Find The Best Securities Consultant Jobs For You

Where do you want to work?

0 selections

Security AppCert Consultant

Verizon
Ashburn, VA
When you join Verizon

Verizon is a leading provider of technology, communications, information and entertainment products, transforming the way we connect across the globe. We're a diverse network of people driven by our ambition and united in our shared purpose to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward - and you can too. Dream it. Build it. Do it here.

What you'll be doing...

The Verizon Cyber Risk Programs (CRP) Security AppCert Consultant II, is an experienced resource who is assigned one or more clients and is expected to lead most client interactions and program delivery. A CRP-AppCert Security Consultant II is to provide the services (activities, tasks, reports, recommendations, guidance, consultation and deliverables) in accordance with the Verizon CRP service descriptions, SOW and/or contractual requirements. You will articulate and communicate assessment findings and recommendations in a clear and concise manner to the appropriate target audience which may include project managers, program managers, and technical points of contacts and/or external/internal management stakeholders.

+ Serve as primary point of contact and lead delivery Consultant and deliver the Cyber Risk Programs (CRP) and/or Application Security Certification program to external customers.

+ Regularly interface with external client technical POC's and internal stakeholders such as Project Managers, Principal Consultants and Delivery Managers.

+ Perform research on cyber security criteria, security systems, validation procedures and configure, schedule and perform vulnerability and a testing, threat analyses, and security checks.

+ Analyze discovery scan data and vulnerability data to determine unusual use configurations, discovery of aged software, end-of life software, patch management validation and proper identification of high, medium and low severity vulnerabilities.

+ Serve as primary lead in the preparation of preparing an external organization and determining eligibility for the Verizon Cyber Risk Programs Enterprise Certification program.

+ Lead the initiative by interfacing with the client, collecting the necessary artifacts, qualifying the artifacts, preparing the certification package and presenting the package to an internal Certification Review Board (CAB).

What we're looking for...

You'll need to have:

+ Bachelor's degree (in related field) or four or more years of work experience.

+ Four or more years of relevant work experience.

+ Four or more years of experience in Information Technology (IT), Computer Network Engineering, Application Security, Information Security/Assurance, Cyber Security, Risk Management.

+ Previous application assessment/auditing/penetration testing experience and Scripting/programming.

+ CISSP and at least one or more application specific certification such as GWAPT, OSWE, GWEB, GMOB, GXPN certification.

+ Willingness to travel.

+ Valid driver's license.

Even better if you have:

+ One or more of the following: E-CEH, E-CIH, ISACA CISM, CISA, CRISC, CCSP, CCSK, GSEC, GIAC, GPEN, CH.

+ Vendor specific platform certifications: Qualys, Tenable, Rapid 7, Digital Defense, Recorded Future, Firemon, Tuffin, ProofPoint, Burp Suite.

Equal Employment Opportunity

We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion (https://www.verizon.com/about/careers/work-culture) page to learn more.

REQNUMBER: 581083-1E
New
3d ago

Security AppCert Consultant

Verizon Communications
Ashburn, VA
When you join Verizon

Verizon is a leading provider of technology, communications, information and entertainment products, transforming the way we connect across the globe. We're a diverse network of people driven by our ambition and united in our shared purpose to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward - and you can too. Dream it. Build it. Do it here.

What you'll be doing...

The Verizon Cyber Risk Programs (CRP) Security AppCert Consultant II, is an experienced resource who is assigned one or more clients and is expected to lead most client interactions and program delivery. A CRP-AppCert Security Consultant II is to provide the services (activities, tasks, reports, recommendations, guidance, consultation and deliverables) in accordance with the Verizon CRP service descriptions, SOW and/or contractual requirements. You will articulate and communicate assessment findings and recommendations in a clear and concise manner to the appropriate target audience which may include project managers, program managers, and technical points of contacts and/or external/internal management stakeholders.

* Serve as primary point of contact and lead delivery Consultant and deliver the Cyber Risk Programs (CRP) and/or Application Security Certification program to external customers.
* Regularly interface with external client technical POC's and internal stakeholders such as Project Managers, Principal Consultants and Delivery Managers.
* Perform research on cyber security criteria, security systems, validation procedures and configure, schedule and perform vulnerability and a testing, threat analyses, and security checks.
* Analyze discovery scan data and vulnerability data to determine unusual use configurations, discovery of aged software, end-of life software, patch management validation and proper identification of high, medium and low severity vulnerabilities.
* Serve as primary lead in the preparation of preparing an external organization and determining eligibility for the Verizon Cyber Risk Programs Enterprise Certification program.
* Lead the initiative by interfacing with the client, collecting the necessary artifacts, qualifying the artifacts, preparing the certification package and presenting the package to an internal Certification Review Board (CAB).

What we're looking for...

