The Security Consultant will work as part of a team assessing the security and compliance of client firms against regulatory and industry requirements and standards, and against security best practice frameworks.

Requirements

  • Minimum 2-3 years of experience in the IT industry
  • Strong familiarity with the applicable NIST Special Publications 800-37 Revision 2, 800-53 Revision 5, and 800-53A Revision 5
  • Technical and detailed understanding of NIST 800-53 Rev 5 AT, CA, CM, CP, IR, MA, MP, PE, PL, PS, RA, SA, SI control families
  • Ability to lead testing sessions for assigned controls
  • Ability to independently research a technical topic and develop logical testing approaches to validate 800-53 control implementations
  • Ability to assist team members with proper artifact collection and detail to client's examples of artifacts that will satisfy assessment requirements
  • Read and interpret all control families
  • Read and interpret firewall rulesets and network/boundary/data flow diagrams
  • Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
  • Strong personal initiative to appropriately manage time and meet deadlines
  • Strong Consulting skills; ability to advise and challenge the status quo while building strong relationships
  • Ability to build high-trust relationship and credibility quickly
  • High attention to detail
  • Ability to facilitate meetings to small or large groups
  • Diplomatic and broad-minded
  • Strong technical researcher
  • Bachelor's degree (four-year college or university) in IT or business, or equivalent combination of education and work experience
  • Possess one of the following certs: Cisco Certified Network Associate Security (CCNA Security), Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops), Cybersecurity Analyst (CySA+), GIAC Certified Incident Handler (GCIH), GIAC Systems and Network Auditor (GSNA), GIAC Certified Intrusion Analyst (GCIA), Certified Information Systems Auditor (CISA), Certified Information System Security Professional or Associate (CISSP or Associate), Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Officer (CISSO), CyberSec First Responder (CFR), CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE), CompTIA Cloud+ (Cloud+), Global Industrial Cyber Security Professional (GICSP), Securing Cisco Network with Threat Detection Analysis (SCYBER), BCR Cyber Technical Proficiency Testing Activity

Benefits

  • Paid parental leave
  • Flexible time off
  • Certification and training reimbursement
  • Digital mental health and wellbeing support membership
  • Comprehensive insurance options