The Information Technology (IT) Services group is a strategic practice unit within GBQ that serves internal and external GBQ clients at each of our locations. The Associate Security Analyst Staff will participate in assessment projects, report writing and controls implementation. Our ideal candidate is an experienced IT professional whose career includes a broad range of hands-on experience working within a professional IT environment with some security responsibility. We serve clients throughout the Midwest with a majority of our clients located in Ohio or surrounding states. Focus on four major initiatives established by the Firm: Profitability, Practice Growth; Client Focus; and Brand Culture/Development.
- Serve the IT Services Team as the lead security tools technologist implementing and operating remote testing tools.
- Implement vulnerability management tools and other technical safeguards in client environments
- Conduct cybersecurity, network security, vulnerability and configuration assessments and tests based on scoped client needs
- Execute penetration tests for vulnerability assessment and compliance purposes
- Support senior-level penetration testers and application testers based on knowledge, skills and abilities with penetration and/or application testing
- Conduct safeguard and system selection research under the direction of an experienced Security Architect
- Provide professional written technical writing of work performed, findings and observations
- Team player and deadline-oriented
- Ability to multi-task and set workload priorities in a fast-paced environment
- Complete assignments within established budget for assigned areas.
- Achieve charge hour budget and minimum billable hours as set by the Firm.
- Participate in “approved” non-client initiatives to improve firm administration.
- Consistently utilize all firm and department software efficiently.
- Represent firm and build relationships by participating in outside activities.
- Develop and demonstrate strong leadership skills.
- Demonstrate excellent written and verbal communication skills
- Ability to provide outstanding client service
- Attention to detail and accuracy
- Analytical and creative problem-solving skills
- Ability to perform technical scans for infrastructure vulnerabilities using commercially available tools
- Flexibility with travel and hours
- Work in partnership with other team members and client personnel to help ensure efficient flow of information from client to IT Services team.
- Comprehend new, complex issues and perform basic research to solve complex problems.
- Exemplify Brand Attributes of the Firm.
- Comply with all policies and procedures of the Firm
- Demonstrate ability to work in a team environment and address conflict with peers.
- Consistently seek feedback on performance from superiors and enhance and develop professional and technical skills.
Work Experience and Education:
- College graduate or non-degree candidates with relevant military or work experience
- Prefer 1-3 years of progressive IT experience in a professional environment with exposure to cybersecurity operations.
- Awareness of security laws, regulations, guidance, policies and directives would be helpful
- Familiarity at least one control framework (e.g. NIST CFF, CSC, etc.)
- Must be technically proficient in performing their assigned duties with minimal supervision while also working within a team environment
- Experience with:
- Vulnerability management and patch management processes and tools
- Malware and eradication
- Working knowledge in the following technical domains:
- TCP/IP, UDP, DNS, FTP, NetBIOS, and other protocols.
- Understanding of Linux, UNIX, Windows, and mobile operating systems
Network services, vulnerabilities and attacks
- Exploits and vulnerabilities
- programming and shell scripting
- Strong analytical skills required; must be detail-oriented with an ability to develop and apply complex concepts
- Strong Microsoft Office skills required, including Microsoft Word, PowerPoint and Excel (Access and Visio a plus)
- Strong written and verbal communication skills required
- Some travel required (NOTE: Given COVID-19, most of our work is done remotely. We anticipate a return to travel for some projects as the pandemic ends. At this point, most client work is being conducted remotely.)
- Associate Security Analyst/Staff will report directly to a Performance Manager who will provide any necessary guidance relative to administrative issues or work performance through the formal evaluation process.
- Flexibility with travel and hours
- Reliable transportation for on-site client work.