Advisory Red Consultant

Summary/Objective  

The Consultant position will be part of Security Risk Advisors’ Advisory practice, which is comprised of Assessments, Threat Management, and GRC & Strategy services. Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding for both our clients and our team. This is an outstanding opportunity to work with a wide variety of tool sets and across various well-known client organizations.  

Successful candidates have outstanding technical skills, impeccable soft skills, and are well-organized, self-directed individuals with familiarity working for a service-based information security consultancy.   

Essential Functions   

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.  

• Security Strategy and Architecture:  Collaborate with team members to assist with the design and implementation of security strategy and architecture across platforms for a variety of solutions. Use tools such as FireEye, Fidelis, Splunk, Intel/McAfee, RSA, IBM, Symantec, Palo Alto, Resilient, Cybereason, Tanium, CarbonBlack, Bro and Snort.  Apply Threat Management’s services across multiple client engagements involving Incident Response (IR), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), Network Traffic Analysis, Security Information and Event Management (SIEM), Enterprise Security Architecture and Perimeter Management.   
• Compliance Assessments: Conduct interview-based and evidence-based compliance assessments against frameworks like NIST, ISO & PCI.    
• Data Flow Diagrams: Develop visual data flow diagrams to help clients better understand the data they store and the systems it touches.    

• NIST Cyber Security Assessment: Review and assess the maturity of a complete security program.  
• Program Design: Review and advise on best practices for building critical programs like Third Party Risk Assessment, Application Security, Policy, and Control Testing.  
• Third Party Risk Assessments: Perform in-depth assessments of our client’s third parties and ensure that our client’s data is not at risk.    
• Tools Development: Develop tools to ongoing GRC Activities using solutions like RSA Archer, ServiceNow and others.    
• Red Teams: adaptive, flag-based red team engagements designed to demonstrate the impact of a dedicated, persistent attacker.   
• Purple Teams: the “open-book” approach to penetration testing, working side-by-side with our internal and client blue teams to strengthen defense against real attackers.    
• Web and Mobile Assessments: dynamic web and mobile application security testing.    
• Penetration Testing: assess internal and external networks for common and custom security    
  flaws that can lead to widespread access to sensitive systems and data.  
• Tactical Assessments: social engineering, spear phishing, physical break-ins, product security assessments, industrial control systems, architecture reviews.  
• Documentation: document evidence of work in reports and status updates.  
• Research and Innovation: use knowledge gained to conduct research initiatives with the purpose of improving our services and giving back to the community.  
• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.  

Supervisory Responsibility  

Not applicable.  

Work Environment    

This job operates in a professional office environment or remotely as needed/required. This role routinely uses standard office equipment.  

Physical Demands    

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is regularly required to talk and hear; use hands to finger, handle, or feel; and reach with hands and arms. The employee frequently is required to stand and walk. This is a largely sedentary role.  

Candidates with disabilities are encouraged to apply and email careers@sra.io with any questions. Reasonable accommodations may be made to enable disabled individuals to perform the essential functions of this role.  

Position Type/Expected Hours of Work   

This is a full-time position and hours of work and days are Monday through Friday 8:30am to 5pm. Occasional evening and weekend work may be required as job duties demand.  

Travel  

• Willingness to travel 30-50% depending on assignments and specializations.  
• Willingness to travel internationally and domestically on a more frequent basis.  

Requirements

Required Education and Experience  

• Bachelor’s degree in information technology, IT Security, Computer Science, Computer Engineering, or equivalent experience. 
• Previous professional information security consulting experience.  

• Punctuality and timely attendance to external client and internal stakeholder needs. 

Preferred Qualifications and Experience  

• Knowledge of programming or scripting languages.  

Competencies  

• Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.  
• Demonstrable aptitude for technical writing, including assessment reports, presentations, and operating procedures.  
• Experience communicating with clients and independently managing client projects.  
• Knowledge of Windows and *NIX-based operating systems.  
• Knowledge of networking fundamentals and common attacks/defenses.  
• Experience managing multiple projects at once.  
• Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy.  
• Strong written/verbal communication and interpersonal skills.  
• Excellent technical skills, impeccable soft skills, and organization skills.   
• Strong written and verbal communication skills to effectively communicate successes and obstacles with team members and leads, as well as client stakeholders.   

Other Duties    

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.  

EEO Statement  

Security Risk Advisors is an Equal Opportunity Employer and prohibits discrimination or harassment of any kind. All employment decisions at SRA are based on business needs, job requirements, and individual qualifications, without regard to race, color, sex, sexual orientation, gender identity or expression, age, religion, national origin, disability, marital or family status, veteran status, medical condition, or any similar category protected under federal, state, or local laws.    

Benefits

SRA’s mission is to level up every day to protect our clients and their customers. This begins with our team members and their experience. SRA prides itself on maintaining a culture where team members have a shared sense of support and belonging, consistent with our It’s Personal company value. At SRA, we prioritize transparent career pathing, varied DEI programming and community groups, competitive benefits including mental health support, and an emphasis on a sustainable, healthy, and engaging work culture. SRA has twice been named a Best Place to Work by the Philadelphia Business Journal.   

These Essential Functions, Requirements, and Skills are guidelines. If you are a candidate who does not meet this exact job description but can demonstrate excellent organization, attention to detail, professionalism, flexibility, and self-direction in your professional background, we hope you apply. SRA values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, and veterans to apply.  

Work with Experts: Robust internal training program, plus Company-paid external training. SRA recognizes the value of professional development for employees. Therefore, we encourage our employees to pursue continuing education and role-specific training. Every SRA employee is eligible to attend one training per year paid for by SRA. 

Corps Training Program: Our SRA Corps training program is a six-week experience for May new hires that begins with one week of orientation at our Philadelphia headquarters. Whether new hires are interns, co-ops, or full-time consultants, SRA Corps members meet our founders, learn our values, and experience a day in the life of a cybersecurity consultant. Following orientation, Corps members return to their home office and participate in trainings such as Consulting 101, Enterprise Networks, Cloud Security and more. Our leaders provide hands-on offensive, defensive, and frameworks boot camps. 

Mental Health Services: SRA has partnered with BetterHelp to provide SRA employees with free mental health support. BetterHelp connects individuals with licensed therapists for chat, video, and phone sessions. 

Medical / Dental / Other (regular full-time employees only) 

• Generous medical, dental, and vision benefits at different price points. 
• Company-paid disability and life insurance. 
• Company 401(k) plan including annual 3% safe harbor contribution. 
• Free patient advocacy service that helps find care providers and resolve insurance queries. 
• Free on-site wellness programming covering both emotional and physical wellness. 
• Generous parental leave, sick leave, and vacation policies. 
• Option to work remotely or with a flexible schedule when needed. 
• Company-paid cell phone with discounted accessories. 
• 1-2-3 Give Program: 1. SRA will give $1,000 to a charity of your choice. 2. If you give an additional amount (up to $1,000), then 3. SRA will match that amount up to $1,000. 

(Subject to change)