Careers

There has never been a better time to begin a career in cybersecurity! The demand for cybersecurity services is growing fast and you can be a part of it. Joining the Security Risk Advisors team means:

LEVELING UP

Continuously learning new skills and technologies

GREAT CULTURE

Our team is close-knit and our facilities are designed for collaboration, hosting industry groups and our own fun events

MOVING FAST

Career advancement based on your accomplishments

Assessments

+- Ethical Hacker Consultant

This position will be part of Security Risk Advisors’ Ethical hacking team. Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding. We work with a wide variety of toolsets and across all industry sectors with a focus on Fortune 50 and Fortune 500 organizations.

Core Responsibilities:

  • Red Teams: adaptive, flag-based red team engagements designed to demonstrate the impact of a dedicated, persistent attacker
  • Purple Teams: the “open-book” approach to penetration testing, working side-by-side with our internal and client blue teams to strengthen defense against real attackers.
  • Web and Mobile Assessments: dynamic web and mobile application security testing
  • Penetration Testing: assess internal and external networks for common and custom security flaws that can lead to widespread access to sensitive systems and data
  • Tactical Assessments: social engineering, spear phishing, physical break-ins, product security assessments, industrial control systems, architecture reviews
  • Documentation: document evidence of work in reports and status updates
  • Research and Innovation: use knowledge gained to conduct research initiatives with the purpose of improving our services and giving back to the community

 

Environment

  • All Consultants attend security conferences and training to up your skillsets as you learn your tradecraft
  • You will work side-by-side with other highly-skilled operators in a collaborative environment

 

Requirements:

  • 0-3 years previous professional information security consulting experience
  • Some hands-on (lab or experience) penetration testing or red team experience including web application, network, wireless, and mobile hacking
  • Strong organization skills with attention to detail
  • Interest in taking the initiative for personal growth and development
  • Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed
  • Strong written and verbal communication skills with a high level of professionalism
  • Bachelor’s degree Information Technology, IT Security, Computer Science, Computer Engineering or equivalent subject matter
  • Willingness to travel 30-50% depending on assignments and specializations

 

About SRA:

Security Risk Advisors is a 90+ person fast-growing cybersecurity consulting company.  Our clients are concentrated in the Fortune 1000 and Global 1000.  We have a fast-paced, agile and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients.  Our environment fosters the continuous professional development necessary to remain at the top of our game. We are a Philadelphia-based company and our team members maintain flexible hours through a combination of work from home and reasonable travel.

+- Ethical Hacker Senior Consultant

This position will be part of Security Risk Advisors’ Ethical hacking team. Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding. We work with a wide variety of toolsets and across all industry sectors with a focus on Fortune 50 and Fortune 500 organizations.

Core Responsibilities:

• Red Teams: adaptive, flag-based red team engagements designed to demonstrate the impact of a dedicated, persistent attacker
• Purple Teams: the “open-book” approach to penetration testing, working side-by-side with our internal and client blue teams to strengthen defense against real attackers.
• Web and Mobile Assessments: dynamic web and mobile application security testing
• Penetration Testing: assess internal and external networks for common and custom security flaws that can lead to widespread access to sensitive systems and data
• Tactical Assessments: social engineering, spear phishing, physical break-ins, product security assessments, industrial control systems, architecture reviews
• Documentation: document evidence of work in reports and status updates
• Research and Innovation: use knowledge gained to conduct research initiatives with the purpose of improving our services and giving back to the community

 

Environment

• All Consultants attend security conferences and training to up your skillsets as you continue to hone your tradecraft
• You will work side-by-side with other highly-skilled operators in a collaborative environment

 

Requirements:

• 3+ years of previous professional information security consulting experience
• Extensive hands-on penetration testing or red team experience including web applications, network, wireless, and mobile hacking
• Strong time management and organization skills with attention to detail
• Ability to lead a team and execute technical security assessments with confidence
• Interest in taking the initiative for personal growth and development as well as mentoring novice consultants
• Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed
• Strong written and verbal communication skills with a high level of professionalism and technical prowess
• Able to lead meetings and describe technical topics to an executive audience
• Bachelor’s degree Information Technology, IT Security, Computer Science, Computer Engineering or equivalent subject matter
• Willingness to travel 30-50% depending on assignments and specializations
• OSCP or similar certification is a plus, but not a requirement
• Passion for staying on the cutting edge within the IT security industry

About SRA:
Security Risk Advisors is a 100+ person fast-growing cybersecurity consulting company.  Our clients are concentrated in the Fortune 1000 and Global 1000.  We have a fast-paced, agile and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients.  Our environment fosters the continuous professional development necessary to remain at the top of our game. We are a Philadelphia-based company and our team members maintain flexible hours through a combination of work from home and reasonable travel.

Threat Management

+- Manager, Threat Management

The Manager position is a part of Security Risk Advisors’ Threat Management practice which provides Advisory and Engineering security consulting services. Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding for both our clients and our team. This is an outstanding opportunity to work across various well-known client organizations.

 

Responsibilities:

·        Apply Threat Management’s services across multiple client engagements involving Incident Response, Data Protection, Endpoint Detection and Response, Network Security Monitoring & Architecture, SIEM, Forensics, Antivirus & Exploit Mitigation, Cloud Security, Threat Intelligence, and Email Defense.

·        Architect, engineer and audit client environments and controls to ensure the protection of critical infrastructure, assets and resources.

·        Assist with drafting proposals, Statement of Work contracts, and change orders for Threat Management services.

·        Provide leadership, strategic direction, coaching and mentorship to Threat Management teams across multiple and simultaneous projects.

·        Assist with project staffing, scheduling and monitoring of project budgets.

·        Thoroughly document project milestones, deliverables and status at cadence.

·        Draft formal reports as well as present findings to senior-level client stakeholders.

·        Manage 2-3 direct reports, including performing quarterly reviews and providing constant coaching and feedback.

·        Assist with the recruiting activities such as resume reviews, career fair representation and conducting interviews for co-ops, interns and campus hire full time positions.

·        Provide internal training (including onboarding) in areas of expertise and assist with service delivery development.

·        Remain current on the information security landscape and emerging threat trends, tools and methodologies.

·        Attend conferences and training as required to maintain proficiency and offer knowledge share sessions for other teams.

·        Actively engage with the Information Security community by attending conferences and developing/presenting thought-leadership perspectives as a guest speaker.

Requirements:

·        5+ years of professional information security consulting experience.

·        10+ years of experience within information technology.

·        Broad SME-level experience across multiple information security control set categories and vendor products, including but not limited to: FireEye, Fidelis, Splunk, Intel/McAfee, RSA, IBM, Symantec, Resilient, Cybereason, Tanium, Bit9/CarbonBlack, Palo Alto, Bro and Snort.

·        Strong organizational skills with high attention to detail.

·        Strong drive towards taking initiative for personal growth and development.

·        Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.

·        Exceptional written and verbal communication skills with a high level of professionalism.

·        Bachelor’s degree in Computer Engineering Technology or equivalent subject matter.

·        Willingness to travel.

 

Skills and Qualifications:

Consulting, Creative Problem Solving, Attention to Detail, Coordination, Reporting, Team Work, Coaching, Highly Motivated, Writing, Decision Making, Analyzing Information, Information Security Policies, Scheduling, Strategic Planning

 

About SRA:

Security Risk Advisors is an 80+ person fast-growing cybersecurity consulting company.  Our clients are concentrated in the Fortune 1000 and Global 1000.  We have a fast-paced, agile and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients.  Our environment fosters the continuous professional development necessary to remain at the top of our game. We are a Philadelphia-based company and our team members maintain flexible hours through a combination of work from home and reasonable travel.

+- Threat Management Consultant

The Consultant position will be part of Security Risk Advisors’ Threat Management Practice which is comprised of Advisory and Engineering services. This role will be involved in the advisory and engineering activities of the group. Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding for both our clients and our team. This is an outstanding opportunity to work with a wide variety of tool sets and across various well-known client organizations.

Responsibilities:

·       Apply Threat Management’s services across multiple client engagements involving Incident Response (IR), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), Network Traffic Analysis, Security Information and Event Management (SIEM), Enterprise Security Architecture and Perimeter Management. 

·        Collaborate with team members to assist with the design and implementation of security strategy and architecture across platforms for clients.

·        Conduct requirements gathering, analysis, and assist in the development of security strategy for clients.

·        Work effectively as part of a team to deliver projects.

·        Implement/engineer and advise on multiple information security control set categories and vendor products, including but not limited to FireEye, Fidelis, Splunk, Intel/McAfee, RSA, IBM, Symantec, Tanium, CarbonBlack, CrowdStrike, Palo Alto, Bro and Snort.

·        Thoroughly document work in formal reports and present findings to management suitable for client/stakeholder consumption.

·        Remain current on information security and emerging threat trends, tools and methodologies.

·        Attend conferences and training as required to maintain proficiency.

·        Protect organization’s value by keeping information confidential.

Requirements:

·        Previous professional information security consulting experience a plus.

·        1+ years of experience with enterprise level security networking and incident response.

·        Knowledge of the following: Incident Response, DLP, EDR, Network Detection & Forensics, SIEM, Network Architecture and Firewall Management.

·        Strong organization skills with attention to detail.

·        Interest in taking the initiative for personal growth and development.

·        Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.

·        Strong written and verbal communication skills with a high level of professionalism.

·        Bachelor’s degree in Information Systems, Information Security or Computer Engineering or equivalent subject matter.

·        Willingness to travel.

Skills and Qualifications:

Consulting, Creative Problem Solving, Attention to Detail, Coordination, Reporting, Team Work, , Highly Motivated, Writing, Decision Making, Analyzing Information, Information Security Policies

 

About SRA:

Security Risk Advisors is an 80+ person fast-growing cybersecurity consulting company.  Our clients are concentrated in the Fortune 1000 and Global 1000.  We have a fast-paced, agile and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients.  Our environment fosters the continuous professional development necessary to remain at the top of our game. We are a Philadelphia-based company and our team members maintain flexible hours through a combination of work from home and reasonable travel.

GRC

+- Senior Cybersecurity Risk Analyst

Security Risk Advisors is looking for a Senior GRC Consultant to join our GRC & Strategy practice.  This role will primarily focus on the compliance component of our GRC team but have opportunity to work with our clients in developing governance programs and deploying GRC tools (i.e. – Archer, ServiceNow). Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding for both our clients and our team. This is an outstanding opportunity to work across various well-known client organizations.

Responsibilities:
• Team with client representatives to define program objectives and design processes such as compliance assessment, risk identification, and issue management
• Lead cybersecurity audits and risk assessments against industry frameworks include PCI DSS, ISO27001, NIST CSF, and FedRAMP
• Design and execute third party risk assessments on behalf of clients
• Develop process flow diagrams, reports, metrics and presentations as needed
• Work closely with other consultants in advising clients and creating client deliverables
• Lead client workshops to scope projects and drive discussion of complex topics
• Assist in coaching and providing feedback to Junior Consultants on the team
• Keep abreast of information security principles, policies, standards and guidelines
• Develop a baseline understanding of the role of information security across multiple industries
• Protect organization’s value by keeping information confidential

Requirements:
• 5+ years of experience from a national public accounting or consulting firm
• Qualified Security Assessor (QSA) preferred
• CISSP preferred
• Experience with risk management frameworks and best practice in the private sector
• Demonstrated self-learner, keep pace with IT Security and Compliance news and industry developments
• Strong written and verbal communication skills with a high level of professionalism
• Excellent interpersonal skills with the ability to effectively lead team meetings
• Ability to work effectively with a team, yet function well with independent responsibilities
• Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed
• Bachelor’s degree in Accounting, Finance, IT or related field preferred
• Willingness to travel, estimated 30%

Skills and Qualifications:
Attention to Detail, Coordination, Reporting, Technical Management, Strategic Planning, Team Work, Highly Motivated, Writing, Decision Making, Analyzing Information

About SRA:
Security Risk Advisors is an 80+ person fast-growing cybersecurity consulting company.  Our clients are concentrated in the Fortune 1000 and Global 1000.  We have a fast-paced, agile and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients.  Our environment fosters the continuous professional development necessary to remain at the top of our game. We are a Philadelphia-based company and our team members maintain flexible hours through a combination of work from home and reasonable travel.

+- Experienced Cybersecurity Risk Analyst

Security Risk Advisors is looking for an experienced GRC Consultant to join our GRC & Strategy practice.  This role will primarily focus on the compliance component of our GRC team but have opportunity to work with our clients in developing governance programs and deploying GRC tools (i.e. – Archer, ServiceNow). Our style of consulting is dynamic, innovative, fast-paced, and highly rewarding for both our clients and our team. This is an outstanding opportunity to work across various well-known client organizations.

Responsibilities:
• Team with client representatives to define program objectives and design processes such as compliance assessment, risk identification, and issue management
• Perform cybersecurity audits and risk assessments against industry frameworks include PCI DSS, ISO27001, NIST CSF, and FedRAMP
• Execute third party risk assessments on behalf of clients
• Develop process flow diagrams, reports, metrics and presentations as needed
• Work closely with other consultants in advising clients and creating client deliverables
• Participate in client workshops to scope projects and drive discussion of complex topics
• Keep abreast of information security principles, policies, standards and guidelines
• Develop a baseline understanding of the role of information security across multiple industries
• Protect organization’s value by keeping information confidential

Requirements:
• 1+ years of experience from a national public accounting or consulting firm
• Cybersecurity certifications (e.g., CISSP, CISA) preferred
• Experience with risk management frameworks and best practice in the private sector
• Demonstrated self-learner, keep pace with IT Security and Compliance news and industry developments
• Strong written and verbal communication skills with a high level of professionalism
• Excellent interpersonal skills with the ability to effectively lead team meetings
• Ability to work effectively with a team, yet function well with independent responsibilities
• Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed
• Bachelor’s degree in Accounting, Finance, IT or related field preferred
• Willingness to travel, estimated 30%

Skills and Qualifications:
Attention to Detail, Coordination, Reporting, Technical Management, Strategic Planning, Team Work, Highly Motivated, Writing, Decision Making, Analyzing Information

About SRA:
Security Risk Advisors is an 80+ person fast-growing cybersecurity consulting company.  Our clients are concentrated in the Fortune 1000 and Global 1000.  We have a fast-paced, agile and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients.  Our environment fosters the continuous professional development necessary to remain at the top of our game. We are a Philadelphia-based company and our team members maintain flexible hours through a combination of work from home and reasonable travel.

