We have an exciting and rewarding opportunity for you to take your software engineering career to the next level. Join our dedicated team in a role where your expertise in risk assessments and cybersecurity exercises propels forward our mission of safeguarding our operations and enhancing resiliency. This position offers the unique opportunity to shape our security posture and contribute to our continuous improvement in an environment that values innovation and teamwork.

As an Assessments & Exercises Senior Associate within Cybersecurity & Tech Controls team, you will help enhance the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Collaborate with the team to design and execute risk-driven tests and simulations. Evaluate preventative controls, incident response processes, and detection capabilities. Your ability to make informed decisions and foster continuous improvement will allow you to contribute to the achievement of the team's operational goals and the mitigation of cyber and resiliency risks.

• Collaborate with other Assessments & Exercises team members to conduct testing and simulations - such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations, and contribute to the development and refinement of assessment methodologies to ensure alignment with industry standards and regulatory requirements
• Partner with subject matter experts to evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation
• Develop comprehensive assessment reports, including detailed findings, risk assessments, and remediation recommendations, and effectively communicate these insights to relevant stakeholders as you contribute to decisions that yield continuous improvement
• Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to enhance the firm's assessment strategy

• Formal training or certification on Cybersecurity concepts and 3+ years applied experience
• Hands on experience in Windows/Linux/Unix/Mac operating systems; OS and software vulnerability and exploitation techniques; commercial or open-source offensive security tools for reconnaissance, scanning, exploitation, and post exploitation (e.g. Cobalt Strike, Metasploit, Burp Suite); networking fundamentals (all OSI layers, protocols); DevOps; incident response; threat hunting; and familiarity with interpreting log output from networking devices, operating systems, and infrastructure services
• Experience in common cybersecurity threats and technology resiliency risks pertaining to the US financial services sector
• Proficient in Intelligence Community/Security Services background, relevant certifications such as those offered by Offensive Security (OSCP, OSEP, OSWE, OSED, OSEE, OSCE), CREST (Certified Simulated Attack Specialist, Registered Penetration Tester, Certified Infrastructure Tester, Certified Simulated Attack Specialist), SANS (GPEN, GXPN, GWAPT), knowledge of malware packing, obfuscation, persistence, exfiltration techniques, and understanding of financial sector or other large security and IT infrastructures
• Demonstrated collaboration, communication (written and verbal), and executive reporting skills, with the ability to work effectively with cross-functional teams and convey complex cybersecurity concepts and recommendations to diverse stakeholders

• Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
• Experience with Agile and can work with at least one of the common frameworks is highly desired.
• Knowledge/experience in modern programming language