evaluate the performance of the staff for engagement reviews and year-end performance reviews.
• Proactively interact with key client management to foster a positive relationship, gather information, resolve problems and make recommendations for improvements.
• Work with clients to plan an engagement strategy, define objectives, and address cyber- related risks and issues.
• Assist firm partners and senior management on business development opportunities and new client pursuits, including proposals and prospective client meetings.
• Remain current and apply knowledge of cybersecurity trends and risks.
• Participate in the firm’s on-going recruiting efforts as needed.
• Attend professional development and training sessions on a regular basis.
• Adhere to the highest degree of professional standards and strict client confidentiality.
• Other job duties as assigned.

Qualifications:

• Bachelor’s and/or Master’s degree in Information Technology, Computer Science or Cybersecurity related field is required.
• 5+ years of related cybersecurity experience in a similar consulting practice or function, servicing cross- industry clients at a national level.
• One or more of the following technical certifications is required: OSCP, OSCE, GXPN, GPEN.
• One or more security industry certifications is preferred: CISSP, GSEC, CISM
• Experience leading and performing network penetration testing and the successful exploitation of vulnerabilities. Exploit development is a plus.
• Experience testing web applications for common security vulnerabilities as referenced by OWASP, including, but not limited to, input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues.
• Experience performing vulnerability scanning with an enterprise vulnerability scanner.
• Hands-on working experience with commercial and open source network and application security testing tools, such as Kali Linux, Nessus, Qualys, Core Impact, Metasploit, Webinspect, Burp Suite, NMAP and Wireshark.
• Experience documenting technical testing and assessment results in a formal report format and presenting results to both a technical and executive audience.
• Threat and compromise assessment and threat intelligence platform knowledge and experience is a plus.
• Experience in reviewing security configurations of common network devices (routers, switches, firewalls) and server operating systems (Windows and Linux) is preferred.
• Knowledge of TCP/IP and computer networking.
• Understanding and working knowledge of common security frameworks (e.g., NIST CSF, CIS CSC, ISO 27001/2) is preferred.
• Ability to supervise other firm staff and lead assigned projects effectively.
• Exceptional client service and communication skills, with a demonstrated ability to develop and maintain outstanding client relationships.
• Ability to manage multiple client engagements and competing priorities in a rapidly growing, fast- paced, interactive, results-based team environment.
• Strong leadership, recruiting, training and mentoring skills, coupled with excellent verbal, written and presentation skills.
• Excellent analytical, organizational and project management skills.
• Ability to work additional hours as needed and travel on a regular basis to clients as required.