You'll need to have:

* Bachelor's degree (in related field) or four or more years of work experience.
* Four or more years of relevant work experience.
* Four or more years of experience in Information Technology (IT), Computer Network Engineering, Application Security, Information Security/Assurance, Cyber Security, Risk Management.
* Previous application assessment/auditing/penetration testing experience and Scripting/programming.
* CISSP and at least one or more application specific certification such as GWAPT, OSWE, GWEB, GMOB, GXPN certification.
* Willingness to travel.
* Valid driver's license.

Even better if you have:

* One or more of the following: E-CEH, E-CIH, ISACA CISM, CISA, CRISC, CCSP, CCSK, GSEC, GIAC, GPEN, CH.
* Vendor specific platform certifications: Qualys, Tenable, Rapid 7, Digital Defense, Recorded Future, Firemon, Tuffin, ProofPoint, Burp Suite.

Equal Employment Opportunity

We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.
New
3d ago

Cloud Security Consultant

Amazon Web Services
Herndon, VA
Amazon Web Services is looking for Security, Risk, and Compliance consultants to help accelerate our growing Professional Services business. This position is for a highly technical Subject Matter Expert that can dive deep and work with customers to address the security, risk, and compliance needs of their AWS migrations.

Do you like helping U.S. Intelligence Community agencies implement innovative cloud computing solutions and solve technical problems? Would you like to do this using the latest cloud computing technologies? Do you have a knack for helping these groups understand application architectures and integration approaches, and the consultative and leadership skills to launch a project on a trajectory to success? Are you familiar with security best practices for applications, servers, and networks? Do you want to be part of the business development team helping to establish Amazon Web Services (AWS) as a leading technology platform?

This is an excellent opportunity to join Amazon's world class technical teams, working with some of the best and brightest engineers while also developing your skills and furthering your career within one of the most innovative and progressive technology companies.

Professional Services engage in a wide variety of projects for customers and partners, providing collective experience from across the AWS customer base and are obsessed about strong success for the Customer. Our team collaborates across the entire AWS organization to bring access to product and service teams, to get the right solution delivered and drive feature innovation based upon customer needs.
We are looking for someone who is passionate about:

· Be great fun to work with at AWS, we have a credo of "Work hard. Have fun. Make history." In this role, you will love what you do, and instinctively know how to make work fun. You will be dynamic and creative, and willing to take on any challenge and make a big impact.

· Enjoy working with Intelligence Community customers. You will have a passion for educating, training, designing, and building cloud solutions for a diverse and challenging set of Intelligence Community customers.

· Have a strong understanding of Security, Risk, and Compliance for large scale computing solutions. The ideal candidate will have past experience working as an Information Systems Security Engineer (ISSE) or Information System Security Officer (ISSO) for cloud deployments. You will enjoy keeping your existing technical skills honed and developing new ones, so you can make strong contributions to deep architecture discussions. You will regularly take part in deep-dive education and design exercises to create truly innovative solutions built on AWS.

Amazon aims to be the most customer centric company on earth. Amazon Web Services (AWS) provides a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers critical applications for hundreds of thousands of businesses in 190 countries around the world.

Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon's culture of inclusion is reinforced within our 14 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.

We're dedicated to supporting new team members. Our team has a broad mix of experience levels and Amazon tenures, and we're building an environment that celebrates knowledge sharing and mentorship.

Our team also puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren't focused on how many hours you spend at work or online. Instead, we're happy to offer a flexible schedule so you can have a more productive and well-balanced life-both in and outside of work.

This position requires that the candidate selected be a U.S. citizen and must currently possess an active Top Secret security clearance. The position further requires that, after start, the selected candidate obtain and maintain an active TS/SCI security clearance with polygraph and satisfy other security related requirements.

**Have questions? Someone to refer? Wish to apply? Contact Josh May directly, joshmy@amazon.com**

BASIC QUALIFICATIONS

· 5+ years of design/implementation/consulting experience with Security, Compliance, and Risk Management

· 3+ years of experience with US Government compliance and security standards, including NIST, FedRAMP, FISMA, ICD 503

· Technical degree or equivalent experience

· Current, active US Government Security Clearance of Top Secret or above

PREFERRED QUALIFICATIONS

· Deep understanding of Cloud Computing technologies and migration challenges

· Experience advising customers on cloud architectures and designs meeting US Government accreditation standards

· Experience implementing security controls, SCTMs

· Experience in technology/software sales consulting or equivalent skills

· Professional experience architecting/deploying/operating solutions built on AWS

· Experience migrating or transforming legacy customer solutions to the cloud

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, visit https://www.amazon.jobs/en/disability/us
Easy Apply
10d ago

Security Consultant, Incident Response

Microsoft Corporation
Reston, VA
Have your ever imagined working for a global company, having the opportunity to engage with diverse teams while being encouraged to bring the best of yourself to work every day. Are you also looking to join a team where you help our customers understand how to securely transform their business, where you receive cutting edge training and where you are empowered to make a difference? We are looking for enthusiastic people who can provide leadership and guidance to our customers and if you are up for the challenge, then why not apply to be part of the Microsoft Industry Solutions Security team?
**WHO WE ARE**

