Careers

There has never been a better time to begin a career in cybersecurity! The demand for cybersecurity services is growing fast and you can be a part of it. Joining the Security Risk Advisors team means:

LEVELING UP

Continuously learning new skills and technologies

GREAT CULTURE

Our team is close-knit and our facilities are designed for collaboration, hosting industry groups and our own fun events

MOVING FAST

Career advancement based on your accomplishments

Assessments

+- Senior Red Team Consultant

Security Risk Advisors is looking for senior Red Team Consultants to join our Technical Assessments team. Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding.  Our Red Team Consultants support our clients by performing red team operations, penetration testing services and purple team simulations. We encourage research and innovation projects and offer all consultants free outside training each year. We work with a wide variety of clients and across all industry sectors with a focus on Fortune 50 and Fortune 500 organizations.

Core Responsibilities:

  • Red Teams: Conduct stealthy, flag-based red team engagements
  • Purple Teams: Take the role of a red team operator and conduct open-book exam style attack simulations and track actual progress with our VECTR™ toolset to strengthen our clients defenses against real attackers.
  • Penetration Testing: Assess internal and external networks for common and custom security flaws that can lead to widespread access to sensitive systems and data
  • Web and Mobile Assessments: dynamic web and mobile application security testing
  • Tactical Assessments: social engineering, spear phishing, physical break-ins, product security assessments, industrial control systems, architecture reviews
  • Documentation: document evidence of work in reports and status updates
  • Research and Innovation: use knowledge gained to conduct research initiatives with the purpose of improving our services and giving back to the community

 

Requirements:

  • 3-7 years previous professional information security consulting experience
  • Plan and execute adversary simulation engagements such as penetration testing, physical security assessments, red team experience including web application, network, wireless, and mobile hacking
  • Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed
  • Excellent technical skills, impeccable soft skills, and are well-organized, self-directed individuals with familiarity working for a service-based information security consultancy
  • Strong written and verbal skills to effectively communicate successes and obstacles with team members and leads
  • Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership and legal counsel
  • Willingness to travel 20-40% depending on assignments and specializations

 

Exceeding Basic Requirements:

  • Bachelor’s degree Information Technology, IT Security, Computer Science, Computer Engineering or equivalent subject matter
  • Knowledge of programming or scripting languages, such as C#/.NET, C++, Python, PowerShell, Bash
  • Willingness to travel internationally and domestically on a more frequent basis
  • Involvement in public community contributions (blogs, conference presentations, public tool development)

 

About SRA:

Security Risk Advisors is a fast growing 100+ person company delivering state-of-the-art cyber security consulting services to market-leading organizations in the Financial Services, Healthcare, Pharmaceutical, Technology, Industrial and Consumer Products industries. Security Risk Advisors maintains a fast-paced and innovative culture that focuses exclusively on engagements that solve the emerging needs of our clients. Our environment fosters the continuous professional development necessary to remain at the top of our game.

Threat Management

+- Manager, Threat Management

The Manager position is a part of Security Risk Advisors’ Threat Management practice which provides Advisory and Engineering security consulting services. Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding for both our clients and our team. This is an outstanding opportunity to work across various well-known client organizations.

 

Responsibilities:

·        Apply Threat Management’s services across multiple client engagements involving Incident Response, Data Protection, Endpoint Detection and Response, Network Security Monitoring & Architecture, SIEM, Forensics, Antivirus & Exploit Mitigation, Cloud Security, Threat Intelligence, and Email Defense.

·        Architect, engineer and audit client environments and controls to ensure the protection of critical infrastructure, assets and resources.

·        Assist with drafting proposals, Statement of Work contracts, and change orders for Threat Management services.

·        Provide leadership, strategic direction, coaching and mentorship to Threat Management teams across multiple and simultaneous projects.

·        Assist with project staffing, scheduling and monitoring of project budgets.

·        Thoroughly document project milestones, deliverables and status at cadence.

·        Draft formal reports as well as present findings to senior-level client stakeholders.

·        Manage 2-3 direct reports, including performing quarterly reviews and providing constant coaching and feedback.

·        Assist with the recruiting activities such as resume reviews, career fair representation and conducting interviews for co-ops, interns and campus hire full time positions.

·        Provide internal training (including onboarding) in areas of expertise and assist with service delivery development.

·        Remain current on the information security landscape and emerging threat trends, tools and methodologies.

