The Senior Security Consultant at Redhawk Network Security will work closely with our clients to Assess, Evolve, Build, and Test their IT security program. You will identify weaknesses and vulnerabilities in relation to industry best practices and will provide support to the application of security frameworks such as, but not limited to: PCI DSS, HIPAA, and NIST 800-53.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Lead Customer engagements providing information security consultation and assessment services for the following types of engagements:
- Risk assessments.
- IT audits and assessments.
- Technical penetration testing on information systems.
- Social engineering penetration testing.
- Regulatory gap assessments.
- Incident management planning, program development, and response.
- Security program development
- Vulnerability management operational review
- Review, interpret and prioritize information system vulnerabilities.
- Evaluate controls based on regulatory guidance and best practices.
- Provide clear, organized findings and recommendations to clients and track progress towards resolution and compliance.
- Produce detailed, high-quality reports for clients.
- Deliver and explain reports to executive management.
- Share your expertise with clients and colleagues to aid in decisions on topics like strategy and scope as well as deep and highly technical projects like web application architecture and security.
- Work independently, undertake information security engagements including work co-ordination and project management (client interaction, deliverables, work plans, escalation’s, etc.).
- Track and log all billable and non-billable hours in Redhawk’s portal in a timely manner.
- Provide regular status reports on all projects assigned.
Client Engagement (20%)
- Scope and price customer engagements providing information security consultation and assessment services, helping our clients meet their compliance obligations by evaluating their business, technology and operations against security standards such as PCI DSS, HIPAA, and NIST 800-171.
- Build professional and meaningful relationships while managing customer expectations and deliverables.
- Grow the business by identifying up-sells with existing clients.
Security Program Management (10%)
- Build, evolve, and continuously improve Redhawk’s Security Program Methodology and Services portfolio.
- Build, evolve, and continuously improve Redhawk’s Cyber Security Software security modules to support new and existing consulting offerings.
- Research, document, and maintain current knowledge for future security frameworks and standards.
- Build, evolve, and continuously improve Redhawk’s delivery methodology.
- Conduct Regular reviews of individual progress plan with supervisor.
Coaching and Mentoring (10%)
- Coach and mentor peers and junior consultants.
- Assist with developing training programs for more junior consultants.
Maintain a positive work atmosphere by acting and communicating in a manner so that the employee gets along with clients, vendors, co-workers, and management. Employees must maintain a positive public image when representing the company in public engagements.
This job has no direct reporting responsibilities but does include leadership and mentoring responsibilities.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
EDUCATION and/or EXPERIENCE
Qualified candidates will have the following:
- Bachelor’s Degree or an additional four years of experience
- Five or more years of experience in an IT security testing, audit, assessment, and/or compliance role.
- Must have previous professional experience providing consultative services as either an internal SME or as a third-party consultant.
- Strong professional expertise in information security, must have the ability to thoroughly understand complex principles and apply them practically.
- Comfortably present security concepts or findings to both highly technical and entirely non-technical audiences.
- Strongly prefer candidates with payment card (PCI DSS, PA-DSS, P2PE, PFI), financial (GLBA, SOX, SSAE 16) or health care (HIPAA/HITECH) experience.
- Experience with forensic analysis or incident response.
- Must be willing to participate after business hours events and relevant professional organizations like OWASP, InfraGard, and ISACA.
- Minimum of one year of experience in EACH of the following security disciplines:
- Application security.
- Information systems security.
- Network security.
- IT security auditing.
- Information security risk assessment or risk management.
Qualified candidate will have the following:
- Being a team player and having the capability to expand/adapt your skills in fast-paced ever-changing industry.
- Learning from our close-knit group as well as contributing your thoughts, tools, industry news or lessons learned.
- Ability to manage all phases of the project life cycle.
- Capable of managing multiple projects and multiple resources at a time.
- Task oriented and able to manage projects to a timely project completion.
- Experience working with multiple clients in a consultative environment.
- Superior inter-personal and conflict resolution skills.
- Successful phone-based relationship building skills and in-person skills.
- Manage client or internal stakeholder expectations.
- Data and Analytical mind-set.
- Troubleshooting skills, with a creative ability to overcome challenges and problem-solve.
- Very strong organizational and project management skills.
- Flexible, team-oriented.
- Strong communication – writing and verbal.
- Innovative and proactive.
- Strong business acumen.
PREFERRED QUALIFICATIONS, CERTIFICATES, LICENSES & REGISTRATIONS
In-depth knowledge of internally used applications, systems, and standard network protocols to produce solutions that are or can be considered industry standards. Possess proactive initiative and deductive reasoning. The candidate must have the ability to work autonomously with favorable results.
CERTIFICATIONS, LICENSES, REGISTRATIONS
Must have two (2) or more of the following certifications*:
- Qualified Security Assessor (QSA)
- Certified Information System Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- GIAC Systems and Network Auditor (GSNA)
- Certified ISO 27001, Lead Auditor, Internal Auditor
- International Register of Certificated Auditors (IRCA)
- Information Security Management System (ISMS) Auditor
- Certified Internal Auditor (CIA)
- Penetration Testing Certifications (CEH/OSCP/GPEN)
*Other comparable certifications may be accepted.
The above primary duties, responsibilities, and position requirements are not all inclusive. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Ability to meet the physical demands of this position including:
- Willingness and desire to travel – moderate to heavy (50%) travel is required.
- Sitting for extended periods of time.
- Dexterity of hands and fingers to operate a computer keyboard, and mouse.
Individuals who receive job offers will be required to complete pre-employment screening that includes a background check verifying name, residences, education, work experience, and criminal convictions consistent with the Fair Credit Reporting Act.
Redhawk offers a high growth environment with excellent compensation and eligibility for our 401(k), health/dental insurance, and more.
Redhawk Network Security, LLC is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class.
If you are looking to be challenged and to grow professionally, and you want to be valued and recognized for your contributions, Redhawk is looking for you.
Founded in 2000, Redhawk Network Security has more than 15 years of experience providing leading-edge cyber security services and is devoted to the highest standards of service and security. Redhawk recognizes our team members are our primary asset, and we have built a compensation and benefits package designed to help our employees thrive both personally and professionally. We encourage every client to take ownership of the confidentiality, integrity, and availability of their valued information and operational security.
Email your resume to: [email protected]
To apply for this job please visit redhawksecurity.com.