Cyber Security Consultant, New York (hybrid)

New York
Lab49 – Software Engineering /
Full-time /
Hybrid
We are seeking a Cyber Security Consultant to join our newly created sub-practice, dedicated to serving a mature and impactful long-term client in the financial services industry. This role requires a balance of independent work and teamwork, focusing on advancing the client's agenda. The ideal candidate will possess some understanding of the financial services sector, coupled with a proven track record of independent work, team collaboration, and client relationship management. Join us to make a meaningful impact and contribute within our innovative team. 

Skills and Experience

    • Expert knowledge of security considerations for cloud computing, including data breaches, hacking, account hijacking, malicious insiders, third parties, authentication, APTs, data loss and DdoS attacks.
    • Experience in executing security assessments against modern cloud applications and SaaS solutions
    • Ability to contextualise security findings and guide application teams on remediation
    • Expert cyber security knowledge and ability to apply security frameworks specifically NIST 800-53 and ISO 27001.
    • Knowledge of threat modelling and performing assessments using approaches such as Mitre Att&ck to provide comprehensive vulnerability and risk impact assessments along with control mappings.
    • Identity and access management; tracking and creating/enforcing policies that govern access sensitive technology resources and information assets.
    • DevSecOps technology including Docker, Kubernetes, Terraform or Pulumi, Hashicorp tools and GitLab/GitHub.
    • Experience working in a modern environment, utilising both Continuous Integration and Continuous Deployment (CI/CD) to enforce static and dynamic security testing software composition analysis and automated scanning and vulnerability assessments.
    • Proven enterprise or strategic view of cyber strategy for large financial institutions, including understanding of appropriate regulations and controls.
    • Commercial engineering experience is preferred with languages including Java, C#, Python, C++, Kotlin, JavaScript/Typescript or similar, highly regarded.

General Consulting Experience (Experience in the following will be important to be successful in this role)

    • Work closely with business stakeholders and clearly communicate technical considerations
    • Experience demonstrating technical concepts, including presenting and whiteboarding
    • Own a functional deliverable throughout the complete development lifecycle.
    • Work closely with business stakeholders and clearly communicate technical considerations.
    • Agile development methodology (Scrum and its variants)

    • Who are you?
    • You are a security evangelist. We understand the importance of security for our clients, and their customers. We emphasize the importance of secure by design at every step of the lifecycle.
    • You are technical but thrive in delivering business value. The business outcomes are always front-of-mind – we love technology, but the end game is always about creating business value with the most efficient and impactful solution.
    • You can collaborate with our clients. As a consultancy, our ability to work with our clients is paramount. You present well, communicate clearly, act professionally, and achieve great outcomes.
    • You have attention to detail. Quality and complete solutions matter to you.
    • You are pragmatic. You get things done, you can find a creative compromise between an ideal solution and actual client needs.
Lab49/ION is committed to maintaining a supportive and inclusive environment for people with diverse backgrounds and experiences. We respect the varied identities, abilities, cultures, and traditions of the individuals who comprise our organization and recognize the value that different backgrounds and points of view bring to our business.
Lab49/ION adheres to an equal employment opportunity policy that prohibits discriminatory practices or harassment against applicants or employees based on any legally impermissible factor.