BTB Security has need for a Security Consultant within BTB Security’s CISO Advisory team. Our CISO Advisory practice designs and implements security programs that are practical, effective, commensurate with risk and aligned with our clients’ business objectives. The Security Consultant role is an execution-level role that will work within the broader CISO Advisory team and will be responsible for assisting in the delivery of defined information security programs. Expectations include executing several different types of security projects and activities including, but are not limited to; risk assessments, security roadmaps, process design, reporting and general governance, risk, and compliance activities.
All BTB Security services are designed to forge a trusted partnership with our clients. This comes from ensuring that all security services are delivered with excellence and are executed in a timely manner. Regular communication with clients and BTB management is equally important to ensure that expectations are being met.
- Prior experience as an information security consultant or practitioner (Assessor, Analyst, GRC specialist) with experience in several of the following security activities:
- Risk Assessments
- Alignment with common industry security frameworks
- Findings Remediation
- Policy, Standards and Procedures development
- Security Risk Reporting
- Vendor Security Assessments
- Education and Awareness Training
- Vulnerability Management
- Access Control (Provisioning, Deprovisioning, Access Reviews)
- Demonstrable expertise solving real-world security problems, not just security theoryPrior experience as an information security consultant or practitioner (Assessor, Analyst, GRC specialist) with experience in several of the following security activities:
- Working knowledge of information security management systems and frameworks, such as ISO 27002, NIST CSF, CIS Controls and common privacy and regulatory standards, such as HIPAA, PCI-DSS, GDPR, CPA.
- Foundational knowledge in several technologies, including but not limited to:
- Active Directory, Windows, Linux
- Networking Infrastructure
- Endpoint and Mobile Device Security
- Intrusion Detection/Prevention Systems
- Cloud and web application architecture and securityFoundational knowledge in several technologies, including but not limited to:
- Working knowledge of best practices related to Incident Response, Disaster Recovery, and BCP (desired)
- Familiarity with common attacks, vulnerabilities, and associated risks, such as: Ransomware, SQL Injection, Brute force attacks, Malware infection, Phishing/BEC attacks, etc.
Education / Certifications
- Minimum of 2 years’ experience working in security consulting or equivalent internal role
- Bachelor’s Degree in relevant domain such as technology, computer science, risk, engineering or other domains with relevant work experience.
- Entry level security certifications desired or actively pursuing