Job Description
This Security Consultant will be apart of the Third Party Cyber Security team with one of our financial clients, helping with incident response and vulnerability management. The consultant will need to write up reports based on a template which will go to executives. Additionally, this consultant will be conducting cybersecurity assessments on third-party suppliers.
Required Skills & Experience
* 5+ years of experience within Third Party Risk Management under Cyber Security and Incident Response
* Experience with third-party incident response management, reviewing vulnerability management and penetration testing and reports, familiarity with OWASP, and ability to identify both risks and root causes.
* Experience with tools such as BitSight, Risk Recon, Security Scorecard, Recorded Future, Threat Connect, Flashpoint, RSA Archer, Nessus, or Shodan
* Experience with conducting cybersecurity assessments on third-party suppliers using common industry frameworks, including NIST Cyber Security Framework (CSF), NIST 800-53, ISO 27001 and 27002, Payment Card Industry (PCI) Data Security Standard (DSS), CIS Top 18/20, or OWASP.
* Experience working with open source intelligence (OSINT) on third and fourth party suppliers for both reconnaissance and incident response
* Strong proficiency in Microsoft Excel, Word, and Outlook, working well independently, and closely tracking of tasks with frequent status updates
Nice to Have Skills & Experience
* Threat Intel experience
* Experience scripting, using APIs to aggregate information
* Coursework or Certification: GCIH, Ethical Hacker, CompTIA Security +, CISA, CISM, CRISC, CISSP, CTPRP, GOSI, SANS
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.