Principal Consultant - Security Consultant

About Us:

NYSTEC is a nonprofit technology consulting company, advising agencies, organizations, institutions, and businesses since 1996. Were independent and vendor-neutral, so we have our clients best interests at heart. At NYSTEC, we know that we succeed when individuals and teams flourish personally and professionally, so our benefits and perks support that mindset.

About the Role:

As a security consultant in the Cybersecurity and Data Privacy Practice, you will collaborate with team members to conceptualize, deliver, and support our clients through todays ever-changing cybersecurity landscape. NYSTEC is considered a trusted advisor, partner of choice, and employer of choice. We believe that every interaction is an opportunity to deliver exceptional service that empowers client success!

Serving as a security consultant, your day-to-day role will include performing National Institute of Standards and Technology (NIST) 800-30 based risk assessments, NIST 800-53 based compliance assessments, assessments of systems and organizations that may include vulnerability scanning, web application scanning, cloud security controls assessments, and security educational outreach, as well as assessments of vendor systems. The successful candidate will have a demonstrated desire to learn and acquire new skills.

Key Responsibilities

• Organize project work into client presentations outlining findings and recommendations.

• Participate in internal, public (conferences), and client-facing meetings.

• Prepare reports and presentations.

• When necessary, assume full responsibility and accountability for executing projects or programs, including defining project roles and responsibilities, conducting project planning and tracking activities, and communicating project status upward and to client project managers.

• Proactively share information that will make colleagues and clients more successful.

• Provide feedback to management on team member performance.

• Mentor and lead colleagues.

• Champion the NYSTEC behaviors.

About You:

Required Qualifications

• Skills across multiple cybersecurity domains, well versed in the software development life cycle (SDLC) and assessment of risk.

• Able to understand the root causes of vulnerabilities and to articulate those in written and verbal communications to clients.

• Knowledge of and experience with the implementation and validation of security controls and security governance.

• Experience with NIST 800-30 style risk assessments and organizational cybersecurity maturity assessments.

• Knowledge of and experience with implementation of NIST 800-53 compliance controls.

• Knowledge of and/or training with Operational Technology (OT), Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems.

• Knowledge of ICS and OT vulnerability analysis.

• Knowledge and awareness of critical infrastructure risks and mitigation best practices.

• Ability to participate and collaborate in the business development and sales process by assisting with project proposals, presentations, and new client activities.

• Willingness to seek knowledge and expertise through professional development within your specialty and follow up with action to improve quality and establish best practices.

• Ability to foster strong relationships with clients.

Desired Qualifications

• Experience with vulnerability discovery techniques and tools.

• Experience and training with cloud computing environments and security considerations.

• Experience with artificial intelligence (AI) enabled solutions.

• Experience with incident response and disaster recovery.

• Certified information systems security professional (CISSP) certification.

Education and Experience

• A bachelors degree in cybersecurity or a related field of study and 8 or more years of experience. An equivalent combination of advanced education, training, and experience will be considered.

• Formal cybersecurity training, certifications, or certificates.

The pay range for this role is $105,527 to $145,098.

It is NYSTEC's policy to provide equal employment opportunity (EEO) to all individuals, regardless of actual or perceived race, color, creed, religion, sex, or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), age, national origin, ancestry, citizenship status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, military service and veteran status, sexual orientation, marital status, or any other characteristic protected by local, state, or federal laws and ordinances. NYSTEC is strongly committed to this policy and believes in the concept and spirit of the law.

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact