Job responsibilities
- Collaborate with other Assessments & Exercises team members to conduct testing and simulations – such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations, and contribute to the development and refinement of assessment methodologies to ensure alignment with industry standards and regulatory requirements
- Partner with subject matter experts to evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation
- Develop comprehensive assessment reports, including detailed findings, risk assessments, and remediation recommendations, and effectively communicate these insights to relevant stakeholders as you contribute to decisions that yield continuous improvement
- Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to enhance the firm's assessment strategy
Required qualifications, capabilities, and skills
- 3+ years of experience in cybersecurity or resiliency, with a focus on offensive security testing, assessments, or simulation exercises
- Direct ‘fingers on keyboard’ experience conductingmanualpenetration testing and vulnerability assessments
- Expertise in common cybersecurity threats and technology resiliency risks pertaining to the US financial services sector
- Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with a focus on recommendations for enhancements or remediation.
- Experience working in a public cloud environment (e.g. AWS, GCP or Azure)
- Ability to manually conduct a penetration test
- Proficient in coding in one of more languages (e.g. Python, Bash, Java, C++, PowerShell…)
- Overall knowledge of the Software Development Life Cycle
- Strong understanding of infrastructure/cloud architecture and security testing approaches.
- Proficiency in at least two security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework), offensive testing tools, or resiliency testing equivalents
- Demonstrated collaboration, communication (written and verbal), and executive reporting skills, with the ability to work effectively with cross-functional teams and convey complex cybersecurity concepts and recommendations to diverse stakeholders
- Willingness to travel up to 20%
Preferred qualifications, capabilities, and skills
- Hold relevant industry certifications – such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Offensive Security Certified Professional (OSCP) – showcasing advanced expertise in cybersecurity and offensive testing methodologies or resiliency