We are a specialized boutique consulting firm looking for a Cyber Security Senior Consultant to help double the size of our firm by 2018. We represent Fortune 500 and newly public high growth entities in rapidly changing environments in the Los Angeles and Orange County markets. We offer a very reasonable work / life balance, flexible schedules, high base salaries, and bonuses paid both monthly and annually. You will work with the largest entertainment and public companies to review information system and network security which requires a thorough understanding of information security frameworks, ERP and cloud-based applications, and information system auditing and vulnerability assessment techniques. As a result, you will have the opportunity to grow your career in a collaborative environment that is a playground for highly skilled, self-motivated professionals. You will partner on advisory services project teams to assess and improve our client’s IT environments, procedures, and controls related to their regulatory compliance and strategic objectives. Strongly prefer candidates with Big-4 CPA or national consulting firm experience who have serviced multiple clients in a variety of industries.
If you’re interested, here is the challenge for your first year with our firm.
- Demonstrates a thorough understanding of:
- IT security risk assessment frameworks, including implementation experience
- IT Security industry and regulatory requirements including participating in audit or remediation activities for requirements such as PCI-DSS, Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Meaningful Use, SSAE-16 SOC 2 etc.
- IT governance and security related frameworks, such as COBIT, NIST 800-53, ISO27000 and current cyber security trends
- Conducting IT security technical and functional assessments, including drafting observations and recommendations, and assisting with remediation activities
- Performing wireless, internal and external network, and web application vulnerability and penetration testing and the ability to document technical observations and recommendations
- Vulnerability and Penetration Testing Standards such as OWASP top 10, DoD or NSA
- Some scripting knowledge Windows, Unix, Bash, Python, Perl or Ruby
- Security policies, tools and technology including Identity and Access Management, Data Loss Prevention (DLP), SIEM solutions, Firewall, Web Proxy, Anti-Virus, and Application Whitelisting solutions
- Conduct technical security vulnerability and penetrations testing assessments on our client’s web applications, wireless, internal and external networks and providing actionable and risk prioritized observations and recommendations
- Complete the assigned IT security and application controls on 1-3 project teams, within the given budget with minimal supervision by:
- Creating system narratives, identifying key controls, and concluding on design and operating effectiveness of key controls.
- Demonstrating clear and concise writing, and verbal skills to communicate complex issues in simple terms to clients and team members.
- Producing quality deliverables evidenced through minimal review time and review notes.
- Actively improving technical and project management skills through on the job feedback, performance evaluations, mentoring and firm-sponsored formal training programs including monthly CPE and Subject Matter Expert (SME) training.
- Responding to client needs and balancing the competing priorities with minimal client disruptions, while maintaining project progress.
Upon successfully demonstrating the skill set listed above you will have the opportunity to earn a promotion to Manager. As a Manager you will be responsible for:
- Building internal teams through participation in our mentoring program and interviewing.
- Managing one to several individual project teams, project scheduling, reviewing of workpapers, and being the primary point of contact between the team and the client.
- Bachelor’s degree is required in a related field; information systems or computer science preferred
- Minimum 3+ years of relevant work experience in incident response, vulnerability assessments, penetration testing, ethical hacking, security architecture design, including supervisory experience, is required; Big-4 IT Audit /Cyber Security consulting experience strongly preferred.
- 2+ years of hands-on application and web application security experience
- Certification(s) Preferred: CPTC, CPTE, GPEN, CEH, CISSP, CISM or CISA
- Must have a willingness to learn and support IT internal audit, SSAE16 – SOC 1 Type II and Sarbanes-Oxley projects
- Strong experience in performing application penetration testing, as well as using techniques and tools such as Cenzic, Wireshark, Kali Linuz, NMAP, Burp Suite, etc.
- Must be able to articulate complex and technical information to a technical and non-technical audience
- Ability to understand IT risks and implications to the business, identify weaknesses and recommend solutions
- Self-directed, with the ability to thrive in a fast-paced and collaborative environment
- Flexible, team player and deadline oriented
- Flexibility to travel to clients within the greater Los Angeles Area
Are you ready for the challenge? If so please apply here.