Director, Cyber Engineering

In order to address the most critical needs of our clients, RSM established the Security and Privacy Services group, comprised of more than 150 professionals dedicated exclusively to serving the cybersecurity needs of our clients. This group includes experienced consultants located throughout the country dedicated to helping clients with preventing, detecting, responding and recovering to security threats that may affect their critical systems and data. We serve a diverse client base within a variety of industries, and we are relied upon to provide expertise within areas of security testing, architecture, governance and compliance, digital forensics and security transformation.

We are seeking individuals to fill a variety of positions focused on development and implementation of reusable security patterns across on premise and cloud infrastructures. These positions will assist in requirements gathering, threat modeling, and architectural review of DevOps and InfraOps pipelines, as well as client network and application architectures. These individuals will conduct workshops and other support activities to aid clients in establishing and reviewing reusable security patterns in hybrid- and multi cloud- environments. Finally, these individuals contribute to internal code repositories established to deploy and configure client infrastructure based on defined security requirements, primarily leveraging Terraform and Ansible.

At RSM, Directors work with large and small companies in variety of industries. They develop strong working relationships with clients built on understanding their businesses and challenges facing the organization. Managers work on multiple team engagements each year, including several facets of any particular project—not just a single area of focus. Working in a mutually respectful team environment helps our Managers perform at their best and integrate their career with their personal life.

You will have the opportunity to:

• Lead development of enterprise security architecture solutions spread across on premise and cloud platforms
• Create cloud based programs, performing threat simulations to detect possible risks, and providing security recommendations on topics like micro services design or application development
• Develop security controls and processes for products developed and deployed in cloud environments
• Provide instruction and direction on secure cloud based coding concepts
• Develop in-depth security architecture, design and coding standards across infrastructure, application and data security, to drive a standardized set of security requirements, and align with internal policies and meet external compliance/regulatory requirements
• Perform threat modeling, conduct reviews of security architecture and platform/service designs, and audit source code
• Develop security tools and automation using Ansible and/or Terraform playbooks
• Develop and deliver security training to clients and internal teams
• Support for mentoring, team building and recruiting activities

Basic qualifications for a Director position include:

• Minimum B.A. or B.S. degree or equivalent from an accredited university by the time employment commences
• Computer science, information technology, information systems management, or other similar degrees preferably with a focus on information security
• Strong working knowledge of computer network technologies, protocols and topologies
• Proficiency with a variety of cloud platforms including AWS, Azure and Google
• The ability to interpret and convey technical information through written and oral communications to all levels of technical aptitude, including senior management
• High degree of integrity and confidentiality, as well as ability to adhere to company policies and best practices
• Possess a strong internal drive and motivation for continuous improvement

Beneficial, but not required, qualifications for a Director-level position include:

• Practical hands-on or lab experience with traditional network infrastructure, servers, storage, a network and virtualization software, as well as cloud concepts such as containers, dockers, kubernetes, etc.
• Experience with testing and development frameworks, with regards to their applicability to cloud environments, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115
• Familiarity with security testing techniques such as network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, and configuration reviews
• Familiarity with the application of security and privacy provisions to cloud environments across a variety of regulations and standards such as PCI, ISO 27000 series, NIST SP 800 series, etc.