Careers

There has never been a better time to begin a career in cybersecurity! The demand for cybersecurity services is growing fast and you can be a part of it. Joining the Security Risk Advisors team means:

LEVELING UP

Continuously learning new skills and technologies

GREAT CULTURE

Our team is close-knit and our facilities are designed for collaboration, hosting industry groups and our own fun events

MOVING FAST

Career advancement based on your accomplishments

Assessments

+- Senior Red Team Consultant

Security Risk Advisors is looking for senior Red Team Consultants to join our Technical Assessments team. Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding.  Our Red Team Consultants support our clients by performing red team operations, penetration testing services and purple team simulations. We encourage research and innovation projects and offer all consultants free outside training each year. We work with a wide variety of clients and across all industry sectors with a focus on Fortune 50 and Fortune 500 organizations.

Core Responsibilities:

  • Red Teams: Conduct stealthy, flag-based red team engagements
  • Purple Teams: Take the role of a red team operator and conduct open-book exam style attack simulations and track actual progress with our VECTR™ toolset to strengthen our clients defenses against real attackers.
  • Penetration Testing: Assess internal and external networks for common and custom security flaws that can lead to widespread access to sensitive systems and data
  • Web and Mobile Assessments: dynamic web and mobile application security testing
  • Tactical Assessments: social engineering, spear phishing, physical break-ins, product security assessments, industrial control systems, architecture reviews
  • Documentation: document evidence of work in reports and status updates
  • Research and Innovation: use knowledge gained to conduct research initiatives with the purpose of improving our services and giving back to the community

 

Requirements:

  • 3-7 years previous professional information security consulting experience
  • Plan and execute adversary simulation engagements such as penetration testing, physical security assessments, red team experience including web application, network, wireless, and mobile hacking
  • Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed
  • Excellent technical skills, impeccable soft skills, and are well-organized, self-directed individuals with familiarity working for a service-based information security consultancy
  • Strong written and verbal skills to effectively communicate successes and obstacles with team members and leads
  • Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership and legal counsel
  • Willingness to travel 20-40% depending on assignments and specializations

 

Exceeding Basic Requirements:

  • Bachelor’s degree Information Technology, IT Security, Computer Science, Computer Engineering or equivalent subject matter
  • Knowledge of programming or scripting languages, such as C#/.NET, C++, Python, PowerShell, Bash
  • Willingness to travel internationally and domestically on a more frequent basis
  • Involvement in public community contributions (blogs, conference presentations, public tool development)

 

About SRA:

Security Risk Advisors is a fast growing 100+ person company delivering state-of-the-art cyber security consulting services to market-leading organizations in the Financial Services, Healthcare, Pharmaceutical, Technology, Industrial and Consumer Products industries. Security Risk Advisors maintains a fast-paced and innovative culture that focuses exclusively on engagements that solve the emerging needs of our clients. Our environment fosters the continuous professional development necessary to remain at the top of our game.

Threat Management

+- Threat Management Consultant

The Consultant position will be part of Security Risk Advisors’ Threat Management Practice which is comprised of Advisory and Engineering services. This role will be involved in the advisory and engineering activities of the group. Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding for both our clients and our team. This is an outstanding opportunity to work with a wide variety of tool sets and across various well-known client organizations.

Responsibilities:

·        Apply Threat Management’s services across multiple client engagements focusing on capabilities such as Incident Response (IR), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), Network Traffic Analysis, Security Information and Event Management (SIEM), Enterprise Security Architecture and Perimeter Management, as well as Email and Cloud Security

·        Collaborate with team members to assist with the design and implementation of security strategy and architecture across platforms for clients.

·        Conduct requirements gathering, analysis, and assist in the development of security strategy for clients.

·        Work effectively as part of a team to deliver projects.

·        Implement/engineer and advise on multiple information security control set categories and vendor products, including but not limited to FireEye,  Splunk, LogRythm, Exabeam, Intel/McAfee, RSA, IBM, Symantec, Tanium, CarbonBlack, CrowdStrike, and Palo Alto.

·        Thoroughly document work in formal reports and present findings to management suitable for executives, IT, and Cyber Security stakeholder consumption.

·        Remain current on information security and emerging threat trends, tools and methodologies.

·        Attend conferences and training as required to maintain proficiency.

·        Protect organization’s value by keeping information confidential.

Requirements:

·        Previous professional information security consulting experience a plus.

