Sr. Technical Consultant, Red Team

This position offers the opportunity to become a member of an established and growing security consulting organization. You can take your career to the next level being part of this elite team.

We are looking for you to join our team as a Sr Technical Consultant to remotely perform security engagements such as gap assessments, risk assessments, tabletop exercises, CISO services, business impact assessments, reporting, and policy writing that identify weaknesses within customer environments. You should love working with people and sharing your knowledge with your peers and be knowledgeable in infrastructure and security. The ideal candidate demonstrates eagerness and flexibility across various tasks and technologies to help drive high quality security testing for our customers.

Additionally, candidates which are able to perform red team activities such as penetration testing and application security testing are preferred.

Our customers may be new to the solutions we offer or have an already mature security program. This role requires collaboration with our partners, sales, solution architecture peers, the project management office, and other CDI professional services organizations to achieve customer success.

Our fast-paced environment is full of creative thinkers and doers, who collaborate to get ideas off the ground. We’re looking for consultants who think big and thrive within high-energy culture.

Our consultants can perform a variety of tasks based on the individual needs of our clients and our internal business priorities, including but not limited to:

• Independently implement gap assessments, risk assessments, tabletop exercises, CISO services, business impact assessments, reporting, and policy writing in customer environments.
• Regularly communicate with customers during security engagements.
• Be a multiplier by assisting other Technical Consultants within the Red Team.
• Strong writing and communication skills required.
• Experience with and understanding of enterprise environments.
• Provide technical and strategic recommendations to address issues uncovered in the assessment process with mappings to findings and industry standards.
• Maintain competence in security technology and stay abreast of trending threats and attack vectors.
• Maintain and continuously develop security relevant training and certifications as they align to customer product and service offerings.
• Occasionally assist in presales efforts.
• Assist marketing in continuing to promote Red Team services and knowledge.
• Other duties as assigned or requested.

The following approaches are necessary:

• Planning: Thinking about solutions holistically, foreseeing possible problems, and envisioning how security solutions will be completed in a high-quality manner while staying within the allotted time.
• Deadline Driven: Willing to work the time required to adequately complete tasks in full.
• Thorough: Conducting each assessment with the goal of testing as much of the customer infrastructure per the agreed upon scope.
• Best Practices: Using official documentation, reliable online resources/books, and personal experience. Staying updated and educated to the development industry is a must.
• Organization and general record keeping: Folder and file organization, date versioning, individual record keeping including time entry, habit of keeping credentials and important details in a safe place and accessible from anywhere.

• Relevant Security/Networking certifications required (OCSP, CEH, CISSP, CSSLP)
• 7+ year of demonstrable information security experience
• Experience with various security applications and technology required (firewall, IDS/IPS, antivirus, application whitelisting, vulnerability scanner, e-mail security, etc.)
• Experience with cloud security preferred (Office365, Azure, AWS)
• Knowledge of NIST, CIS, HIPAA, CMMC and other regulations/frameworks required

The desired candidate is versatile and possesses technical skillsets from the multiple discipline areas of our professional services practice areas. Candidates will be considered who do not meet all criteria so long as they possess curiosity and the drive for continuous learning, and innovation in technology.

• Soft Skills
  1. Ability to engage customers, partners, and fellow employees in a manner that is honest, respectful, and clear.
  2. Professionalism with written and verbal communication with a strong focus on customer service.
  3. Ability to context switch frequently.
  4. Ability to prioritize work and meet deadlines under minimal supervision.
  5. Self-motivated with the willingness to constantly learn and innovate.
  6. Comfort with working in a fast-paced and innovative environment, with dedication to seeking the success of customers and the CDI team.
• Cyber Security
  1. In-depth understanding of:
     • information security practices and procedures
     • common security vulnerabilities and vulnerability management practices
     • common attacker playbooks and techniques
     • mapping findings to frameworks such as NIST, CIS, HIPAA, CMMC, and other assigned frameworks
     • assessing and measuring risk using established risk frameworks
     • common software development lifecycle techniques and technologies are a plus
     • common vCISO tasks such as creating or improving an information security program, updating organizational policies, reporting updates to executive teams, and other common duties
     • challenges faced by mature security programs and solutions to remediate
  2. Ability to:
     • conduct gap assessments which align with common frameworks such as NIST, CIS, HIPAA, and CMMC
     • design, write, and edit information security policies
     • provide vCISO services to customers ranging from new to very mature information security programs
     • think outside of the box to thoroughly test customer environments
     • communicate clearly to both technical and non-technical audiences, risks, threats, and vulnerabilities identified during assessments
• Infrastructure
  1. Strong understanding of:
     • common infrastructure design and implementation
     • operating systems such as Linux, Windows, and Mac

Supervisory Responsibilities: None

Expenses: Yes

Required Driving: N/A to daily functions. Some travel for team events, and in-person customer meetings is expected.

Physical/Environmental Working Conditions:

• General office environment is primarily sedentary work which requires the following physical activities: standing, sitting, walking, reaching, lifting, finger dexterity, grasping, repetitive motions, talking, hearing, and visual acuity.
• Daily exposure to LCD.
• A moderate noise level is usual.

This description portrays in general terms the type and levels of work performed and is not intended to be all-inclusive or represent specific duties of any one individual. Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time.

Compensation:

$100,000.00 - $180,000.00 USD Annual