Job Description:

Our client is a phenomenal SEC registered Investment Advisor and Consulting Firm seeking a Senior Information Security Engineering Consultant for their Midtown Manhattan Office.Want to make an application Make sure your CV is up to date, then read the following job specs carefully before applying.Title: Information Security EngineerRole Overview:The ideal candidate will possess a broad knowledge of various systems and applications, including familiarity with operating systems, networks, cloud solutions, and new security threats. As a proactive participant alongside IT infrastructure, software development teams, and security operations, this individual will work to identify and address vulnerabilities and reduce the organization's exposure to security threats.The role is a hybrid structure (3 days in-office, 2 days remote).Responsibilities:Proactively lead efforts to educate, guide, and work with technology management and various departments to safeguard the organization.Regularly update on vulnerability status including its criticality, likelihood of exploitation, impact on business, and corrective measures to both security and IT leadership teams.Address vulnerabilities in all digital assets of the company, ensuring protection against both internal and external security threats that could lead to data breaches.Maintain collaboration with various teams to adopt practical solutions, ensuring a timely response to pressing issues.Support both strategic and tactical cybersecurity initiatives from IT leadership to identify and mitigate risks in applications and infrastructure.Promote change by focusing on automation, innovation, and improving operational efficiencies to pinpoint and correct weaknesses within the company.Key Responsibilities:Monitor vulnerabilities across applications, endpoints, databases, network environments, mobile, and cloud services.Collaborate with IT and security teams to oversee systems exposed to internal and external stakeholders, ensuring vulnerabilities are identified, tracked, and resolved.Aid IT operations in addressing system and application vulnerabilities.Offer expert advice to clients on strategies and tactical implementations of vulnerability management programs.Continuously identify, assess, and rectify vulnerabilities across all company assets.Establish priorities for fixing vulnerabilities based on their severity, exploitation likelihood, impact, and exposure to business risks.Document, prioritize, recommend, validate, and report on vulnerability conditions.Work in a hybrid team with peers in offensive and defensive roles, operations, threat intelligence, and risk management.Suggest tactical measures to minimize risks, contain threats, and deter attackers.Advise infrastructure teams on remediation strategies to mitigate new threats and validate the company's defensive stance.Qualifications:Minimum of three years' experience in security operations, vulnerability management, or IT operations.Proficiency with both commercial and open-source tools for managing vulnerabilities.Knowledgeable in operating systems like Windows and *nix, endpoint solutions, and networking fundamentals.Experience with cloud platforms such as AWS, Azure, or Google Cloud is preferred.Capable of influencing technical and business teams to reduce vulnerabilities.Understanding of key security standards such as CIS, NIST, ISO, PCI, HIPAA, and GLBA.Advanced understanding of operating systems, applications, infrastructures, and cloud services.Strong communication skills, able to interact effectively at all levels of the organization.Bachelor's degree in cybersecurity, computer science, engineering, or a related field is preferred.Certifications such as GEVA, GSOC, GCIH, CISSP are advantageous.