·        1+ years of experience with enterprise level security networking and incident response.

·        Knowledge of the following: Incident Response, DLP, EDR, Network Detection & Forensics, SIEM, Network Architecture and Firewall Management.

·        Strong organization skills with attention to detail.

·        Interest in taking the initiative for personal growth and development.

·        Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.

·        Strong written and verbal communication skills with a high level of professionalism.

·        Bachelor’s degree in Information Systems, Information Security or Computer Engineering or equivalent subject matter.

·        Willingness to travel.

Skills and Qualifications:

Consulting, Creative Problem Solving, Attention to Detail, Coordination, Reporting, Team Work, Highly Motivated, Writing, Decision Making, Analyzing Information, Information Security Policies

GRC & Strategy

+- Senior Cybersecurity Risk Consultant

Security Risk Advisors is looking for a Senior Cybersecurity Risk Consultant.  This role will focus on a wide-range of technical, strategy, and compliance concepts which span both Governance, Risk, and Compliance (GRC) and Threat Management (TM) practice areas. Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding for both our clients and our team. This is an outstanding opportunity to maintain high visibility while working across various well-known client organizations.

Responsibilities:

·       Team with client representatives to define program objectives, design processes, and configure security tools to enable clients to address cybersecurity risks.

·       Interact effectively with technical and non-technical groups within client environments

·       Conduct requirements gathering, analysis, and assist in the development of security strategy for clients.

·       Lead cybersecurity risk and maturity assessments against industry frameworks including NIST and ISO27001

·       Implement/engineer and advise on multiple information security control set categories and vendor products, including but not limited to Incident Response, DLP, EDR, Network Detection & Forensics, SIEM, Network Architecture and Firewall Management

·       Evaluate risk based on industry and regulatory requirements (such as HIPAA, GBLA, GDPR, FAIR)

·       Perform technical audits of system configurations against industry benchmarks (CIS, STIG)

·       Work closely with, and mentor consultants while advising clients and creating client deliverables

·       Lead client workshops to scope projects and drive discussion of complex topics

·       Draft reports and client deliverables with minimal oversight

·       Keep abreast of information security principles, policies, standards and guidelines

·       Understand the role of information security across multiple industries

·       Protect organization’s value by keeping information confidential

·       Remain current on information security and emerging threat trends, tools and methodologies.

Requirements:

·       Demonstrated self-learner, keep pace with IT Security and Compliance news and industry developments

·       4+ years of related experience with at least 3 years of experience from a national public accounting or consulting firm

·       Ability to manage projects from start to finish

·       Strong written and verbal communication skills with a high level of professionalism

·       Excellent interpersonal skills with the ability to effectively lead team meetings

·       Ability to work effectively with a team, yet function well with independent responsibilities

·       Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed

·       Bachelor’s degree in IT, MIS, Computer Science, or related field preferred

·       Willingness to travel, estimated 30%

Preferred:

·       Cybersecurity certifications (e.g., CISSP, CISA, CISM)

·       1+ years of experience with enterprise level security networking and incident response.

·       1+ years of Incident Response, DLP, EDR, Network Detection & Forensics, SIEM, Network Architecture and Firewall Management

·       Experience with risk management frameworks and best practice in the private sector

Skills and Qualifications:

Attention to Detail, Coordination, Report Writing, Technical Management, Strategic Planning, Team Work, Highly Motivated, Writing, Decision Making, Analyzing Information, Innovative Thinking

About SRA:
Security Risk Advisors is an 120+ person fast-growing cybersecurity consulting company.  Our clients are concentrated in the Fortune 1000 and Global 1000.  We have a fast-paced, agile and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients.  Our environment fosters the continuous professional development necessary to remain at the top of our game. We are a Philadelphia-based company and our team members maintain flexible hours through a combination of work from home and reasonable travel.

CyberSOC

+- 3rd Shift Information Security Operations Consultant

The Information Security Operations Consultant position will be specific to morning watch (12 AM to 9 AM) and part of Security Risk Advisors’ CyberSOC Team. This role will be involved in the day-to-day, 24×7, operations of the SOC. This is an outstanding opportunity to work with a wide variety of tool sets and various client organizations.

