Consultant, Cybersecurity Engineer Pen Testing

at Morgan Franklin
Location New York, NY
Date Posted July 9, 2020
Category Default
Job Type Full-time


MorganFranklin Consulting is a management advisory firm that works with leading businesses and government to address complex and transformational finance, technology, cybersecurity, and business objectives.

MorganFranklin's cybersecurity practice helps clients across the globe to solve their most critical cybersecurity needs. From consulting and implementation to managed services and project resourcing, we work to safeguard assets by identifying risks, developing and maturing cybersecurity programs, and implementing solutions that support and meet business goals. Custom tailored and business-aligned service offerings include:

  • Strategy and GRC
  • Cybersecurity Operations
  • Identity & Access Management
  • Incident Response & Risk Intelligence
  • Application Security
  • Managed Security Services Provider (MSSP)

What Will You Do?

Senior Cyber Security Engineer to join and enhance the Product Cyber Security team. The team is responsible for driving the product cyber security strategy to strengthen the cyber security posture of legacy products and services. The position covers different aspects of the product life cycle, including pre-development, development and post-release.

  • Work with global teams to ensure commitment to the cyber security strategy of minimizing flaws and improving product resiliency to cyber-attacks by ensuring adherence to the integrated secure development lifecycle process
  • Develop and maintain plans for legacy product assessment and remediation, creating risk categories and prioritizations and closely working with the business units to develop a clear plan for remediation
  • Interface with teams and share best practices and lessons learned

What Do You Need to Succeed?

  • 6+ years of Cyber Security Engineering and software systems development experience
  • In-depth experience and knowledge of requirements capture, cyber security threat modeling and systematic discovery of threats, as a part of Secure Development Lifecycle
  • Knowledge of different types of security vulnerabilities and safeguards at different layers of hierarchical systems, including the embedded layer and system layer
  • Experience enforcing cyber security standards for software architectures, including ensuring that security standards are properly addressed and developing risk mitigation plans
  • At least 2+ years hands-on experience with penetration testing methodologies and tools
  • Excellent written and verbal communication and presentation skills, including presentation planning and delivery skills
  • Cyber Security certifications such as Sec+, OSCP, CEH, CISSP, GSEC is a plus
  • Open to occasional travel post-pandemic**

This is a Vaco employment opportunity aligned to MorganFranklin's cybersecurity offering (Vaco LLC, dba "MorganFranklin Cyber").