Careers

There has never been a better time to begin a career in cybersecurity! The demand for cybersecurity services is growing fast and you can be a part of it. Joining the Security Risk Advisors team means:

LEVELING UP

Continuously learning new skills and technologies

GREAT CULTURE

Our team is close-knit and our facilities are designed for collaboration, hosting industry groups and our own fun events

MOVING FAST

Career advancement based on your accomplishments

Assessments

+- Senior Red Team Consultant

Security Risk Advisors is looking for senior Red Team Consultants to join our Technical Assessments team. Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding.  Our Red Team Consultants support our clients by performing red team operations, penetration testing services and purple team simulations. We encourage research and innovation projects and offer all consultants free outside training each year. We work with a wide variety of clients and across all industry sectors with a focus on Fortune 50 and Fortune 500 organizations.

Core Responsibilities:

  • Red Teams: Conduct stealthy, flag-based red team engagements
  • Purple Teams: Take the role of a red team operator and conduct open-book exam style attack simulations and track actual progress with our VECTR™ toolset to strengthen our clients defenses against real attackers.
  • Penetration Testing: Assess internal and external networks for common and custom security flaws that can lead to widespread access to sensitive systems and data
  • Web and Mobile Assessments: dynamic web and mobile application security testing
  • Tactical Assessments: social engineering, spear phishing, physical break-ins, product security assessments, industrial control systems, architecture reviews
  • Documentation: document evidence of work in reports and status updates
  • Research and Innovation: use knowledge gained to conduct research initiatives with the purpose of improving our services and giving back to the community

 

Requirements:

  • 3-7 years previous professional information security consulting experience
  • Plan and execute adversary simulation engagements such as penetration testing, physical security assessments, red team experience including web application, network, wireless, and mobile hacking
  • Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed
  • Excellent technical skills, impeccable soft skills, and are well-organized, self-directed individuals with familiarity working for a service-based information security consultancy
  • Strong written and verbal skills to effectively communicate successes and obstacles with team members and leads
  • Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership and legal counsel
  • Willingness to travel 20-40% depending on assignments and specializations

 

Exceeding Basic Requirements:

  • Bachelor’s degree Information Technology, IT Security, Computer Science, Computer Engineering or equivalent subject matter
  • Knowledge of programming or scripting languages, such as C#/.NET, C++, Python, PowerShell, Bash
  • Willingness to travel internationally and domestically on a more frequent basis
  • Involvement in public community contributions (blogs, conference presentations, public tool development)

 

About SRA:

Security Risk Advisors is a fast growing 100+ person company delivering state-of-the-art cyber security consulting services to market-leading organizations in the Financial Services, Healthcare, Pharmaceutical, Technology, Industrial and Consumer Products industries. Security Risk Advisors maintains a fast-paced and innovative culture that focuses exclusively on engagements that solve the emerging needs of our clients. Our environment fosters the continuous professional development necessary to remain at the top of our game.

Threat Management

GRC

+- Experienced Cybersecurity Risk Consultant

Security Risk Advisors is looking for an experienced GRC Consultant to join our GRC & Strategy practice.  This role will primarily focus on the compliance component of our GRC team but have opportunity to work with our clients in developing governance programs and deploying GRC tools (i.e. – Archer, ServiceNow). Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding for both our clients and our team. This is an outstanding opportunity to work across various well-known client organizations.

