Job Title: (Technical) Cybersecurity Consultant
Tenure: Permanent (5 days per week)
BH Consulting is an ever-expanding cybersecurity and data protection consulting service – with offices in Dublin, London and New York. Our highly skilled team help clients understand risks, identify vulnerabilities and deliver critical cybersecurity and data protection solutions to their organisations. As part of our continued expansion, we wish to appoint a Technical Cybersecurity Consultant who can conduct security assessments of clients technical infrastructure (M365/Azure/AWS/Backups/Networks etc.) and who can attest to the robustness and adequacy of the controls in place in those infrastructures.
The role is varied, with many responsibilities, and requires at least five years demonstrable experience in the following key areas:
- Undertaking security assessments of technical Infrastructure (M365/Azure/AWS/Backups/Networks etc.).
- Performing gap analysis of client infrastructure against platform specific technical standards. (M365/Azure/AWS/Backups/Networks etc.).
- Providing comprehensive, client specific cybersecurity testing services, such as but not limited to penetration testing services, vulnerability analysis, phishing campaigns and red teaming exercises.
- Communicating the results of the above tests – via the production of high quality reports, executive summaries and board-level presentations.
- Using and maintaining various tools to be used for the above tests (such as Qualys, Lucy, Tenable and Nessus).
The ideal candidate will have the following core competencies
- Excellent analytical, technical and troubleshooting skills.
- An extensive understanding of multiple technical areas of information security including network security, access control, risk management, secure design and development, testing and controls such as firewalls, passwords, cryptography.
- A strong familiarity with web application security vulnerabilities and controls.
- A comprehensive understanding of Cloud Service Providers, Cloud Operations and Cloud Computing, and have experience with cloud services such as M365/Azure/AWS/Google.
- A detailed understanding of threat analysis and enterprise cyber defence techniques.
- A strong understanding of Security Operations Centres (SOC) and Security Incident and Event Management (SIEM).
- Familiarity with security standards and frameworks e.g., ISO 27001, NIST Cybersecurity Framework, CIS Critical Security Controls.
- Experienced with vulnerability management tools such as Qualys and Tenable.
- Strong documentation skills to contribute to security policies, processes and procedures and for the production of risk assessment reports, findings and recommendations.
- Hands-on security incident handling and remediation experience.
The ideal candidate will also have the following skills
- A passion for cybersecurity.
- An excellent understanding of Business Risk Management and Information Risk Management.
- Excellent communication skills both in writing (excellent report writing skills and able to produce high quality client facing reports) and in speaking (a keen ability to articulate complex issues to peers, executives, and customers).
- Team player with the ability to engage professionally with internal teams and external customers.
- Flexibility – be able to manage a number of projects, meet deadlines, adapt to changing priorities and manage stakeholder expectations.
The successful candidate will also have:
- Whilst a third-level degree in computer science, information technology, information security is required, candidates with equivalent experience will also be considered.
- Security qualification such as security certification (e.g., CISM/CISSP), a security specialisation in undergraduate degree, or a relevant postgraduate degree or diploma.
- Minimum 5 years experience in IT Security, Governance, Risk and Compliance, IT Audit with proven experience in the delivery of cybersecurity services to clients.
- Excellent command and fluency in English
- VISA holders only
Nice to Haves (Preferred Qualifications):
- Technical experience in a technology or engineering organisation.
- Expert knowledge in at least one IT Security domain (cloud, infrastructure, device, data, identity, networking).
- Industry recognized qualifications in IT Security or Risk domains (e.g., Lead Implementer / Auditor IS027001, CRISC).
- Security test and assurance experience.
If you think you may be suitable and are interested in the position, please send your cv to [email protected]