Join our dedicated team in a role where your expertise in risk assessments and cybersecurity exercises propels forward our mission of safeguarding our operations and enhancing resiliency. This position offers the unique opportunity to shape our security posture and contribute to our continuous improvement in an environment that values innovation and teamwork.
As an Assessments & Exercises Senior Associate within our Cybersecurity & Tech Controls team, you will help enhance the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Collaborate with the team to design and execute risk-driven tests and simulations. Evaluate preventative controls, incident response processes, and detection capabilities. Your ability to make informed decisions and foster continuous improvement will allow you to contribute to the achievement of the team's operational goals and the mitigation of cyber and resiliency risks.
Job responsibilities
• Design and execute testing and simulations – such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations, and contribute to the development and refinement of assessment methodologies, tools, and frameworks to ensure alignment with the firm’s strategy and compliance with regulatory requirements
• Evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation
• Collaborate closely with cross-functional teams to develop comprehensive assessment reports – including detailed findings, risk assessments, and remediation recommendations – making data-driven decisions that encourage continuous improvement
• Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to enhance the firm's assessment strategy and risk management. Engage with peers and industry groups that share threat intelligence analytics
Required qualifications, capabilities, and skills
• Bachelor’s Degree in Computer Science or related disciplines
• 3+ years of experience in conducting manual penetration tests against a wide variety of applications and technologies including web, mobile and thick clients, internal and external facing infrastructures, cloud, with a focus on reducing the perimeter attack surface
• Foundational knowledge of cybersecurity organization practices, operations, risk management processes, principles, architectural requirements, engineering and threats and vulnerabilities, including incident response methodologies
• Ability to identify systemic security or resiliency issues as they relate to threats, vulnerabilities, or risks, with a focus on recommendations for enhancements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework), offensive testing tools, or resiliency testing equivalents
• Excellent communication, collaboration, and report writing skills, with the ability to influence and engage stakeholders across various functions and levels
Preferred qualifications, capabilities, and skills
• Proficiency in security concepts for both Windows and Unix-like Operating Systems
• Experience in source code review and/or building software with multiple programming languages (i.e. Python, Java, Rust, etc.)
• Experience in reverse engineering standalone, thick client and mobile applications
• Certifications like OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, BSCP
To apply for this position, please use the following URL:
https://ars2.equest.com/?response_id=44ba188c6a253b5fdf66313b87cdec14
