Information Security Consultant

Rook Security
Indianapolis, IN
Aug 01, 2017
Jobs Outside Higher Education
Software & Technology
Institution Type
Outside Academe

Job Description

The Information Security (InfoSec) Consultant is responsible for providing security guidance to Advisory project teams responsible for delivering business solutions. The InfoSec Consultant will provide security guidance, identify and prioritize security-related requirements, promote secure-by-default designs and facilitate delivery of information security services. They will also be expected to perform risk assessments of information systems and infrastructure, develop appropriate risk treatment and mitigation options, and effectively articulate findings and recommendations to IT project teams and management. The InfoSec Consultant will be expected to work on multiple projects and tasks concurrently.

IS Consultant personnel duties include but are not limited to:
  • Define and provide pragmatic security guidance that balance business benefit and risks.
  • Engage IT teams throughout projects to identify and prioritize applicable security controls and provide guidance on how to implement these controls
  • Perform risk assessments of information systems and infrastructure
  • Maintain and enhance the Information Security risk assessment methodology
  • Define security configuration standards for platforms and technologies
  • Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit
  • Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stakeholders
  • Provide knowledge sharing and technical assistance to other team members
  • Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible portfolios

Required Knowledge:
  • Bachelor's Degree in Information Security or related field; or 2-5 years experience as an Information Security Specialist/Consultant
  • Currently hold or be actively pursuing related professional certifications such as CISSP, GSEC, CISM or CISA is highly preferred
  • Knowledge of OWASP top 10 and remediation of attacks against web applications. The ability to convey the risks to IT and business stakeholders
  • Familiarity with information system attack methods and vulnerabilities
  • Knowledge of Cloud Architecture

Desired Skills:
  • Experience providing and validating security requirements related to cloud security for private, public, and hybrid clouds
  • Experience with UNIX CLI and Scripting
  • Experience with the following tools:
    • Nessus
    • Nmap
    • Metasploit
    • ZAP / BurpSuite
  • Knowledge of Windows Server Configuration
  • Experience with Network Defense in depth strategies
  • Experience providing and validating security requirements related to information system design and implementation
  • Experience conducting risk assessments, vulnerability assessments, vendor and third party risk assessments and recommending risk remediation strategies
  • Experience with Risk Management

Required Attributes:
  • Demonstrated integrity in a professional environment
  • Ability to team well with others to facilitate and enhance the understanding and compliance to security policies
  • Ability to work effectively with customers, management, staff members, vendors, and consultants and articulate findings and recommendations
  • Strong English communication and writing skills are required
  • Strong judgment and analytical ability
  • Excellent interpersonal, communication, organizational, and project management skills
  • Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change

About Rook Security:

Headquartered in downtown Indianapolis, Rook Security is a global provider of IT security solutions protecting against dynamic emerging threats. Rook's consulting and managed security services deliver visibility, intelligence, and response in security operations to overcome the complex problems that continue to plague most organizations. As an integrated extension of their internal team, Rook helps organizations achieve a mature security and risk management program. Rook's consulting and managed security services have helped to improve the way organizations from start-ups to Fortune 100 firms protect their data and manage their risk. For more information, join us on Twitter @RookSecurity, Facebook, or

Company Description
Since the company's inception in 2008, Rook Security has emerged as the place to be to start, extend, or elevate your career as the Rook team strives to become the most well respected IT Risk Management strategy consulting partner in the country. With our open & collaborative work environment, the integrity, intelligence, rapid problem solving, teaming, and creative skills of our team members has formed a solid foundation from which we have grown.

Indianapolis, IN


Mon, 31 Jul 2017 07:04:22 PDT