A Cyber Security Consultant is an expert in the field of information technology security. Their job is to protect the company from bad actors or hackers, They work to make sure that networks are safe from external threats like hackers or crackers who want access for malicious purposes, even a security consultant is responsible for providing leadership and direction for the design and implementation of secure platforms, cloud, application, controls, services and technologies across the organization and establishing the secure architectures by determining security requirements; planning, implementing and testing security systems, preparing security standards, policies and procedures. S/he leads and conducts risk assessments on information systems, IT infrastructure and related policies and processes in accordance with established regulations and organizational standards. A Cyber Security Consultant ensures that every step of the software development lifecycle (SDLC) follows security best practices. They are also responsible for adhering to secure coding principles (owasp top 10) and aid in testing the application against security risks/parameters like code Scan (SAST/DAST) before release.
Technical Cyber Security- Fundamentals:
Domain-specific Knowledge for IT support Cyber security and IAM.
Representative Tasks, Skills, Knowledge, Abilities
1. Review the advisories, threats, attacks, phishing, and malicious activities happening around the world and ensure that we are secure against them.
2. Analyze the SOC investigations and forensics.
3. Safeguards information system assets by identifying and solving potential and actual security problems.
4. Conduct application risk assessments, business partner vulnerability assessments (SAST/DAST), and security assessments
5. Perform and/or coordinate penetration testing
6. Lead ongoing information security education, awareness, and outreach activities like Incident Response training, execute tabletop exercises and phishing campaigns
7. Participate in internal/External Audits
8. Ensure to secure the Network, Server, Application, and cloud (AWS, Azure) infrastructure
9. Perform the internal & external vulnerability scans
10. Provide 7x24 support for critical security issues
1. Standards like PCI DSS, ISO, ISMS and HIPAA, NIST, MITRE ATT&CK
2. knowledge of the attack, penetration tests, application risk assessments, vulnerability assessments, and security architecture assessments and controls
3. latest trends in cyber security and solutions
4. Solid understanding of IT processes including security, incident management, configuration management, change management, release management, problem management, business continuity and disaster recovery
1. Public speaking and presentation
2. Assessing systems & procedures and Tools
3. Providing Security awareness training or coaching employees
1. Drive adoption of secure hardening and configuration practices
2. manage situational issues and events
Technical Cyber Security- Advance
Develop processes and procedures for monitoring firewalls reverse proxies, security information and event management systems, intrusion detection systems, vulnerability scanners, multi-factor / strong authentication technologies, RADIUS/TACACS+ servers, and logging servers
2. Develop processes for monitoring third-party security reports and vulnerability patching
3. Perform security audits of off-the-shelf and custom applications and infrastructure
4. Provide in-depth support for information security incidents including internal violations, external attacks, viruses, and system outages. Assist with the investigation of security breaches, policy violations, and other security incidents
5. Provide expert-level advice for the design and planning of enterprise-wide networks, technology infrastructure, middleware, platforms, and applications to ensure appropriate levels of risk
6. Provide direction on a variety of design decisions including, solution evaluation and selection, buy vs. build questions, project estimates, platform selection and high-level technical design
7. Continuously look for ways to enhance existing security services. Research, design, plan, schedule, and implement new security technologies into the current operating environment
8. Develop and implement the IT security framework and strategies that provide balance and alignment with business requirements
9. Define global security policies, standards and guidelines to sure ongoing maintenance of security
10. Implement best practice procedures to ensure a uniform security architecture throughout Application Development, Operations and Infrastructure
11. Direct project teams for the implementation of security-related initiatives
To effectively structure, facilitate, and participate in methods of working between two or more parties, organizations, or cohorts, that further
1. Communicate with stakeholders, contributors, & business leaders
2. Preparing and presenting briefings to internal & external clients
3. Participate in discussions and meetings
Public speaking and presentation
1. Active Listening
2. Verbal Communication
3. Written Communication
4. Interpersonal Skills
5. Presentation Skills
Writing policy, process & procedures, Policy: a course or principle of action adopted or proposed by an organization or individual. Process: a series of actions or steps taken in order to achieve a particular end. Procedure: an established or official way of doing something.
1. Review the current policy, process and procedures and update them frequently
2. Creating new policies, processes, and procedures as per the requirement or standards
3. Publish or introduce the new policies, processes and procedures and communicate to the leadership or different COEs.
Knowledge of writing policies, processes, and procedures.
1. Technical writing
Customer & Vendor Management
Manage customer and vendor relationships & accounts
1. Vendor management
2. Customer engagements
3. Maintenance and support renewals
1. Relationship-building techniques
2. Effective communication speaking, reading, and writing.
1. Preparing and presenting briefings
2. Public speaking and presentation
3. Conducting an assessment of systems & procedures and Tools
1. perform contract review and assessments
2. cultivate relationships
3. review quotes and prepare purchase requests
Education, Experience, Certification
Bachelor of Science, or equivalent education, experience & competency
Cyber Security Experience: Overall 10+ Years IT, 5+ years, Cyber Security, 2+ Yr Application Security
Required: Any relevant certification.
Desired: Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Cloud Security (AWS, Azure)
Certified ISO 27001, PCI DSS, HiTrust
CompTIA Cybersecurity Analyst (CySA+)
CompTIA Advanced Security Practitioner (CASP+)
Certified Ethical Hacker (CEH)
Hybrid work arrangement
For over 10 years, HCM Nexus has been dedicated to serving clients with comprehensive recruitment, HR, and training services. Our seasoned consultants are committed to creating value for you. Whether you need exceptional talent, optimized HR practices, or workforce development, we deliver tailored solutions that drive success.
LEVEL HIRING FOR