Cyber Security Consultant

Do you strive to make a difference? Goaco is looking to build a team to continue solving problems using software and technology for our clients. We are developers at heart – and by the mind too. We thrive on challenges and live for logical thinking. Formed over a decade ago, we have built on our successes, all of whom have benefitted from their level-headed software solutions. The team is all like-minded individuals, with a drive to succeed in their own fields.

ROLE OBJECTIVE

We are seeking a highly skilled Cyber Security Consultant with a strong background in penetration testing and network security. This role is ideal for a cybersecurity professional with experience in identifying, assessing, and mitigating security risks across various platforms. The consultant will play a critical role in evaluating and strengthening our clients’ cybersecurity postures by conducting in-depth security assessments, vulnerability analysis, and developing comprehensive security strategies.

RESPONSIBILITIES

• Conduct comprehensive penetration tests, vulnerability assessments, and security audits to identify risks and ensure compliance with industry best practices.
• Provide expert recommendations and solutions to mitigate identified vulnerabilities, enhancing client systems’ security postures.
• Investigate alerts and suspicious activity to determine if an incident has occurred.
• Contain affected systems and networks to prevent the incident from spreading.
• Implement temporary measures to mitigate the impact of the incident.
• Work with other teams, such as IT and security operations, to develop and implement a containment strategy.
• Analyse incident data to determine the root cause of the incident and identify recommendations for improvement.
• Document and report incidents to the incident response team and other relevant stakeholders.
• Develop and implement security plans, policies, and training to prepare the organization to respond efficiently and effectively to cyber threats.
• Travel to various client locations when required (potential international travel) and deliver high quality solutions (e.g. OT testing or other IT services).
• Collaborate with client teams to develop, document, and implement security policies, standards, and guidelines aligned with industry standards (e.g., ISO 27001, NIST).
• Assist in the deployment, configuration, and management of security infrastructure and technologies, including firewalls, intrusion detection/prevention systems, and secure network architectures.
• Provide guidance and support on Azure security practices, leveraging expertise in Microsoft Azure security frameworks and best practices.
• Stay updated with the latest cybersecurity threats, trends, and regulatory changes, proactively advising clients on necessary adjustments to their security strategies.
• Produce detailed and accurate reports on penetration testing findings, including risk levels, remediation steps, and strategic recommendations.

EXPERIENCE:

• Minimum of 4+ years of experience in cybersecurity, specifically in penetration testing and Incident Response, vulnerability management, and risk assessment.
• Public Sector experience, ideally MOD, MOJ, Must be SC clearable.
• Proven hands-on experience with tools such as Metasploit, Burp Suite, Nessus, and Wireshark.
• Strong understanding of network protocols, firewall configurations, and secure network design.
• Proficiency in scripting languages (e.g., Python, Bash, PowerShell) to automate tasks and streamline processes.
• Hands-on experience of vulnerability assessments, Incident response, penetration testing, threat hunting and compromise assessment.
• Experience collaborating with Sales teams as a pre-sale’s cyber security consultant.
• Experience working in Energy or Construction industry projects is a plus.
• Experience in writing technical proposals along with other teams to deliver robust statement of works for client sign off.

CERTIFICATIONS:

• CCNP/CCNA is nice to have.
• CREST/OSCP is nice to have.
• Microsoft and/or other cloud providers.
• ISO 27001 Lead auditor is a nice to have.

SKILLS:

• Working knowledge of cloud security architecture, specifically within Azure (or other Cloud platforms).
• Familiarity with security frameworks and compliance standards such as NIST, GDPR, PCI-DSS, DESC ISR.
• Strong problem-solving skills, with the ability to think creatively to solve complex security challenges.

BENEFITS:

• Competitive Salary: Base salary commensurate with experience, plus performance-based incentives.
• Career Progression: Clear pathways for career development and progression within the company.
• Training & Development: Ongoing training and development opportunities to help you grow in your role.
• Supportive Culture: Join a collaborative, friendly, and ambitious team that values work-life balance.