Verizon is a leading provider of technology, communications, information and entertainment products, transforming the way we connect across the globe. We’re a diverse network of people driven by our ambition and united in our shared purpose to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.
What you’ll be doing...
Verizon’s Cyber Risk Programs (CRP) performs regular & ongoing cyber threat, risk, and compliance assessments and or issues to identify potential threats and devise the strategy and methods for developing and implementing appropriate defenses to the customer's security & risk posture.
Our CRP Security Consultant, is an experienced resource who is assigned one or more clients and is expected to lead most client interactions and program delivery. A CRP Security Consultant provides the services (activities, tasks, reports, recommendations, guidance, consultation and deliverables) in accordance with the Verizon CRP service description, SOW and/or contractual requirements.
Serve as primary point of contact delivery Consultant and deliver the Cyber Risk Program (CRP) or Cyber Risk Monitoring Level 3 (CRM-L3) program to external customers.
Interface with external client technical POC’s and internal stakeholders such as Project Managers, Senior Consultants, Principal Consultants and Delivery Managers.
Perform research on cyber security criteria, security systems, validation procedures and configure, schedule and perform vulnerability testing, threat analyses, and security checks.
Analyze discovery scan data and vulnerability data to determine unusual use configurations, discovery of aged software, end-of life software, patch management validation and proper identification of high, medium and low severity vulnerabilities.
Determine how to quantify cyber security risk using threat likelihood, implementation state, and business impact variables in addition to prioritizing risk initiatives based on business need, compliance requirements, and/or industry best practice risk reduction methodologies.
Work with customer technical POC’s in order to determine and document enterprise wide false positives, remediation strategy plans and risk acknowledgement forms.
Perform both remote and onsite client activities such as policy, process and procedure reviews, wireless/IOT assessments and physical inspections of client office and data center facilities.
Prepare quarterly Executive Summary Risk Reports, perform internal mock presentations and lead formal final presentation and delivery to customer stakeholder team.
What we’re looking for...
You’ll need to have:
Bachelor’s degree or relevant work experience.
Knowledge of common cyber security concepts i.e. threats, risks, vulnerabilities, confidentiality, integrity and availability of systems and services.
Eligibility to obtain and maintain a current, active security certification such as CISSP.
Fluency in English, written & verbal.
Willingness to travel domestically (within country) and internationally.
Even better if you have:
A degree in relevant field or experience in Information Technology (IT), Computer Network Engineering, Network or Security Operation Centers, Information Security/Assurance, Cyber Security, Governance, Risk and Compliance Management.
Advanced degree in Computer Science, Computer/Electrical Engineering, Information Security or relevant work experience.
Industry certifications such as E-CEH, E-CIH, ISACA CISM, CISA, CRISC, CCSP, CCSK, GSEC.
Vendor specific platform certifications: Qualys, Tenable, Rapid 7, Digital Defense, Recorded Future, Firemon, Tuffin, ProofPoint.
Strong knowledge of common risk and compliance frameworks such as ISO 27000, NIST-800, GDPR, PCI-DSS, HIPAA, HITRUST, SOX and CIS Controls.
Experience in behavioral, audit, security, and/or policy compliance analysis.
Experience in secure internet working technologies such as firewalls, intrusion detection systems, intrusion prevention systems, VPN’s, wireless, phishing, reputational, and group policies as they relate to the security and risk posture of a client organization.
Experience in analyzing application, cloud security, wireless, and mobile device vulnerabilities and developing plans for remediation.
Knowledge of cyber threat indicators.
Experience with security monitoring and management tools, such as vulnerability scanning solutions and networking tools.
Experience with threat intelligence tools and platforms.
Knowledge with multiple operating systems such Windows, Linux, UNIX, Apple OS and others.