Senior Cybersecurity Consultant
We are seeking an experienced Senior Cybersecurity Consultant to join our growing commercial cyber consulting practice. This is an opportunity for a seasoned security professional to leverage their breadth of experience across multiple domains of cybersecurity, working directly with clients to solve complex security challenges and mature their security programs.
The ideal candidate brings hands-on experience from senior security leadership roles—such as CISO or vCISO positions—and combines strategic thinking with technical depth. You'll serve as a trusted advisor to client organizations, leading engagements that span security assessments, program development, and technical implementation.
Core Responsibilities
Client Advisory & Assessment
- Lead comprehensive security assessments including risk assessments, security architecture reviews, and compliance gap analyses.
- Conduct security program evaluations and provide strategic recommendations for program maturity.
- Deliver executive-level presentations and written reports that translate technical findings into business risk.
Security Planning & Documentation
- Develop enterprise-level security planning documents including incident response plans, system security plans, and business continuity/disaster recovery plans.
- Create security policies, standards, and procedures aligned with industry frameworks (NIST, ISO 27001, CIS Controls).
- Design security architectures and roadmaps that balance risk mitigation with business objectives.
Facilitation & Training
- Design and facilitate security tabletop exercises covering incident response, crisis management, and business continuity scenarios.
- Lead client workshops for threat modeling, risk assessment, and security planning.
- Mentor junior consultants and contribute to practice area development.
Required Qualifications
Experience:
- 10+ years of progressive cybersecurity experience with at least 5 years in management (ideally senior or leadership) roles. CISO/vCISO experience ideal.
- Experience conducting security assessments across diverse environments and industries.
- Demonstrated ability to develop security documentation and strategic plans.
- Experience facilitating security exercises and delivering executive presentations.
Technical Knowledge:
- Deep understanding of security frameworks and standards (NIST CSF, NIST 800-53, ISO 27001, CIS Controls, etc.).
- Broad knowledge of security domains including network security, application security, cloud security, identity and access management, and data protection.
- Strong understanding of compliance requirements across multiple regulations and frameworks.
- Expertise in risk management methodologies and security program development.
Professional Skills:
- Exceptional written and verbal communication skills with ability to translate technical concepts for business audiences.
- Strong client management and relationship-building capabilities.
- Excellent project management skills with ability to manage multiple concurrent engagements.
Bonus Qualifications (Nice to have) - Advanced Technical Capabilities:
- Hands-on security engineering experience including design, implementation, and configuration of security tools and technologies (SIEM, EDR, firewalls, DLP, etc.).
- Penetration testing experience with knowledge of PTES, OWASP, etc.
- Purple team exercise experience from either offensive (red team) or defensive (blue team) perspectives.
- Detection engineering and threat hunting capabilities, including experience with threat intelligence and adversary emulation.
- Cloud security architecture and implementation experience (AWS, Azure, GCP).
- Experience with security automation, orchestration, and DevSecOps practices.
- Incident response leadership including coordinating major security incidents.
- Prior consulting experience with ability to quickly adapt to various client environments.
- Experience in multiple industry verticals (financial services, healthcare, manufacturing, etc.).
- Professional certifications such as CISSP, CISM, CISA, or equivalent a plus.