CyberSOC

+- 3rd Shift Information Security Operations Consultant

The Information Security Operations Consultant position will be specific to morning watch (12 AM to 9 AM) and part of Security Risk Advisors’ CyberSOC Team. This role will be involved in the day-to-day, 24×7, operations of the SOC. This is an outstanding opportunity to work with a wide variety of tool sets and various client organizations.

Responsibilities:

  • Eyes on glass security monitoring for threats.
  • Respond to alerts, investigate to determine if they are true positive or false positive.
  • Use the latest security monitoring technologies to detect malware and hackers.
  • Use Security Information Event Management tools (SIEM), Endpoint Detection & Response tools (EDR), and Network Security Monitoring tools (NSM) such as FireEye, Fidelis, Splunk, Intel/McAfee, RSA, IBM, Symantec, Resilient, Cybereason, Tanium, Resolution1, CarbonBlack, Bro and Snort.
  • Thoroughly document work and present findings to management suitable for customer consumption.
  • Attend conferences and training as required to maintain proficiency.
  • Protect organization’s value by keeping information confidential.

 

Requirements:

  • 1-3 years of professional experience, campus applicants are welcome.
  • Strong organization skills with attention to detail.
  • A demonstrated passion for technology.
  • Work effectively as part of a team, yet function well with independent responsibilities.
  • Experience or coursework around incident investigation and forensics, information security and computer networking.
  • Interest in taking the initiative for personal growth and development.
  • Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.
  • Strong written and verbal communication skills with a high level of professionalism.
  • Bachelor’s degree in Computer Engineering Technology or equivalent subject matter.
  • Willingness to travel.
  • Ability to work non-core hours including weekends and night shifts.

 

Skills and Qualifications:

Creative Problem Solving, Attention to Detail, Coordination, Reporting, Team Work, Highly Motivated, Writing, Decision Making, Analyzing Information.

 

About SRA:
Security Risk Advisors is an 80+ person fast-growing cybersecurity consulting company.  Our clients are concentrated in the Fortune 1000 and Global 1000.  We have a fast-paced, agile and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients.  Our environment fosters the continuous professional development necessary to remain at the top of our game. We are a Philadelphia-based company and our team members maintain flexible hours through a combination of work from home and reasonable travel.

Operations

+- IT Support Lead

Summary/Objective
Security Risk Advisors, Inc. (SRA) is looking for an Information Technology Support Lead to provide IT expertise in deploying and supporting employee systems both on-site and remotely, and lead the IT Support function within SRA.  The IT Support Lead will collaborate with other team members to provide timely solutions to user problems, provide information and recommendations regarding configurations and installations, and develop strategies for improving IT processes company-wide.

Essential Functions
– Provide front-line technical support and education to on-site and remote employees by diagnosing and resolving software, hardware, mobile application and telephone system issues.
– Respond proactively to production issues (e.g. user needs, software and hardware updates, networked hardware installation). Follow up with internal customers to ensure their systems are functional.
– Set up new employees with the correct access to systems and equipment.
– Report user feedback and potential product requests.
– Help create technical documentation, manuals, and procedures.
– Guide users with simple, step-by-step instructions.
– Work with vendors to troubleshoot issues or to analyze new products.
– Configure and install new computers using standard software image and packages. Migrate existing users from old to new hardware.
– Move/Add/Change Activities, maintaining accounts for end users as directed by documented procedures and policies, software installs, and various IT requests.
– Work primarily on-site at SRA’s Philadelphia office.

Preferred Skills/Knowledge
– Office 365 Administration
– VMWare and VMWare ESX
– Amazon AWS
– Windows Group Policy
– Windows and Linux platform administration
– Networking equipment including routers, switches and firewalls
– Basic Active Directory management and Azure AD management experience
– Managing others as part of a team
Qualifications
– A bachelor’s degree in Information Technology or similar field of study, or significant Information Technology training and experience.
– A passion for learning about IT systems and equipment.
– Enjoys working with others and teaching people to use IT systems and equipment.
– Excellent verbal and written communication skills.
– Ability to prioritize and manage multiple tasks concurrently.
– Excellent organizational skills.
Supervisory Responsibility
The IT Support Lead will have at least one direct report.

Co-Ops and Internships

+- Co-Op & Internship Opportunities

Thank you for your interest in Security Risk Advisors. At this time, we are not accepting applications for Co-Ops and Internships. Please check back in late August for Spring 2019 opportunities available.