We are a global organization of over 13,000 strategic sellers, industry experts, elite engineers, and world-class architects, consultants, and delivery experts who work together to bring Microsoft's mission of empowerment - and cutting-edge technology - to life for the world's most influential customers. We are on the front lines of innovation, working side-by-side with customers to drive value across the entirety of their digital transformation journey. We passionately believe that everyone can grow and develop and has something unique they can bring to a team. We only succeed by sharing knowledge, experience and working as a 'One Microsoft' team.

**WHAT WE DO**

We provide technical leadership directly to our customers who are deploying, maintaining or innovating solutions that allows them to transform their business using the latest technology. We enable our customers to have the skills to deploy, secure, support and maintain their environment in line with Microsoft best practices. Our capabilities and insights offer experiences that empower and delight our customers.

**Responsibilities**

**WHAT WE NEED**

+ Follows capacity process outlined by Global Capacity Management team. Maintains tools with up-to-date skills and availability.

+ Participates in and/or may lead meetings with customers/partners to understand their business needs and/or scenario they are trying to solve. Uses business, technology, and industry strategies to define customer/partner requirements and constraints. Engages others appropriately to understand and define customer requirements.

+ Supports project planning and the development of project documents by defining the risks and dependencies. Communicates the business value of planned solutions to customers/ partners with direction/guidance. Implements mitigations on technical and business risks. Manages their schedule and communicates to project leads. Delivers against Work Breakdown Structure (WBS).

+ Implements technical solutions by completing assigned project tasks with defined quality standards and following Microsoft Services processes. May oversee aspects of implementation.

+ Proactively identifies issues and risks and engages with customers/partners or internal stakeholders (e.g., Project Managers) as appropriate to address and resolve issues.

+ Proactively manages relationships with customers/partners/stakeholders to identify and contribute to the drivers of satisfaction and dissatisfaction, determine the root cause, and establish recovery actions to improve experience.

**Qualifications**

**QUALIFICATIONS**

+ Bachelor's Degree in Computer Science, Engineering, or related field AND 1+ year(s) work experience in relevant area of business

OR equivalent experience

+ Ability to work both independently as well as collaborating in a fast-paced team environment where technology and customer requirements can change

Additional or Preferred Qualifications

+ Excellent oral and written communication skills

+ Proven knowledge of security fundamentals across Microsoft platforms (Client, Server, Cloud)

+ Microsoft Security Frameworks and Reference Architectures

+ Microsoft's Modern Enterprise Security Strategy, Zero Trust Architecture, Security Operations

+ Security Incident Management and Crisis Management

+ Working knowledge of Azure cloud services

+ Knowledge of any of the following:

+ Security Solutions and services such as: Threat Modelling, Sentinel, Securing Privileged Access, Credential Theft mitigations, Tiering modelling, Azure Security Center, Azure Log Analytics, Azure Defender, MCAS, DLOP, AIP, KQL, Playbooks

+ Understanding of malware and the modern threat landscape

+ Common Attack Vectors and tools such as: Pass the Hash, Golden Ticket or Ransomware

+ Debugging and Disassembly tools such as: IdaPro/HexRays, OllyDbg, WinDbg or experience debugging x86 and x64 assembly language

+ Windows internals and where trace evidence can be found

+ Packer and obfuscation techniques

+ Familiarity with Indicators of Compromise (IOCs), Indicators of Activity (IOAs) and attach Tools, Techniques and Procedures (TTPs), Log analytics and M365 Defender Advanced Analysis queries

+ Use of forensic analysis tools such as X-Ways Forensics, WinHex, Encase, FTK, etc and experience with various forensic log artefacts found in SIEM logs, web server logs, AV logs, protection logs such as HIDS and NIDS logs

+ Ability to perform static and dynamic analyses of suspect binaries without source or debug information

**One or more of the following certifications:**

+ Microsoft MTA Security Fundamentals

+ Comptia Security+ Microsoft MTA Networking Fundamentals

+ AZ900 Azure Fundamentals

+ SC900 Security Compliance and Identity Fundamentals

+ Security certifications such as SANS, CEH, etc (GCIH, CFGA, GREM)

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form (https://careers.microsoft.com/us/en/accommodationrequest) .

