Our Cyber Risk Advisory Services practice, a specialty advisory practice within PKF O'Connor Davies, provides performance improvement and IT risk services helping companies enhance their cyber and IT risk management and business process functions.
Our Cyber Risk Advisory team helps clients address the risk surrounding their cybersecurity environment; application risk and controls; programs and projects; and compliance of the enterprise. We provide transformational services that have lasting impacts on the way in which our clients optimize their technology investments and manage value, cost and risk.
The Cyber Security Specialist and Penetration Tester is responsible for performing and supervising cybersecurity engagements to create multi-faceted cyber risk management solutions tailored to client environments. Assessments will evaluate client cyber security programs across people, process and technology.
We are a growing practice in the firm, as such, the ideal candidate will have a desire to help to continue to grow this practice area in addition to their own personal skill set. Because we are a growing practice area, the candidate will have the flexibility to be part of the establishment of many key processes and practices.
The responsibilities include but are not limited to:
* Lead engagements in the evaluation of client cyber and information security management programs across people, process and technology. As such, the applicant must be comfortable leading interviews with client personnel. * Perform and manage vulnerability and penetration assessments (network, web, application) to identify control weaknesses, assess the effectiveness of existing controls and provide meaningful recommendations. * Act as a subject matter resource in cyber risk management to lead client discussions. Be a part of proposal creation and own distinct portions of client proposals. * Stay abreast of current business and industry trends relevant to Firm's targeted industries and cybersecurity. * Effectively manage and motivate client engagement teams with diverse skills and backgrounds. * Establish and maintain effective business relationships with client management. * Collaborate with the client engagement team to plan the engagement and develop work programs, timelines, and planning documentation. * When applicable, supervise staff assigned to engagements and provide constructive on-the-job feedback and coaching. * Foster an innovative and inclusive team-oriented work environment. * Ensure high-quality client service by directing daily progress of fieldwork, informing supervisors of engagement status. * Monitor progress, manage risk, and ensure key stakeholders are kept informed about progress and expected outcomes, and propose and take corrective action as appropriate. * Demonstrate and apply strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology and tools to enhance the effectiveness of deliverables and services. * Understand engagement economics, including monitoring and communicating project status and appropriate financial metrics to key stakeholders.
* Bachelor's degree in Computer Science or Information Technology. * Minimum 3 years of related work experience. * CPA or Professional Services Firm experience preferred. * Demonstrated experience in working with governance and risk management concepts in the context of applying and selecting cybersecurity controls and solutions. * Experience with the following types of tool sets or variations thereof: * Nessus * Metasploit * CrackMapExec * PowerShell Empire * Veil * Burp
* Effectively, independent of the tool set used, the applicant must have experience with all aspects of the penetration testing process. The majority of the environments we work with are Windows environments; however, experience with Linux and other environments is a plus. * Experience with social engineering: phishing, vishing and physical testing. * Red teaming experience is a plus. * Knowledge and Experience with assessing cloud environments such AWS and Azure is strongly desired. * Leveraging data analytics applications as part of the assessment process. Idea, Activedata, etc. * Computer forensics experience is a plus. At a minimum, the candidate will be interested in computer forensics and willing to develop this skill set in support of our computer forensics practice. * Demonstrated experience in leading teams. * Ability to examine issues both strategically and analytically. * Ability to listen, understand, read, and communicate effectively both written and verbally in a professional environment. * Demonstrated characteristics of a forward thinker and self-motivator who thrives on new challenges and adapts to learning new knowledge. * Must have a strong desire to continue to learn and stay current of cybersecurity issues and testing approaches. * Strong analytical and problem-solving skills. * Relevant consulting experiences a plus. * A strong work ethic. * Able to work collaboratively in a team environment. * A valid driver's license in the US; travel to client's in the tri-state area required; estimated 30 - 40% travel required. * The successful candidate must hold or be willing to pursue related professional certifications such as the CISSP, OSCP, or equivalent.
Specialized Knowledge and Skills
* Experienced with security and risk standards including HIPAA, ISO 27001-2, PCI DSS, NIST. * Hands on operational experience with vulnerability management and penetration testing tools including the ability to deploy, configure, and run these tools. * Ability to evaluate vulnerability management and penetration testing tools and assist with vendor/tool selection. * Ability to conduct root cause analysis against vulnerabilities and determine feasible technical solutions. * Knowledge of general cybersecurity concepts and methods including, but not limited to, vulnerability management, privacy, incident response, governance, risk and compliance, enterprise security strategies, and architecture.
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.