Location: Multiple Locations - NY, Boston, DC, Dallas, LA, San Fran
This Senior Consultant will be part of a part of a cross-functional Security Advisory team that assists our clients in addressing and managing a wide variety of Security, Risk, Compliance, and Governance challenges in a consultative and collaborative manner. Typical client engagements include focus on Security Architecture, Risk Assessment, Cloud Security, Data Protection, Compliance, and other areas of transformative cybersecurity program enhancement. The ideal candidate will have professional services and GRC experience.
The responsibilities of this position include but are not limited to the following:
Functioning as a senior consulting resource on various Cybersecurity client engagements.
Evaluate client security programs, technologies, controls, and business environments.
Recommend and develop enhancements to client Cybersecurity programs, including focus on technologies, processes, and controls.
Analyze existing client security programs; conducting comprehensive reviews of threats; evaluating and analyzing relevant data points.
Engage in client Security Architecture assessments, regulatory compliance initiatives, and information security program reviews.
Assist with developing Information Security Plans and Policies, including those for Incident Response, customized to client requirements and risk profile.
Coordinate with Stroz Friedberg security specialists, incident response handlers, digital forensic experts, network engineers, system engineers and Web application engineers to explore and report on specific security risk issues in depth.
Provide recommendations on solutions to help clients manage information security risk.
Assess IT network and security architectures as they relate to managing identity and access privileges, delegated administration models, workflow and access control models.
Produce and present deliverables for client consulting engagements.
Track emerging security practices and contribute to building internal processes.
Essential Job Functions
This position requires handling multiple engagements with overlapping deadlines. A demonstrated ability to produce high-quality deliverables on a various types of information security consulting projects is critical.
Expert level technical skills in some of the following areas:
Business process governance, compliance, and enterprise risk management.
Knowledge of BYOD and Mobile Device Management concepts.
Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.).
Knowledge of industry standard frameworks – NIST, ISO, HIPAA, PCI.
Passion for creating high quality deliverables, tools, and automating processes.
Knowledge and/or experience with network architecture, including network security.
Knowledge and/or experience with Active Directory security, including scans, best practices and security configuration.
Knowledge and/or experience with Application Security controls including design, dynamic scans, static code analysis.
Knowledge and/or Identity and access management (I&AM) experience with Active Directory, NTFS permissions, LDAP and Single Sign On (SSO) solutions.
Application and database security experience, including code reviews is helpful.
Network and security engineering experience, including log and network traffic capture analysis.
Experience with system hardening procedures for Windows, Linux, Unix is helpful.
Security operations experience with firewalls, IDS/IPS, SEIM platforms.
Knowledge of programming and scripting for development of security tools and industry frameworks is helpful.
Knowledge of TCP/IP Protocols, network analysis and network/security applications.
Knowledge and/or experience with Nmap, Nessus, Nexpose, Qualys, Burp, Kali, Metasploit, Meterpreter, Wireshark, Kismet, Aircrack-ng is helpful.
The ideal candidate would have 5+ years in information security consulting, risk management, compliance, security engineering, and / or other related areas. The position requires a strong, diverse technical and risk-oriented background and truly exceptional oral and written communications skills. The candidate must demonstrate proven success in working in a team as well as independently and exhibit follow-through to understand root causes of issues. This position calls for an individual who exhibits thoughtful introspection but is also able to assess a broad spectrum of issues. A collaborative approach is a must, as well as the ability to effectively communicate with a wide range of technical and non-technical personnel. Finally, personal flexibility and the ability to travel globally is required.
3+ years of IT security, consulting, engineering, or risk management.
Experience performing security and risk assessment work.
Excellent written and verbal communication skills.
Client facing consulting experience is a plus.
IT security certifications (CISM, CISSP, OSCP, OSCE, GIAC) are a plus.
Bachelors Degree in computer science or information technology, or a related field. Masters degree in information/computer science or a technology-related field preferred.
Stroz Friedberg is part of Aon Cyber Solutions – a group that brings together cyber experts across Aon’s business units to help clients manage the financial and technical aspects of cyber risk holistically. As one of the largest brokers of cyber insurance in the world, Aon is a leader in risk quantification and transfer services. Stroz Friedberg offers the ability to react to cybersecurity inciden...ts, proactively assess digital risk, and remediate technical vulnerabilities. Together, Aon Cyber Solutions is uniquely positioned in the market to provide a comprehensive set of services to assess, test, improve, quantify, transfer, and respond to cyber risks.
Stroz Friedberg, acquired by Aon in 2016, is a specialized risk management firm built to help clients solve the complex challenges prevalent in today’s digital, connected, and regulated business world. Our focus is on cybersecurity, with leading experts in digital forensics, incident response, proactive security, investigations, intellectual property, and eDiscovery. Our aim is to guide businesses through the maze of complexities found at the intersection of law, technology, investigations, compliance, and security. We seek truth—uncovering facts and evidence ethically—to help organizations address their most significant risk issues. Sometimes we are called in after an incident to perform an investigation, while other times we help clients assess how prepared and protected they are from threats. Our clients call us, and we are at our best, when the stakes are high and the potential for damage is great. At Stroz Friedberg, we are united by a common goal—to maximize the health of an organization, ensuring its longevity, protection, and resilience.