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
New
2d ago

Business Application Security Consultant

Fannie Mae Corp
Reston, VA
At Fannie Mae, futures are made. The inspiring work we do makes an affordable home a reality and a difference in the lives of Americans. Every day offers compelling opportunities to modernize the nation's housing finance system while being part of an inclusive team using new, emerging technologies. Here, you will help lead our industry forward, enhance your technical expertise, and make your career.
Job Description As a valued colleague on our team, you will provide direction for technology products and processes; assess enterprise functional needs and implement technology solutions to support; define strategic outlook; plan, direct, or coordinate operational activities of the unit THE IMPACT YOU WILL MAKE The Business Information Security - Technology Management - Senior Associate role will offer you the flexibility to make each day your own, while working alongside people who care so that you can deliver on the following responsibilities: * Determines functional technology needs of enterprise. * Coordinate the development, formulation, and implementation of new technology. * Identify appropriate resources to support projects and new initiatives. * Establish best practices and guidelines for existing or new technologies. Qualifications THE EXPERIENCE YOU BRING TO THE TEAM Minimum Required Experiences * 2 years Desired Experiences * Bachelor degree or equivalent Skills/Tools * Experience performing security assessments in a corporate environment and have and understanding public and private cloud infrastructure * Experience managing the security vulnerability lifecycle from detection through notification and closure whether through the determination of false positive, risk acceptance, or remediation * Experience in assessing mitigating controls when timely remediation is not feasible * Experience in analyzing false positives and validating the effectiveness of patches or remediation steps applied * Experience in analysis, documenting, and downgrading CVSSv3 criticality across Base, Temporal, and Environmental Score Metrics * Understanding of API and Service Mesh security assessment - specifically on common controls for API security (SSO, OAuth, Threat Protection) * Experience with scripting and automation (Python and Bash) * Evaluation and interpretation of build breaks and/or findings during CI/CD pipeline security checkpoints * Enable and empower developers to understand and triage CI/CD pipeline security checkpoints * Production experience with vulnerability scanning/assessment tools such as Tenable.sc, Nessus, Tenable.io, BeyondTrust, Qualys Guard, Inspector, and PrismaCloud/Twistlock Additional Information The future is what you make it to be. Discover compelling opportunities at Fanniemae.com/careers. Fannie Mae is an Equal Opportunity Employer, which means we are committed to fostering a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, religion, national origin, gender, gender identity, sexual orientation, personal appearance, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation in the application process, email us at careers_mailbox@fanniemae.com. REF6117E
New
2d ago

Security Consultant

Trustwave
Reston, VA
Trustwave Government Solutions is a leading provider of data security and compliance services to the U.S. Federal government. Our team of security experts, ethical hackers and researchers, enables our government partners to transform the way they manage their information security and compliance programs results to ensure each customer receives valuable outcomes at the best value. The agencies we work with benefit from our collaborative, innovative approach to meeting their unique needs. We listen carefully and respond nimbly. Our solutions combine industry best practices with customized technology to ensure quality and integrity.
As a Security Consultant, you will be responsible for:

* Conducting penetration tests against a variety of network and application targets.
* Developing tools and processes to automate and simplify penetration testing.
* Being part of a global team of penetration testers, sharing knowledge and methodologies.

Candidates should be well versed in all aspects of penetration testing, with an emphasis on active directory and internal networks. Consultants must be able to effectively balance workload and work effectively and closely with colleagues within the ever growing team worldwide.

Qualifications:

* Defined professional experience performing security testing of application and network targets; preferably some of that experience will be in a consulting environment.
* Knowledge of security in both Linux and Windows environments as it pertains to web application, middleware, database, and identify management platforms.
* One year Penetration testing experience
* Certifications such as OSCP are a preferred
* Understanding of Internet (HTTP, FTP, etc.) and network (SMB, TCP/IP, etc.) protocols
* Knowledge of modern web application technologies and architectures.
* Shell scripting or automation of simple tasks using Perl, Python or Ruby
* Internal and external network penetration testing
* Ability to maintain Secret clearance required.
* Active Secret Clearance and/or DHS Suitability strongly preferred.
* Travel 25 percent with potential to occasionally surge to 50 percent to support the mission.

Education:

We prefer college-educated applicants, but at minimum, high school diploma or equivalent is required for employment.

Per Federal government contracting requirements, candidate must be a US citizen, as well as potentially pass and maintain a National Agency Check with Local Agency and Credit Checks (NACLC).

Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.

To All Agencies:

Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave's policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.
40d ago

Cloud Security Consultant

Secureit
Reston, VA
About SecureIT: SecureIT provides full-spectrum cybersecurity and IT risk services to commercial organizations, government contractors, and the Federal Government. We perform independent assessments and audits, design and implement security solutions, and provide ongoing support to help our clients protect their information systems from cybersecurity threats.
Why you'll like it here:

* Work with diverse and technically challenging IT environments
* Thrive in a people-focused company culture
* Collaborate closely with SecureIT executives in managing relationships with clients and growing the security practice
* Bring positive energy to the company and make a meaningful impact on our success

Our organization is a culture of committed, smart, fun individuals, and we're always looking for more to join the team. We're a small organization, but we do big things that successfully impact the portfolio of commercial and federal clients that we serve. The experiences and skills that you currently possess, and the new ones that you will acquire as part of our team, will be invaluable as we continue to grow our business through a diverse array of projects. We are firmly committed to our employees, and we offer an excellent benefits package to ensure that you are well taken care of at SecureIT.