Responsibilities:
• Team with client representatives to define program objectives and design processes such as compliance assessment, risk identification, and issue management
• Perform cybersecurity audits and risk assessments against industry frameworks include PCI DSS, ISO27001, NIST CSF, and FedRAMP
• Execute third party risk assessments on behalf of clients
• Develop process flow diagrams, reports, metrics and presentations as needed
• Work closely with other consultants in advising clients and creating client deliverables
• Participate in client workshops to scope projects and drive discussion of complex topics
• Keep abreast of information security principles, policies, standards and guidelines
• Develop a baseline understanding of the role of information security across multiple industries
• Protect organization’s value by keeping information confidential

Requirements:
• 1+ years of experience from a national public accounting or consulting firm
• Cybersecurity certifications (e.g., CISSP, CISA) preferred
• Experience with risk management frameworks and best practice in the private sector
• Demonstrated self-learner, keep pace with IT Security and Compliance news and industry developments
• Strong written and verbal communication skills with a high level of professionalism
• Excellent interpersonal skills with the ability to effectively lead team meetings
• Ability to work effectively with a team, yet function well with independent responsibilities
• Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed
• Bachelor’s degree in Accounting, Finance, IT or related field preferred
• Willingness to travel, estimated 30%

Skills and Qualifications:
Attention to Detail, Coordination, Reporting, Technical Management, Strategic Planning, Team Work, Highly Motivated, Writing, Decision Making, Analyzing Information

About SRA:

Security Risk Advisors is a fast growing 100+ person company delivering state-of-the-art cyber security consulting services to market-leading organizations in the Financial Services, Healthcare, Pharmaceutical, Technology, Industrial and Consumer Products industries. Security Risk Advisors maintains a fast-paced and innovative culture that focuses exclusively on engagements that solve the emerging needs of our clients. Our environment fosters the continuous professional development necessary to remain at the top of our game.

CyberSOC

+- 3rd Shift Information Security Operations Consultant

The Information Security Operations Consultant position will be specific to morning watch (12 AM to 9 AM) and part of Security Risk Advisors’ CyberSOC Team. This role will be involved in the day-to-day, 24×7, operations of the SOC. This is an outstanding opportunity to work with a wide variety of tool sets and various client organizations.

Responsibilities:

  • Eyes on glass security monitoring for threats.
  • Respond to alerts, investigate to determine if they are true positive or false positive.
  • Use the latest security monitoring technologies to detect malware and hackers.
  • Use Security Information Event Management tools (SIEM), Endpoint Detection & Response tools (EDR), and Network Security Monitoring tools (NSM) such as FireEye, Fidelis, Splunk, Intel/McAfee, RSA, IBM, Symantec, Resilient, Cybereason, Tanium, CarbonBlack, Bro and Snort.
  • Thoroughly document work and present findings to management suitable for customer consumption.
  • Attend conferences and training as required to maintain proficiency.
  • Protect organization’s value by keeping information confidential.

 

Requirements:

  • 1-3 years of professional experience, campus applicants are welcome.
  • Strong organization skills with attention to detail.
  • A demonstrated passion for technology.
  • Work effectively as part of a team, yet function well with independent responsibilities.
  • Experience or coursework around incident investigation and forensics, information security and computer networking.
  • Interest in taking the initiative for personal growth and development.
  • Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.
  • Strong written and verbal communication skills with a high level of professionalism.
  • Bachelor’s degree in Computer Engineering Technology or equivalent subject matter.
  • Willingness to travel.
  • Ability to work non-core hours including weekends and night shifts.

 

Skills and Qualifications:

Creative Problem Solving, Attention to Detail, Coordination, Reporting, Team Work, Highly Motivated, Writing, Decision Making, Analyzing Information.

 

About SRA:

Security Risk Advisors is a fast growing 100+ person company delivering state-of-the-art cyber security consulting services to market-leading organizations in the Financial Services, Healthcare, Pharmaceutical, Technology, Industrial and Consumer Products industries. Security Risk Advisors maintains a fast-paced and innovative culture that focuses exclusively on engagements that solve the emerging needs of our clients. Our environment fosters the continuous professional development necessary to remain at the top of our game.

Operations

Co-Ops and Internships

+- Spring 2019 Co-Op and Internship Opportunities

Please complete an application to be considered for a summer internship with Security Risk Advisors. We also look for students who are willing to take a semester off to complete a full time co-op with us.

Service Lines include Technical Assessments, Threat Management, CyberSOC and Governance, Risk & Compliance.