• Bachelor’s or Master’s degree in Computer Science, Engineering, Security Studies, History or relevant field
• 3-7 years of professional experience working in or supporting a corporate or government security/cyber defense program
• Strong understanding of, and proven experience in, some combination of:
o Information technology (IT) security operations
o Analysis of threat capability and intent, threat actor tactics, techniques and vulnerability mitigation
o Security risk management policies and principles
o Cybersecurity frameworks, standards and best practices
• Self-starter who is a team player that embraces collaboration
• Analytical thinker – ability to recognize nuances, anticipate client questions and defend findings and recommendations
• Demonstrated ability to prioritize tasks, work on multiple projects concurrently, and manage rapidly changing assignments
• Strong presentation and communications skills, with ability to understand, assess and articulate complex issues
• Strong proficiency in MS Office (Word, Excel, PowerPoint)
• Willing and able to travel up to 25% of the time domestically and internationally
• Have or be able to obtain U.S. Government National Security Clearance
Recommended but not required:
• Experience with scripting languages (Bash, Powershell, Python, etc.)
• Experience in DevOps environment or IT operations
• Knowledge/use of the MITRE ATT&CK framework
• Prior experience in the delivery of high-end professional/advisory services
• Fluency in Spanish
• Relevant industry certifications (e.g., SEC+, CISSP, CISA, GPEN, GCIH)
Cybersecurity Risk Management/Strategic Advisory Services
• Execute and contribute to risk assessments that integrate threat, vulnerability and consequence, intelligence and information.
• Oversee process for discovery, analysis, evaluation and development of findings and recommendations in security projects. Develop an overall view on current-state and future-state cybersecurity maturity and effectiveness.
• Analyze open source information and intelligence.
• Weigh tradeoffs around risk reduction, ease of implementation, efficiency gains and regulatory drivers.
• Evaluate cybersecurity products and services.
• Formulate strategic action plans to address cyber risk in a way that aligns with business goals and objectives.
• Develop and present deliverables, findings and recommendations to clients in senior business roles, including C-suite stakeholders.
• Contribute security expertise to engagements led by senior team members and ensure assignments are completed as directed and on-time.
• Support sales and business development initiatives by preparing pitch materials, writing proposals and participating in meetings with potential clients.
• Cultivate and pursue new business opportunities with guidance from senior colleagues.
• Develop Chertoff Group content (e.g., whitepapers, blogs, podcasts, webinars, etc.) on selected security topics.
• Schedule and assign duties to colleagues, team members and subcontractors on complex programs and ensure assignments are completed as directed by engagement manager.
• Organize and coordinate with internal teams ranging from junior staff to former Federal agency heads and industry CEOs.
• Manage and organize administrative tasks, including contract execution, meeting/call scheduling, knowledge management etc.
• Conduct project and CRM management using Salesforce or similar CRM or client management, project management or financial management systems and tools.