What you'll be doing:

* Assist Customers to Implement the FedRAMP Requirements and Prepare for Assessment
* Evaluate cloud based systems and determine system security authorization boundaries, categorizing systems for FIPS PUB 199, Privacy and e-Authorization determinations documenting results.
* Develop FedRAMP System Security Plan determining and documenting control implementation, control inheritance, tailoring, and other key information required for the FedRAMP System Security Plan (SSP).
* Identify gaps to customer and assist in remediation of gaps through development of policies, procedures, implementation of tools or processes.

What you'll bring to the table:

* At least 1 year of direct, hands on experience in either FedRAMP preparation or FedRAMP assessment.
* Experience with Amazon Web Services (AWS) either directly in security plan development or assessment or supporting customers to use AWS for their cloud solution in either SSP or assessment capacity
* Strong technical ability and understanding in cloud technologies (IaaS, PaaS, and SaaS)
* Experience conducting high quality security assessment of NIST SP 800-53 controls producing Security Assessment Reports with risk analysis.
* Strong written and verbal communication skills
* Effective organizational skills with ability to work in a team or individually on tasks
* Strong skills with MS Office suite (Word, Excel, PowerPoint)
60d+ ago

Associate Security Consultant

Kratos Defense & Security Solutions, Inc.
Chantilly, VA
Job Descriptions:

Do you take information technology (IT) and information security seriously and want to make a difference? Helping leading-edge technology companies secure their cloud environments is at the core of what we do and we make a difference.

As an Associate Security Consultant of Commercial Cybersecurity Services for Kratos, you will be supporting teams of professionals working to evaluate and secure innovative cloud computing solutions on the most advanced cloud and op-premises infrastructures in the world by providing security consulting services and performing security assessments.

You will gain an understanding of how to apply the principles of information security in a variety of circumstances and expertise translating security requirements into common technical implementations. Experience working across multiple compliance frameworks (FedRAMP, DOD SRG, CMMC, NIST, PCI, ISO, HIPAA, SOC, CJIS, etc.) is highly desirable.

Responsibilities:

+ Evaluate and/or develop portions of Security Authorization Packages that are compliant with FedRAMP and DOD requirements under the supervision of senior staff members. Package components include: System Security Plans, Contingency Plans, Configuration Management Plans, Incident Response Plans, Privacy Impact Assessments, Security Assessment Plans, and Security Assessment Reports.

+ Assist in the review and analysis of Security Authorization Packages for completeness and compliance with FedRAMP and DOD requirements.

+ Participate in client interviews to complete Security Authorization Packages and Security Assessments.

+ Ensure existing systems Security Authorization Packages remain up to date throughout the life cycle.

+ Provide review and analysis of vulnerability scan results from tools such as Nessus, Qualys, AppDetective, WebInspect, IBM AppScan, Burp Suite, etc.

+ Support customer engagements using a consultative advisor mindset.

+ Participate in diagnostic/discovery sessions to gain an understanding of security architecture and control implementations towards identify gaps and developing supporting documentation.

+ Support the documentation of security package deliverables including policies, procedures, SSP, etc.

+ Work with multiple stakeholders (internal and external) to assess and identify security compliance gaps and propose technical and operational remediation solutions.

+ Support technical and operational questions regarding control implementations.

+ Review current system security documentation and recommend remediation and enhancements.

+ Translate complex concepts and solutions into documents required for the certification (i.e. System Security Plan).

+ Collaborate effectively within dynamic teams and across multiple customer organizations with diverse personalities and expertise to drive to agreement on complex issues.

+ Continually seek to advance and update security and compliance knowledge and expertise.

Required Experience:

+ 1 to 2 years of experience with the requirements or responsibilities listed above is highly desirable, but not required.

+ A Bachelor's degree in IT, Computer Science, or a relevant discipline; will also consider relevant work experience.

+ Working towards one or more of the following certificates: CISSP, CEH, CAP, Security +, GSEC, or equivalent.

+ A basic understanding of networks, protocols, security configurations, cryptography, identity and access management, and the systems development life cycle.

+ The ability to translate technical materials and issues into non-technical/layman terms.

+ Basic experience with security tools such as Nessus, Qualys, Nexpose, etc.

+ Familiarity with NIST 800 series guidelines (800-30, 800-37, 800-53 and 53A, 800-60, 800-171 etc.) is desirable.

+ Excellent communication skills, both written and verbal with strong presentation skills.

+ Demonstrated skills in the entire Microsoft desktop suite (Word, Excel, PowerPoint, etc.).

+ A team player able to work well with others in a collaborative manner and is a self-starter.

