Back to Job Search Results

Security Consultant

Date Posted: 10/30/2024

Job #1667971
Contract
Provo, Utah

Position Overview: We are seeking a proactive and knowledgeable Security Consultant to join our team for a short-term project aimed at assessing and enhancing our security posture. The consultant will be responsible for conducting thorough vulnerability scans, implementing quick fixes, and providing strategic recommendations for future improvements. This engagement is expected to last 3-6 weeks, with a target completion by mid-December.

Key Responsibilities:

  • Conduct a comprehensive vulnerability scan of the corporate office and local environment.
  • Assess the configuration and security of Sophos firewalls and the VPN tunnel to Yardi CRM.
  • Evaluate the Office 365 (O365) environment, assisting with hardening measures to secure sensitive data and applications.
  • Perform a network scan to identify potential vulnerabilities and security gaps.
  • Review existing Multi-Factor Authentication (MFA) mechanisms and endpoint protection strategies.
  • Analyze current administrative roles and policies for security effectiveness.
  • Identify vulnerabilities and execute immediate "quick fixes" where necessary (e.g., correcting firewall policy misconfigurations).
  • Advise on risk mitigation strategies and help prioritize necessary changes.
  • Consult on the development of a roadmap for security enhancements for Q1 and Q2 of the following year.
  • Guide the organization through the SEC filing process, ensuring compliance by the end of Q2 2025, and assess the potential need for a SOC evaluation in the future.
  • Determine the necessity and scope of a penetration test, including which areas should be tested early next year.

Must-Haves:

  • Proven experience in planning and conducting O365 vulnerability and security assessments.
  • Hands-on experience with network scanning tools and techniques.
  • Familiarity with the O365 suite, VPN configurations, and firewall management (experience with Sophos preferred, but varied firewall experience is acceptable).
  • Understanding of VPN tunneling, keys, and authentication methods.
  • Proficient in Intune, MFA, and endpoint protection technologies.
  • Strong background in networking and infrastructure, with an emphasis on security—not solely focused on cybersecurity.
  • Recent experience working in small environments (maximum ~500 personnel).
  • Comfort with ambiguity and the ability to effectively communicate potential risks and improvements to clients.

Duration: 3-6 weeks, with a completion target by mid-December.

Apply Now

Accepted file types are DOC, DOCX, PDF, HTML, and TXT.

Mandatory questions are indicated. All other questions are optional. I agree that any sensitive personal information I voluntarily provide in response to optional questions will be handled in accordance with the Global Privacy Policy. I acknowledge and agree to receive communications from Korn Ferry via phone, SMS and email (message frequency varies, SMS message and data rates may apply). I am not a citizen of, ordinarily resident, or physically located in Cuba, Iran, North Korea, Syria, or the Crimea, Donetsk, or Luhansk regions of Ukraine nor ordinarily resident or physically located in the Russian Federation. I understand that I can withdraw this consent at any time by contacting privacy@kornferry.com.