Senior Information Security Consultant

The Senior Information Security Consultant possesses past experience in a range of practical environments with a proven record of services and delivery of IT project management. The Senior Information Security Consultant will ensure effective delivery of the overall Security Assessment process according to NIST SP 800-37. Additionally, the Senior Information Security Consultant is expected to deal effectively as a Project Manager role with all contingencies, foreseen and unforeseen, and ensuring delivery on or under budget and according to the timeline set by the customer.

The Senior Information Security Consultant will:

• Develop remediation plans and coordinate activities with other organizational departments.
• Optimize up-to-date technical solutions and processes to monitor the security of the client’s infrastructure (firewalls, servers, applications, anti-spam/anti-spyware tools, forensic integrity checking, encryption, key management tools, etc.).
• Capable of communicating complex issues efficiently and effectively to TalaTek team and clients.
• Identify, document, and report security issues and concerns to officials; follow up on action items to resolve security issues.
• Perform the technical security architect role, creating design documents and instructional materials for non-security focused teams, detailing technical solutions and processes for security incident monitoring, audit and logging procedures for enhancing the client’s infrastructure security (firewalls, servers, applications, anti-spam/anti-spyware tools, forensic integrity checking, encryption, key management tools, etc.).
• Support and provide in-depth understanding of the TalaTek process and the ability to implement action items, manage reports, and provide overall systems support.
• Capitalize on strengths and identify areas of opportunities for improvement.
• Apply great attention to detail when reviewing, updating, and comparing documents and deliverables.
• Manage all SA&A tasks across multiple systems and ensure NIST publication standards are applied effectively and consistently.
• Define and plan procedures relating to securing technology; supervise other team members to complete project requirements effectively.
• Keep abreast of the latest technologies.
• Required to carry out all inspections in accordance with ISO/IEC 17020:2012, Conformity assessment – Requirements for the operation of various types of bodies performing inspection.
• Develop and complete risk assessments based on NIST standards to ensure the Information Assurance (IA) design sufficiently mitigates IA risks.

Expectations – a successful candidate will:

• Work independently to optimize up-to-date technical solutions and processes to monitor the security of the client’s infrastructure (firewalls, servers, applications, anti-spam/anti-spyware tools, forensic integrity checking, encryption, and key management tools, etc.).
• Lead the team in conducting security risk assessments, vector attack, and penetration testing, and vulnerability assessments of networks and resources attached to the network.
• Identify, document, and report security issues and concerns to officials, and follow up on action items to resolve security issues.
• Perform the technical security architect role, creating design documents and instructional materials for non-security focused teams, detail technical solutions and processes for security incident monitoring, audit and logging procedures for enhancing the client’s infrastructure security (firewalls, servers, applications, anti-spam/anti-spyware tools, forensic integrity checking, encryption and key management tools, etc.).
• Develop remediation plans and coordinate activities with other organizational departments.

Requirements – The Senior Information Security Consultant will, at minimum, have:

• Bachelor’s degree in Computer Information Systems or equivalent is preferred and six (6) years of experience in Information Security
• Proficient written and verbal communication skills in order to effectively interact with clients, project team, and TalaTek leadership
• CISSP certification

Ongoing training requirements of the Senior Information Security Consultant:

• Pursue ongoing research and training associated with being informed and aware of up-to-date security best practices and the tools associated with completing security assessments – completing vendor-specific training as necessary, such as Qualys, Nessus, etc.
• Maintain Continuing Professional Education (CPE) requirements associated with security and/or project management certifications.
• Progressively pursue EC-Council certifications, such as Certified Ethical Hacker (CEH), Licensed Penetration Tester, etc. – order of certifications obtained should be determined based on an ongoing evaluation of candidate’s skills assessments.