+ Ability to travel 25%.

Keyword: Security Assessment, Security Audit, Compliance, Cloud Security, Cloud Computing, FedRAMP, 3PAO, FISMA, NIST 800-53, DOD SRG, DFARS, CMMC, C3PAO

From: Kratos Defense
60d+ ago

Associate Security Consultant

Kratos Defense and Security
Chantilly, VA
Do you take information technology (IT) and information security seriously and want to make a difference? Helping leading-edge technology companies secure their cloud environments is at the core of what we do and we make a difference.

As an Associate Security Consultant of Commercial Cybersecurity Services for Kratos, you will be supporting teams of professionals working to evaluate and secure innovative cloud computing solutions on the most advanced cloud and op-premises infrastructures in the world by providing security consulting services and performing security assessments.

You will gain an understanding of how to apply the principles of information security in a variety of circumstances and expertise translating security requirements into common technical implementations. Experience working across multiple compliance frameworks (FedRAMP, DOD SRG, CMMC, NIST, PCI, ISO, HIPAA, SOC, CJIS, etc.) is highly desirable.
Responsibilities:

* Evaluate and/or develop portions of Security Authorization Packages that are compliant with FedRAMP and DOD requirements under the supervision of senior staff members. Package components include: System Security Plans, Contingency Plans, Configuration Management Plans, Incident Response Plans, Privacy Impact Assessments, Security Assessment Plans, and Security Assessment Reports.
* Assist in the review and analysis of Security Authorization Packages for completeness and compliance with FedRAMP and DOD requirements.
* Participate in client interviews to complete Security Authorization Packages and Security Assessments.
* Ensure existing systems Security Authorization Packages remain up to date throughout the life cycle.
* Provide review and analysis of vulnerability scan results from tools such as Nessus, Qualys, AppDetective, WebInspect, IBM AppScan, Burp Suite, etc.
* Support customer engagements using a consultative advisor mindset.
* Participate in diagnostic/discovery sessions to gain an understanding of security architecture and control implementations towards identify gaps and developing supporting documentation.
* Support the documentation of security package deliverables including policies, procedures, SSP, etc.
* Work with multiple stakeholders (internal and external) to assess and identify security compliance gaps and propose technical and operational remediation solutions.
* Support technical and operational questions regarding control implementations.
* Review current system security documentation and recommend remediation and enhancements.
* Translate complex concepts and solutions into documents required for the certification (i.e. System Security Plan).
* Collaborate effectively within dynamic teams and across multiple customer organizations with diverse personalities and expertise to drive to agreement on complex issues.
* Continually seek to advance and update security and compliance knowledge and expertise.

Experience and Skills

* 1 to 2 years of experience with the requirements or responsibilities listed above is highly desirable, but not required.
* A Bachelor's degree in IT, Computer Science, or a relevant discipline; will also consider relevant work experience.
* Working towards one or more of the following certificates: CISSP, CEH, CAP, Security +, GSEC, or equivalent.
* A basic understanding of networks, protocols, security configurations, cryptography, identity and access management, and the systems development life cycle.
* The ability to translate technical materials and issues into non-technical/layman terms.
* Basic experience with security tools such as Nessus, Qualys, Nexpose, etc.
* Familiarity with NIST 800 series guidelines (800-30, 800-37, 800-53 and 53A, 800-60, 800-171 etc.) is desirable.
* Excellent communication skills, both written and verbal with strong presentation skills.
* Demonstrated skills in the entire Microsoft desktop suite (Word, Excel, PowerPoint, etc.).
* A team player able to work well with others in a collaborative manner and is a self-starter.
* Ability to travel 25%.
60d+ ago

Cyber Security Consultant

Deloitte
Reston, VA
Are you looking to elevate your cyber career? Your technical skills? Your opportunity for growth? Deloitte's Government and Public Services Cyber Practice (GPS Cyber Practice) is the place for you! Our GPS Cyber Practice helps organizations create a cyber minded culture and become stronger, faster, and more innovative. You will become part of a team that advises, implements, and manages solutions across five verticals: Strategy, Defense and Response; Identity; Infrastructure; Data; and Application Security. Our dynamic team offers opportunities to work with cutting-edge cyber security tools and grow both vertically and horizontally at an accelerated rate. Join our cyber team and elevate your career.
Work you'll do

+ Implement risk management programs for our federal clients by utilizing NIST, RMF, and FISMA compliance frameworks.

+ Enhance cyber awareness with clients and project teams.

+ Work alongside federal clients to help them mitigate risk with the use of continuous monitoring and incident response.

+ Establish security controls to ensure protection of client systems.

+ Implement cutting edge security tools for our federal clients.

