Listing Description
We are a small, discrete, premier security and intelligence consulting firm that is looking for top IT security resources to join our team. We work with some of the most interesting companies in a variety of industries around the world. You will never know what you will be working on from month to month. It might be doing a risk assessment of a large company one week, drop in to help mature an internal SOC team another, or fly somewhere in the world for an investigation to figure out how something went wrong. Anyone expecting consistency, repeatability, and stability in his/her work need not apply.
You will be working with a team of mostly former CISOs, who help customers in different ways. We focus on what is relevant to protect the business. Our approach is not tool-driven; our customers call us (we don't even have a sales team, we mostly work from referrals) to provide our expertise and strategic guidance to help them prevent bad things from happening to their infrastructure; or fix it after it happens.
We are looking for people with good customer service perspective, who have worked in many industries and can manage customer expectations. You must not be afraid to tell a customer if they are going down a path that is not in their best interest. Also, as a central part to our company's Risk Management Services (RMS) division, the cyber team is often called on to perform more esoteric security tasks for customer base of Fortune 500 companies and high net worth individuals.
Required skills:
" Strong IT security process and/or hands-on technical skills.
" Excellent verbal and interpersonal skills-not afraid to write technical and qualitative reports.
" Support a Risk-Based approach, not tools or "best practices" based approach
" Understanding of modern intrusion methods, actors, and techniques.
" Understanding of current and evolving cyber monitoring, identification, and response techniques.
" Broad technical knowledge of cyber security tools and products.
" Knowledge working with information security standards and frameworks, such as ISO 27k, NIST, CIS Critical Security Controls, HIPAA, GDPR(!) etc.
" Prior experience or understanding of technology implementation requirements and challenges.
" Experience in incident response, forensics, and recovery, particularly for external advanced threat actor intrusions.
Desired skills:
" Strong understanding of implementation and management of traditional IT systems such as email, servers, cloud, and virtual environments, and desktops, mobile, etc.
" Understanding of current methods for cyber event correlation and analytics.
" Experience implementing and managing Cyber Kill Chain methodology.
" Development experience, of any kind.
Position requirements:
" 8 or more years in various IT security roles.
" Prior experience working in internal company security department, AND as security consultant (having had both perspectives here is important).
" Experience, personality, expertise and aptitude more important than education or certifications.
" Must be able to travel and have current passport." Contribute as a cyber security SME to build credibility and trust with customers.
" Participate in enterprise and IT risk assessments.
" Perform or oversee technical assessments, including penetration testing, incident response, and forensics.
" Provide guidance on technical and procedural control implementations for customers.
" Support or provide guidance for cyber incident investigations for customers.
" Interact directly with customer C-level executives to articulate IT risk management concepts
" Stay current with cyber topics, trends, technologies, and relevant news.
" Create position papers on processes, methods, and technologies at customer request.
" Provide cyber security mentorship and guidance to our internal analyst team and support customer-embedded analyst teams as a cyber SME.
" Research and review new security technologies for potential investments.
Listing Details
- Citizenship: No Requirements
- Incentives: Bonus
- Education: No Requirements
- Travel: Travel 50
- Telework: Optional Telecommute