Cyber Testing Director

We are the leading provider of professional services to the middle market globally our purpose is to instill confidence in a world of change empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled inclusive culture and talent experience and our ability to be compelling to our clients. Youll find an environment that inspires and empowers you to thrive both personally and professionally. Theres no one like you and thats why theres nowhere like RSM.

The RSM USI supports RSM U.S. risk consulting transaction advisory technical accounting financial consulting technology and management consulting tax and assurance engagement teams by providing access to highly skilled professionals for repeatable business processes over an extended business day. USI is a member of RSM International the sixth largest global network of independent accounting tax and consulting firms. RSMs vision is to be the firstchoice advisor to middle market leaders globally. You will work directly with clients key decision makers and business owners across various industries and geographies to deliver a topquality client experience. RSM is a diverse and inclusive place where you will work as part of a team while being valued as an individual mentored as a future leader and recognized for your accomplishments.

Risk Consulting helps clients across various industries by addressing the increasingly complex strategic operational compliance and governance challenges faced by those responsible for managing or overseeing dynamic businesses. Risk Consulting major offerings includes AML & Regulatory Compliance; ERP Advisory; Automation and Analytics; Enterprise Risk Management; Internal Audit; SOX Advisory; Contract Compliance; Credit Reviews; Information & Technology Audits; Cybersecurity risk management; Thirdparty risk management; IT due diligence; SOC1 / SOC2; Security and Privacy Risk; Governance Risk and Compliance; PCI; Cyber Transformation; Manage Security Services; Secure Architecture Solutions; Cyber Testing; Digital Forensics and Incident Response; and Cyber Threat Intelligence.

Qualification and Minimum Entry Requirements

• Bachelor or Master degree in computer science with a minimum of 10 years in cyber security domain
• Technical background in networking/system administration security testing or related fields
• Indepth knowledge of TCP/IP
• Good knowledge of Perl Python Bash or C experience
• Operating System Configuration and Security experience (Windows HPUX Linux Solaris AIX etc.
• Configuration and Security experience with firewalls switches routers VPNs
• Experience with security and architecture testing and development frameworks such as the Open Web Application Security Project (OWASP) Open Source Security Testing Methodology Manual (OSSTMM) the Penetration Testing Standard (PTES) Information Systems Security Assessment Framework (ISSAF) and NIST SP800115
• Familiar with security testing techniques such as threat modeling network discovery port and service identification vulnerability scanning network sniffing penetration testing configuration reviews firewall rule reviews social engineering wireless penetration testing fuzzing and password cracking and can perform these techniques from a variety of adversarial perspectives (white grey blackbox)
• Commercial Application Security tools experience (Nessus Nexpose Qualys Appdetective Appscan etc.
• Open source and free tools experience (Kali Linux suite Metasploit nmap airsnort Wireshark Burp Suite Paros etc.
• One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA CEPT CPTE CPTS etc)
• In addition one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals (CISSP); Certified Information Systems Auditor (CISA); Certified Information Security Manager (CISM)
• Strong leadership and communication skills technical knowledge and the ability to write at a publication quality level in order to communicate findings and recommendations to the clients senior management
• Must possess a high degree of integrity and confidentiality as well as the ability to adhere to both company policies and best practices

Technical Requirements

• Web application penetration testing experience familiarity with Burp OWASP Top 10 etc
• Ability to recognize and validate significant findings past initial scanning/recon
• Web Services penetration testing (RESTful CURL and SOAP)
• API penetration testing experience
• Conducts periodic scans of networks to find and detect vulnerabilities
• Lead scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel
• Report generation that clearly communicates testing and assessment details results and remediation recommendations to clients
• Develop scripts tools and methodologies to automate and streamline internal processes and engagements
• Conduct IT application testing cybersecurity tool and systems analysis system and network administration and systems engineering support for the sustainment of information technology systems (mobile application testing penetration testing application security and hardware testing)
• Conduct cloud penetration testing engagements to assess specific workloads (i.e. AWS GCP Azure containers or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving permission from client stakeholders
• Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyberattacks including response and recovery of a data security breach
• Maintain a firm grasp on the industry and anticipate trends and movements while balancing maturity and timing
• Performs client penetration testing to find any vulnerabilities or weaknesses that might be exploited by a malicious party using opensource custom and commercial testing tools
• Expert knowledge of tools used for wireless web application and network security testing
• Working knowledge of CI/CD and SDLC deployment lifecycles and mechanisms
• Motivated selfstarter who loves to solve challenging problems and feels comfortable working directly with customers
• Excellent oral written communication and presentation skills with an ability to present client security sessions and security workshops to CLevel Executives and nontechnical audience
• Highly organized detailoriented excellent time management skills and able to effectively prioritize tasks in a fastpaced highvolume and evolving work environment
• Ability to approach customer and sales requests with a proactive and consultative manner; listen and understand user requests and needs and effectively deliver
• Comfortable managing multiple and changing priorities and meeting deadlines in an entrepreneurial environment
• Nice to have: Mobile application penetration testing experience
• Nice to have: Cloud penetration testing experience (AWS and Azure)

Soft Skills Requirement

• Ability to work independently under minimal supervision and within a team.
• Manage project tasks and deadlines within a multitime zone remote culture.
• 510 years of customerfacing consulting experience
• Ability to communicate complex vulnerability results and demonstrate proof of concepts for diverse audiences.
• 5 years of experience managing a diverse team of technical testers
• Proven experience improving technical quality of the team
• Report regularly to management on improvements and team challenges
• 710 years of experience working in a global environment with multiple time zones and adjusting to client needs in other countries
• Ability to train others and improve technical skills of a team

At RSM we offer a competitive benefits and compensation package for all our offer flexibility in your schedule empowering you to balance lifes demands while also maintaining your ability to serve more about our total rewards at

RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans and Indian Armed Forces Personnel status; predisposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation.

Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/ is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application interview or otherwise participate in the recruiting process please send us an email at .