+ Lead the development of a mature incident response program that is integrated across the business

+ Organize and deliver incident response services on a cross-section of complex projects

+ Participate and lead aspects of the proposal development process

+ Displays both breadth and depth of knowledge regarding functional and technical issues

+ Displays leadership and business judgment in anticipating client/project needs and developing alternative solutions

+ Provide counseling/coaching, oversight, and support for delivery teams and staff

+ Actively participate in staff recruitment and retention activities providing input and guidance into the staffing process

+ Build an incident response program capable of performing the following functions:

+ Review, validate, and categorize security events using a variety of information security technologies.

+ Investigate user reported potential security risks including phishing emails delivered.

+ Analyze a variety of network and host-based logs to lead security investigations and incident response activities.

+ Validate and confirm critical security events and determine impact.

+ Thoroughly document security investigations throughout incident lifecycle.

+ Maintain, update, or create team documentation around incident response activities

+ Develop and build security content, scripts, tools or other methods to enhance the security incident management process.

+ Proactive hunt on the network to identify security risks, threats, and exposures.

+ Leverage indicators of compromise to determine impact to our environment.

+ Make recommendations and/or implement security controls and countermeasures to prevent or mitigate various security risks.

+ Partner with various stakeholders to seek alternative methods to achieve business outcome, when necessary.

The team

Deloitte's Government and Public Services (GPS) practice - our people, ideas, technology and outcomes-is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of more than 15,000 professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.

At Deloitte, we believe cyber is about starting things-not stopping them-and enabling the freedom to create a more secure future. Cyber Strategy, Defense and Response (SDR) focuses on helping federal clients design and implement transformational enterprise security programs with an emphasis on defending against, recovering from, and mitigating major cyberattacks. If you're seeking a career that increases cyber awareness, utilizes risk management programs, and develops strategies for cyber defense and response, then the Cyber SDR offering at Deloitte is for you.

Qualifications

Required:

+ Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future

+ Must be able to obtain and maintain the required clearance for this role

+ Travel up to 10%

+ Experience working with RMF and NIST 800-53

+ Experience working with cyber security tools

+ Experience with cyber awareness (e.g., phishing emails, cyber trainings)

+ A minimum of ten (5) years of experience in an Information Security related role.

+ A minimum of five (3) year of experience in a Security Operations Center.

+ Knowledge of information security industry and regulatory obligations (PCI DSS, SOX404, SOC1/2, ISO 27000-series, NIST Framework, etc.).

+ In-depth network analysis (pcap), core forensic familiarity, and incident response skills.

+ Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex technical issues in an easily understood manner.

+ Ability to collaborate and communicate effectively and respectfully with both business-oriented executives and technology-oriented personnel in teams across the organization.

+ Security tools (IPS, HIPS, Web Proxy, Open Source Intelligence, Packet Captures, Memory Analysis, Syslog, DHCP, AD, 802.1x, NAT, VPN logs, Passive DNS, and SIEM).

+ Technical proficiency with MITRE ATT&CK Framework and how it's used to assess, enhance, and test security monitoring, threat detection, and mitigation activities.

+ Enterprise security controls to detect and protect against varied sophistication around cyber security threats.

+ Well-known networking protocols (HTTP, SSH, FTP, DNS, etc).

+ Windows, Mac, and Linux-based operating systems from both a user-endpoint and server perspective.

+ Common and emerging attack vectors, penetration methods, countermeasures, and remediation

Preferred:

+ Prior professional services or federal consulting experience

+ Certifications (e.g., CompTIA Security+, CEH, CISSP)

How you'll grow

At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
60d+ ago

ServiceNow Security Consultant

Novo/Scale
Leesburg, VA
60d+ ago

Splunk Consultant Security Clearance

Innova People
Reston, VA
60d+ ago

Security Consultant

Ventech Solutions
Manassas, VA
13d ago

Consultant - AWS Application Security

Coalfire
Arlington, VA
New
5d ago

Security Incident Response Consultant

CGI Group
Fairfax, VA
Opens new tabopen new tab
12d ago
Opens new tabopen new tab

Palo Alto Security Consultant - Location Negotiable

Accenture
Arlington, VA
20d ago

Security Incident Response Consultant

CGI Technologies and Solutions, Inc.
Fairfax, VA
20d ago

Palo Alto Security Consultant - Location Negotiable

Accenture Contractor Jobs
Arlington, VA
20d ago

Security Incident Response Consultant

CGI Group Inc.
Fairfax, VA
21d ago

Cyber Security Consultant, Managed Defense (Remote US)

Fireeye, Inc.
Remote or Denver, CO
New
4d ago

Cyber Security Consultant

Shi International Corp.
Remote
New
3d ago

Managing Application Security Consultant (Remote)

Guidepoint Security
Remote or Kansas City, MO
New
13h ago

Cyber Security Consultant

Shi
Remote
New
4d ago

Security Consultant (remote opportunity)

Akamai Technologies Inc.
Remote or Denver, CO
New
3d ago

Security Consultant (100% Remote)