Responsibilities:

  • Eyes on glass security monitoring for threats.
  • Respond to alerts, investigate to determine if they are true positive or false positive.
  • Use the latest security monitoring technologies to detect malware and hackers.
  • Use Security Information Event Management tools (SIEM), Endpoint Detection & Response tools (EDR), and Network Security Monitoring tools (NSM) such as FireEye, Fidelis, Splunk, Intel/McAfee, RSA, IBM, Symantec, Resilient, Cybereason, Tanium, CarbonBlack, Bro and Snort.
  • Thoroughly document work and present findings to management suitable for customer consumption.
  • Attend conferences and training as required to maintain proficiency.
  • Protect organization’s value by keeping information confidential.

 

Requirements:

  • 1-3 years of professional experience, campus applicants are welcome.
  • Strong organization skills with attention to detail.
  • A demonstrated passion for technology.
  • Work effectively as part of a team, yet function well with independent responsibilities.
  • Experience or coursework around incident investigation and forensics, information security and computer networking.
  • Interest in taking the initiative for personal growth and development.
  • Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.
  • Strong written and verbal communication skills with a high level of professionalism.
  • Bachelor’s degree in Computer Engineering Technology or equivalent subject matter.
  • Willingness to travel.
  • Ability to work non-core hours including weekends and night shifts.

 

Skills and Qualifications:

Creative Problem Solving, Attention to Detail, Coordination, Reporting, Team Work, Highly Motivated, Writing, Decision Making, Analyzing Information.

 

About SRA:

Security Risk Advisors is a fast growing 100+ person company delivering state-of-the-art cyber security consulting services to market-leading organizations in the Financial Services, Healthcare, Pharmaceutical, Technology, Industrial and Consumer Products industries. Security Risk Advisors maintains a fast-paced and innovative culture that focuses exclusively on engagements that solve the emerging needs of our clients. Our environment fosters the continuous professional development necessary to remain at the top of our game.

+- Project Manager

Security Risk Advisors is looking for a Project Manager to join our CyberSOC team. This role coordinates the delivery of various services and projects for a wide variety of clients across all industry sectors with a focus on Fortune 50 and Fortune 500 organizations. From project kick-offs through team communications and timeline updates, you’ll drive the success of the CyberSOC and the security defense of our clients. We encourage research and innovation projects and offer all employees free outside training each year.

Responsibilities

  • Works directly with two to four clients leading various projects simultaneously.
  • Coordinates and manages SOC internal projects and processes.
  • Organizes and conducts project team meetings and other meetings as needed.
  • Maintains communication between internal resources as well as clients, escalating issues to Team Lead(s) when necessary.
  • Understands the holistic view of the client’s business and cybersecurity needs.
  • Collaboratively manages client and SRA expectations for project scope including ensuring clients and team members participation in essential\reoccurring meetings.
  • Proactively identifies project risks and resource scheduling challenges, works with Team Leads to remediate.
  • Identification and facilitation of potential opportunities.
  • Generate and deliver daily, weekly, monthly operations and engineering reports to clients.
  • Prepare progress reports to inform clients of the project status and any deviation from goals.
  • Identify, track, monitor, and communicate both project-related and day-to-day operational issues, scope changes, variances, and contingencies that may arise. Facilitates solutions with the appropriate Team Lead(s).
  • Perform necessary project close out processes depending on the client’s needs such as transitioning support to operations

Requirements

  • Advanced written and verbal communication skills with a high level of professionalism.
  • 2-4 years of professional project management experience
  • Familiarity with various computer productivity tools such as MS Office Suite, SharePoint, and Outlook.
  • Excellent organization skills with attention to detail.
  • Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.

Nice To Have

  • Holds Project Management related certifications (CAPM, CPMP, Project+) or is working towards PMP
  • Consulting experience and/or a background in either IT or cybersecurity

Skills and Qualifications:

Creative Problem Solving, Scheduling, Quality Management, Attention to Detail, Coordination, Reporting, Technical Management, Strategic Planning, Supervision, Team Work, Highly Motivated, Writing, Decision Making, Analyzing Information

Benefits

About SRA:

Security Risk Advisors is a fast growing 130+ person company delivering state-of-the-art cyber security consulting services to market-leading organizations in the Financial Services, Healthcare, Pharmaceutical, Technology, Industrial and Consumer Products industries. Security Risk Advisors maintains a fast-paced and innovative culture that focuses exclusively on engagements that solve the emerging needs of our clients. Our environment fosters the continuous professional development necessary to remain at the top of our game.

To find out more about us, please visit our website at: https://securityriskadvisors.com

Operations

Co-Ops and Internships