Advisory Blue Consultant

The Consultant position will be part of Security Risk Advisors’ Advisory practice, which is comprised of Assessments, Threat Management, and GRC & Strategy services. Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding for both our clients and our team. This is an outstanding opportunity to work with a wide variety of tool sets and across various well-known client organizations.  

Successful candidates have outstanding technical skills, impeccable soft skills, and are well-organized, self-directed individuals with familiarity working for a service-based information security consultancy.   

Responsibilities:

• Security Strategy and Architecture:  Collaborate with team members to assist with the design and implementation of security strategy and architecture across platforms for a variety of solutions. Use tools such as FireEye, Fidelis, Splunk, Intel/McAfee, RSA, IBM, Symantec, Palo Alto, Resilient, Cybereason, Tanium, CarbonBlack, Bro and Snort.  Apply Threat Management’s services across multiple client engagements involving Incident Response (IR), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), Network Traffic Analysis, Security Information and Event Management (SIEM), Enterprise Security Architecture and Perimeter Management.   
• Compliance Assessments: Conduct interview-based and evidence-based compliance assessments against frameworks like NIST, ISO & PCI.    
• Data Flow Diagrams: Develop visual data flow diagrams to help clients better understand the data they store and the systems it touches.    
• NIST Cyber Security Assessment: Review and assess the maturity of a complete security program.  
• Program Design: Review and advise on best practices for building critical programs like Third Party Risk Assessment, Application Security, Policy, and Control Testing.  
• Third Party Risk Assessments: Perform in-depth assessments of our client’s third parties and ensure that our client’s data is not at risk.    
• Purple Teams: the “open-book” approach to testing, working side-by-side with our internal and client RED teams to strengthen defense against real attackers.    
• Documentation: document evidence of work in reports and status updates.  
• Research and Innovation: use knowledge gained to conduct research initiatives with the purpose of improving our services and giving back to the community.  
• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.  

Requirements

• Previous professional information security consulting experience.  
• 1-4 years of experience within information technology.
• Be well versed one of the following: SIEM, EDR, incident response, or security architecture. Also, can independently execute a project in that category.
• Strong organization skills with attention to detail.
• Interest in taking the initiative for personal growth and development.
• Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.
• Punctuality and timely attendance to external client and internal stakeholder needs. 
• Bachelor’s degree in information technology, IT Security, Computer Science, Computer Engineering, or equivalent experience. 
• Willingness to travel 30-50% depending on assignments and specializations.  
• Willingness to travel internationally and domestically on a more frequent basis.  

Competencies

• Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.  
• Demonstrable aptitude for technical writing, including assessment reports, presentations, and operating procedures.  
• Experience communicating with clients and independently managing client projects.  
• Knowledge of Windows and *NIX-based operating systems.  
• Knowledge of networking fundamentals and common attacks/defenses.  
• Experience managing multiple projects at once.  
• Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy.  
• Strong written/verbal communication and interpersonal skills.  
• Excellent technical skills, impeccable soft skills, and organization skills.   
• Strong written and verbal communication skills to effectively communicate successes and obstacles with team members and leads, as well as client stakeholders.   

If your experience looks a little different from what we’ve identified and you think you'd make a great fit, we’d love for you to apply!

Benefits

Work with Experts: Robust internal training program, plus Company-paid external training. SRA recognizes the value of professional development for employees. Therefore, we encourage our employees to pursue continuing education and role-specific training. Every SRA employee is eligible to attend one training per year paid for by SRA. 

Corps Training Program: Our SRA Corps training program is a six-week experience for May new hires that begins with one week of orientation at our Philadelphia headquarters. Whether new hires are interns, co-ops, or full-time consultants, SRA Corps members meet our founders, learn our values, and experience a day in the life of a cybersecurity consultant. Following orientation, Corps members return to their home office and participate in trainings such as Consulting 101, Enterprise Networks, Cloud Security and more. Our leaders provide hands-on offensive, defensive, and frameworks boot camps. 

Mental Health Services: SRA has partnered with BetterHelp to provide SRA employees with free mental health support. BetterHelp connects individuals with licensed therapists for chat, video, and phone sessions. 

Medical / Dental / Other (regular full-time employees only) 

• Generous medical, dental, and vision benefits at different price points. 
• Company-paid disability and life insurance. 
• Company 401(k) plan including annual 3% safe harbor contribution. 
• Free patient advocacy service that helps find care providers and resolve insurance queries. 
• Free on-site wellness programming covering both emotional and physical wellness. 
• Generous parental leave, sick leave, and vacation policies. 
• Option to work remotely or with a flexible schedule when needed. 
• Company-paid cell phone with discounted accessories. 
• 1-2-3 Give Program: 1. SRA will give $1,000 to a charity of your choice. 2. If you give an additional amount (up to $1,000), then 3. SRA will match that amount up to $1,000. 

(Subject to change)