·        Attend conferences and training as required to maintain proficiency and offer knowledge share sessions for other teams.

·        Actively engage with the Information Security community by attending conferences and developing/presenting thought-leadership perspectives as a guest speaker.

Requirements:

·        5+ years of professional information security consulting experience.

·        10+ years of experience within information technology.

·        Broad SME-level experience across multiple information security control set categories and vendor products, including but not limited to: FireEye, Fidelis, Splunk, Intel/McAfee, RSA, IBM, Symantec, Resilient, Cybereason, Tanium, Bit9/CarbonBlack, Palo Alto, Bro and Snort.

·        Strong organizational skills with high attention to detail.

·        Strong drive towards taking initiative for personal growth and development.

·        Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.

·        Exceptional written and verbal communication skills with a high level of professionalism.

·        Bachelor’s degree in Computer Engineering Technology or equivalent subject matter.

·        Willingness to travel.

 

Skills and Qualifications:

Consulting, Creative Problem Solving, Attention to Detail, Coordination, Reporting, Team Work, Coaching, Highly Motivated, Writing, Decision Making, Analyzing Information, Information Security Policies, Scheduling, Strategic Planning

 

About SRA:

Security Risk Advisors is an 80+ person fast-growing cybersecurity consulting company.  Our clients are concentrated in the Fortune 1000 and Global 1000.  We have a fast-paced, agile and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients.  Our environment fosters the continuous professional development necessary to remain at the top of our game. We are a Philadelphia-based company and our team members maintain flexible hours through a combination of work from home and reasonable travel.

+- Threat Management Consultant

The Consultant position will be part of Security Risk Advisors’ Threat Management Practice which is comprised of Advisory and Engineering services. This role will be involved in the advisory and engineering activities of the group. Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding for both our clients and our team. This is an outstanding opportunity to work with a wide variety of tool sets and across various well-known client organizations.

Responsibilities:

·       Apply Threat Management’s services across multiple client engagements involving Incident Response (IR), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), Network Traffic Analysis, Security Information and Event Management (SIEM), Enterprise Security Architecture and Perimeter Management. 

·        Collaborate with team members to assist with the design and implementation of security strategy and architecture across platforms for clients.

·        Conduct requirements gathering, analysis, and assist in the development of security strategy for clients.

·        Work effectively as part of a team to deliver projects.

·        Implement/engineer and advise on multiple information security control set categories and vendor products, including but not limited to FireEye, Fidelis, Splunk, Intel/McAfee, RSA, IBM, Symantec, Tanium, CarbonBlack, CrowdStrike, Palo Alto, Bro and Snort.

·        Thoroughly document work in formal reports and present findings to management suitable for client/stakeholder consumption.

·        Remain current on information security and emerging threat trends, tools and methodologies.

·        Attend conferences and training as required to maintain proficiency.

·        Protect organization’s value by keeping information confidential.

Requirements:

·        Previous professional information security consulting experience a plus.

·        1+ years of experience with enterprise level security networking and incident response.

·        Knowledge of the following: Incident Response, DLP, EDR, Network Detection & Forensics, SIEM, Network Architecture and Firewall Management.

·        Strong organization skills with attention to detail.

·        Interest in taking the initiative for personal growth and development.

·        Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.

·        Strong written and verbal communication skills with a high level of professionalism.

·        Bachelor’s degree in Information Systems, Information Security or Computer Engineering or equivalent subject matter.

·        Willingness to travel.

Skills and Qualifications:

Consulting, Creative Problem Solving, Attention to Detail, Coordination, Reporting, Team Work, , Highly Motivated, Writing, Decision Making, Analyzing Information, Information Security Policies

 

About SRA:

Security Risk Advisors is an 80+ person fast-growing cybersecurity consulting company.  Our clients are concentrated in the Fortune 1000 and Global 1000.  We have a fast-paced, agile and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients.  Our environment fosters the continuous professional development necessary to remain at the top of our game. We are a Philadelphia-based company and our team members maintain flexible hours through a combination of work from home and reasonable travel.

GRC

+- Experienced Cybersecurity Risk Consultant

Security Risk Advisors is looking for an experienced GRC Consultant to join our GRC & Strategy practice.  This role will primarily focus on the compliance component of our GRC team but have opportunity to work with our clients in developing governance programs and deploying GRC tools (i.e. – Archer, ServiceNow). Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding for both our clients and our team. This is an outstanding opportunity to work across various well-known client organizations.

