Security Risk AdvisorsRemote
Senior Consultant, Advisory Purple
Pennsylvania, United States of America
Full Time
2 hours ago
Visa Sponsor
Key skills
Cyber SecurityLeadershipCommunicationCollaboration
About this role
Role Overview
- Lead Purple Team Exercises: Plan, execute, and manage purple team exercises to evaluate the effectiveness of security controls and improve the organization's defensive capabilities.
- VECTR Operations: Use the VECTR platform to document, track, and report on purple team activities. Ensure the platform is updated and maintained to reflect the latest testing methodologies and results.
- Test Preparation and Execution: Oversee the preparation, execution, and reporting of purple test cases. Ensure all activities are documented and outcomes are communicated effectively.
- Metrics and Reporting: Develop and track metrics for measuring test outcomes, including defense success metrics and trending over time to demonstrate improvements. Draft actionable observations and recommendations specific to client environments.
- Collaboration: Work closely with internal SRA teams, including Red and Blue, to integrate findings from purple team exercises into continuous improvement processes for each client.
- Client Interaction: Engage with clients to understand their security needs, provide insight into their tooling, and deliver top-tier customer service. Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.
- Training and Development: Provide training and guidance to team members on purple team methodologies and the use of VECTR.
- Research and Innovation: Use knowledge gained during purple team exercises to conduct research initiatives with the purpose of improving our services and giving back to the community.
Requirements
- Bachelor's degree in computer science, cybersecurity, information technology, or a related field OR equivalent experience.
- Minimum of 3 years of experience in cybersecurity, with a focus on technical assessments, defensive toolsets, tabletop exercises, and incident response.
- Strong understanding of red and purple team methodologies and best practices.
- Excellent communication and reporting skills, with the ability to present complex technical information to non-technical stakeholders.
- Punctuality and timely attendance to external client and internal stakeholder needs.
- Relevant certifications (e.g., OSCP, CRTO, CISSP) are a plus.
- Proficiency in using the VECTR platform for managing and reporting on purple team exercises.
Tech Stack
- Cyber Security
Benefits
- Work with Experts: Robust internal training program, plus Company-paid external training. SRA recognizes the value of professional development for employees. Therefore, we encourage our employees to pursue continuing education and role-specific training. Every SRA employee is eligible to attend one training per year paid for by SRA.
- Mental Health Services: SRA has partnered with BetterHelp to provide SRA employees with free mental health support. BetterHelp connects individuals with licensed therapists for chat, video, and phone sessions.
- Medical / Dental / Other (regular full-time employees only)
- Generous medical, dental, and vision benefits at different price points.
- Company-paid disability and life insurance.
- Company 401(k) plan including annual 3% safe harbor contribution.
- Free patient advocacy service that helps find care providers and resolve insurance queries.
- Free financial advising.
- Generous parental leave, sick leave, and vacation policies.
- Possibility to work remotely or with a flexible schedule when needed and approved.
- Company-paid cell phone with discounted accessories.
- 1-2-3 Give Program: 1. SRA will give $1,000 to a charity of your choice. 2. If you give an additional amount (up to $1,000), then 3. SRA will match that amount up to $1,000.
- Other discounted, employee-paid benefits including pet insurance, legal support, and voluntary life insurance.
(Subject to change)