The Cybersecurity Consultant is responsible for ensuring technology initiatives are implemented within the framework to make our client’s cloud environments more secure. The Consultant will be accountable for securing enterprise information by identifying network and application security requirements, planning, implementing and testing security controls and procedures. This role is customer-facing and plays an active role in transforming our client’s Security through implementing Security technologies on-premise and in the cloud.
Day-to-day, You Will
· Propose, plan and execute tactical operational security objectives
· Perform deep analysis and develop metrics that measure current risk and effectively evaluate and manage threats
· Identify appropriate technology/data sources and drive the collection of data necessary to effectively evaluate threats
· Communicate threat intelligence and vulnerability management options
· Analyze threats and current security controls to identify gaps in current defensive posture
· Meet with clients and lead workshops
We Are Looking For The Following Experience
Our ideal candidate will have a solid foundation across the Microsoft technology stack and Azure security offerings with the ability to communicate security and risk-related concepts to key partners.
· Enterprise Mobility and Security Suite (EM+S), Advanced Threat Protection (ATP), Azure Information Protection (AIP) and Intune
· Azure Key Vault, Azure Security Center, Azure Operations Management Service, Log Analytics
· Identity and Access Management principals, including B2B and B2C cloud design and implementation
· Architecture and security management
· Design Cryptographic Key Management for lifecycle management of cryptographic keys in Office 365 (“O365”) services
· Provide a document labeling taxonomy based on existing corporate data classification specifications and deploy into both the online Azure IP service and into an existing Azure IP scanner service
· Configure Azure Advanced Threat Protection (“Azure ATP”)
· Provide systems integration guidance and a run book for Security Information & Event Management (SEIM) and Azure ATP alerts
· Configure native Office data loss prevention (“DLP”) sensitivity types as required. Develop and deploy up to 10 custom sensitivity type detections and up to 10 custom protection policies
· Provide a configuration and deploy method for the Microsoft Information Protection (“MIP”) client for use in compatible Outlook and/or Office Pro Plus Customer software
· Solid understanding of security best practices
· Securing network and enterprise cloud applications
· Privileged access management technologies
· Security frameworks, such as NIST RMF, NIST CSF, ISO 27001/2
· Building a security framework, SIRRP process and/or forensic handling methods
· Knowledge of host hardening, auditing, logging and monitoring, network security, SEIM deployments, security analytics, anomaly detections, PKI
· Market understanding of industry trends for cybersecurity, risk & threat intelligence, and governance
· Proven implementation of cloud security models, particularly identity, network, and encryption
· Demonstrated understanding of Microsoft security technologies and strategy
· Program management skills and solution support for security transformation/implementation programs
· Business case development skills for justifying, prioritizing & forecasting the funding requirements for security programs and initiatives
Your preferred certifications may include: CISSP, CISM, CCSP, CSSLP, or other meaningful certifications such Microsoft AZ-103, AZ-300, AZ-301, AZ-500, AZ-900, MS-100, MS-101 MS-500, MS-900.
To supplement the technical knowledge and project delivery experience, the successful candidate will come from a Consulting background with good customer facing skills, the ability to gather customer requirements and produce high quality written deliverables. As a consultant, you must be willing to travel to our client locations as needed.
You will likely have a Bachelor’s Degree in computer science, computer engineering, management information systems, information technology, or a similar field. An equivalent combination of education and experience may substitute for a degree.