Responsibilities:
• Team with client representatives to define program objectives and design processes such as compliance assessment, risk identification, and issue management
• Perform cybersecurity audits and risk assessments against industry frameworks include PCI DSS, ISO27001, NIST CSF, and FedRAMP
• Execute third party risk assessments on behalf of clients
• Develop process flow diagrams, reports, metrics and presentations as needed
• Work closely with other consultants in advising clients and creating client deliverables
• Participate in client workshops to scope projects and drive discussion of complex topics
• Keep abreast of information security principles, policies, standards and guidelines
• Develop a baseline understanding of the role of information security across multiple industries
• Protect organization’s value by keeping information confidential

Requirements:
• 1+ years of experience from a national public accounting or consulting firm
• Cybersecurity certifications (e.g., CISSP, CISA) preferred
• Experience with risk management frameworks and best practice in the private sector
• Demonstrated self-learner, keep pace with IT Security and Compliance news and industry developments
• Strong written and verbal communication skills with a high level of professionalism
• Excellent interpersonal skills with the ability to effectively lead team meetings
• Ability to work effectively with a team, yet function well with independent responsibilities
• Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed
• Bachelor’s degree in Accounting, Finance, IT or related field preferred
• Willingness to travel, estimated 30%

Skills and Qualifications:
Attention to Detail, Coordination, Reporting, Technical Management, Strategic Planning, Team Work, Highly Motivated, Writing, Decision Making, Analyzing Information

About SRA:
Security Risk Advisors is an 80+ person fast-growing cybersecurity consulting company.  Our clients are concentrated in the Fortune 1000 and Global 1000.  We have a fast-paced, agile and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients.  Our environment fosters the continuous professional development necessary to remain at the top of our game. We are a Philadelphia-based company and our team members maintain flexible hours through a combination of work from home and reasonable travel.

CyberSOC

+- 3rd Shift Information Security Operations Consultant

The Information Security Operations Consultant position will be specific to morning watch (12 AM to 9 AM) and part of Security Risk Advisors’ CyberSOC Team. This role will be involved in the day-to-day, 24×7, operations of the SOC. This is an outstanding opportunity to work with a wide variety of tool sets and various client organizations.

Responsibilities:

  • Eyes on glass security monitoring for threats.
  • Respond to alerts, investigate to determine if they are true positive or false positive.
  • Use the latest security monitoring technologies to detect malware and hackers.
  • Use Security Information Event Management tools (SIEM), Endpoint Detection & Response tools (EDR), and Network Security Monitoring tools (NSM) such as FireEye, Fidelis, Splunk, Intel/McAfee, RSA, IBM, Symantec, Resilient, Cybereason, Tanium, Resolution1, CarbonBlack, Bro and Snort.
  • Thoroughly document work and present findings to management suitable for customer consumption.
  • Attend conferences and training as required to maintain proficiency.
  • Protect organization’s value by keeping information confidential.

 

Requirements:

  • 1-3 years of professional experience, campus applicants are welcome.
  • Strong organization skills with attention to detail.
  • A demonstrated passion for technology.
  • Work effectively as part of a team, yet function well with independent responsibilities.
  • Experience or coursework around incident investigation and forensics, information security and computer networking.
  • Interest in taking the initiative for personal growth and development.
  • Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.
  • Strong written and verbal communication skills with a high level of professionalism.
  • Bachelor’s degree in Computer Engineering Technology or equivalent subject matter.
  • Willingness to travel.
  • Ability to work non-core hours including weekends and night shifts.

 

Skills and Qualifications:

Creative Problem Solving, Attention to Detail, Coordination, Reporting, Team Work, Highly Motivated, Writing, Decision Making, Analyzing Information.

 

About SRA:
Security Risk Advisors is an 80+ person fast-growing cybersecurity consulting company.  Our clients are concentrated in the Fortune 1000 and Global 1000.  We have a fast-paced, agile and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients.  Our environment fosters the continuous professional development necessary to remain at the top of our game. We are a Philadelphia-based company and our team members maintain flexible hours through a combination of work from home and reasonable travel.

Operations

Co-Ops and Internships

+- Spring 2019 Co-Op and Internship Opportunities

Please complete an application to be considered for a summer internship with Security Risk Advisors. We also look for students who are willing to take a semester off to complete a full time co-op with us.

Service Lines include Technical Assessments, Threat Management, CyberSOC and Governance, Risk & Compliance.