Amazon Web Services
Remote or New York, NY
10d ago

Security Consultant HITRUST

Coalfire
Remote or Westminster, CO
New
5d ago

Cyber Security Consultant, Managed Defense (Remote US)

Fireeye Inc.
Remote or Albuquerque, NM
New
6d ago

Principal Security Consultant

Amazon Web Services
Herndon, VA
10d ago

Security Consultant

Amazon Web Services
Herndon, VA
10d ago

Security Consultant, Incident Response

Microsoft Corporation
Chevy Chase, MD
New
2d ago

Principal Security Consultant

Amazon Web Services
Arlington, VA
10d ago

Principal Cyber Security Consultant, Managed Defense (Remote - Central Region US)

Fireeye, Inc.
Remote or Dallas, TX
New
4d ago

Cyber Security Consultant, Managed Defense (Remote US)

Fireeye, Inc.
Remote or Albuquerque, NM
New
4d ago

Managing Application Security Consultant (Remote)

Guidepoint Security
Remote or Boston, MA
New
13h ago

Managing Application Security Consultant (Remote)

Guidepoint Security
Remote or Austin, TX
New
5h ago

Managing Application Security Consultant (Remote)

Guidepoint Security
Remote or New York, NY
New
13h ago

Managing Application Security Consultant (Remote)

Guidepoint Security
Remote or Indianapolis, IN
New
5h ago

Managing Application Security Consultant (Remote)

Guidepoint Security
Remote or Cincinnati, OH
New
5h ago

Managing Application Security Consultant (Remote)

Guidepoint Security
Remote or Columbus, OH
New
5h ago

Managing Application Security Consultant (Remote)

Guidepoint Security
Remote or Charlotte, NC
New
5h ago

Average Salary For a Securities Consultant

Based on recent jobs postings on Zippia, the average salary in the U.S. for a Securities Consultant is $88,268 per year or $42 per hour. The highest paying Securities Consultant jobs have a salary over $115,000 per year while the lowest paying Securities Consultant jobs pay $67,000 per year

Average Securities Consultant Salary
$88,000 yearly
$42 hourly
Updated October 17, 2021
67000
10 %
88000
Median
115000
90 %

Highest Paying Cities For Securities Consultant

0 selections
CityascdescAvg. salaryascdescHourly rateascdesc
San Francisco, CA
$106,911
$51.40
New York, NY
$106,082
$51.00
Rockville, MD
$100,505
$48.32
Quincy, MA
$97,248
$46.75
Houston, TX
$95,772
$46.04
Seattle, WA
$95,277
$45.81

5 Common Career Paths For a Securities Consultant

Security Manager

Security managers are responsible for creating a safe environment for everyone and implementing policies to prevent emergencies. They ensure the safety of employees and assets of the company as well as its facilities. Additionally, they evaluate and manage risks by implementing safety policies and training security staff in responding efficiently to emergencies. A security manager must exhibit excellent leadership, surveillance, and emergency response skills. A good security manager should also have a strong commitment to security rules and understand all hazards and threats to safety.

Team Leader

Team leaders are responsible for managing a team for a specific project or work component. They primarily guide the team members and ensure that they are still working towards the set goals. Team leaders create strategies to reach goals, cascade the goals and strategies to team members, assign tasks, conduct periodic check-ups on the roadmap towards the goals, foster an engaging work environment, motivate and coach team members, monitor team performance, evaluate the strategies and come up with mitigating plans as needed. They are also responsible for reporting the team's progress to higher management.

Project Manager

Project managers oversee a specific project related to the organization's business. They manage the whole project from inception to evaluation. They initiate planning with involved departments, follow-through on the plans, ensure smooth execution of the plans, and evaluate the project for further improvements should these be needed. In line with this, project managers also ensure that the project is cost-efficient and well within the budget. They also manage the different work teams involved in the project and ensure that things are running smoothly on this aspect as well.

Account Manager

Account managers are employees who act as the bridge between the company they represent and the client of the company. They are assigned to handle specific clients so that the company will be able to tailor-fit any product or service according to the clients' requirements. Account managers are responsible for maintaining a harmonious relationship between the two parties by ensuring that any agreement made is amenable to both the company and the client. They are also responsible for ensuring that the company will be able to provide the needs of the client within any limitation that the client may have. Account managers also ensure that the company's reputation and well-being are always considered in any dealings.

Security Supervisor

A security supervisor is in charge of coordinating and overseeing the security staff in a building or within a designated area. Their responsibilities focus on devising strategies, appointing personnel, and implementing protocols that would ensure the safety of an establishment, goods, and the people inside. Furthermore, they must make sure that all security devices and equipment are working correctly, create and manage schedules, monitor and evaluate every security personnel's performance, and maintain a safe environment for everyone. Should there be any incidents, it is crucial to coordinate with the police right away.

Illustrated Career Paths For a Securities Consultant