Cybersecurity Manager and Penetration Tester

Grant Thornton 10/25/2019 6:29:48 AM
JOB ID: 045131 Specialty:
New York City, New York




Grant Thornton is collaborative, entrepreneurial and on the move. As part of a dynamic global organization of 47,000 people serving clients in more than 140 countries, we have the agility and focus it takes to be a leader.

Cybersecurity Manager and Penetration Tester

Position Summary

Grant Thornton’s Advisory professionals are progressive thinkers who create, protect, and transform value today, so our clients have the opportunity to thrive and grow. Our advisory practice creates holistic solutions delivered by innovative, curious professionals who bring technical depth and industry insight to our clients. The Financial Advisory Services practice protects value.

The professionals in Grant Thornton's Cyber Risk Advisory practice help organizations build cybersecurity strategy into their overall business strategy. This includes supporting our clients to identify and understand their cyber risk exposure, design and implement cybersecurity programs and solutions to mitigate cyber threats and protect their assets, and respond to cyber-attacks and incidents. Grant Thornton’s Cyber Risk Advisory practice is in high-demand and rapidly growing, offering a rewarding and challenging working environment and great career growth potential.

As a member of Grant Thornton’s Cyber Defense Solutions team, you will have the opportunity to collaborate with our clients and deliver technical consulting services with a focus on identifying cyber threats, vulnerabilities and risks and supporting the design and implementation of operational security strategies, solutions and architectures.

The manager role offers an excellent opportunity to leverage and display your technical knowledge and experience while broadening your business and project management skills. Responsibilities include end-to-end cybersecurity engagement management, performance of cybersecurity assessments, design and implementation of operational security solutions, and developing and supervising other Grant Thornton Cyber Risk colleagues.


Manage and lead the performance of technical cybersecurity assessments, including network penetration testing, red teaming, web application tests and vulnerability assessments.
Supervise and conduct cybersecurity control assessments in accordance with industry frameworks and leading practices.
Assist with the performance of compromise assessments to identify indicators of compromise within an organization’s network and systems.
Perform cyber threat and risk assessments.
Manage the end-to-end client engagement process, including planning, execution, and reporting.
Perform quality review of engagement fieldwork, results and deliverables.
Develop and present tailored recommendations to mitigate cyber threats and risks to both a technical and executive audience.
Supervise, train and mentor other Cyber Risk team members on client engagements and evaluate the performance of the staff for engagement reviews and year-end performance reviews.
Proactively interact with key client management to foster a positive relationship, gather information, resolve problems and make recommendations for improvements.
Work with clients to plan an engagement strategy, define objectives, and address cyber- related risks and issues.
Assist firm partners and senior management on business development opportunities and new client pursuits, including proposals and prospective client meetings.
Remain current and apply knowledge of cybersecurity trends and risks.
Participate in the firm's on-going recruiting efforts as needed.
Attend professional development and training sessions on a regular basis.
Adhere to the highest degree of professional standards and strict client confidentiality.
Other job duties as assigned.


Bachelor's and/or Master’s degree in Information Technology, Computer Science or Cybersecurity related field is required.
5+ years of related cybersecurity experience in a similar consulting practice or function, servicing cross- industry clients at a national level.
One or more of the following technical certifications is required: OSCP, OSCE, GXPN, GPEN.
One or more security industry certifications is preferred: CISSP, GSEC, CISM
Experience leading and performing network penetration testing and the successful exploitation of vulnerabilities. Exploit development is a plus.
Experience testing web applications for common security vulnerabilities as referenced by OWASP, including, but not limited to, input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues.
Experience performing vulnerability scanning with an enterprise vulnerability scanner.
Hands-on working experience with commercial and open source network and application security testing tools, such as Kali Linux, Nessus, Qualys, Core Impact, Metasploit, Webinspect, Burp Suite, NMAP and Wireshark.
Experience documenting technical testing and assessment results in a formal report format and presenting results to both a technical and executive audience.
Threat and compromise assessment and threat intelligence platform knowledge and experience is a plus.
Experience in reviewing security configurations of common network devices (routers, switches, firewalls) and server operating systems (Windows and Linux) is preferred.
Knowledge of TCP/IP and computer networking.
Understanding and working knowledge of common security frameworks (e.g., NIST CSF, CIS CSC, ISO 27001/2) is preferred.
Ability to supervise other firm staff and lead assigned projects effectively.
Exceptional client service and communication skills, with a demonstrated ability to develop and maintain outstanding client relationships.
Ability to manage multiple client engagements and competing priorities in a rapidly growing, fast- paced, interactive, results-based team environment.
Strong leadership, recruiting, training and mentoring skills, coupled with excellent verbal, written and presentation skills.
Excellent analytical, organizational and project management skills.
Ability to work additional hours as needed and travel on a regular basis to clients as required.


Grant Thornton LLP promotes a nationally recognized culture of health and offers an extensive array of benefits to meet individual lifestyles. For a complete list of benefits, please visit

Founded in Chicago in 1924, Grant Thornton LLP (Grant Thornton) is the U.S. member firm of Grant Thornton International Ltd., one of the world’s leading organizations of independent audit, tax and advisory firms. Grant Thornton has revenues in excess of $1.7 billion and operates 59 offices across the U.S., with more than 590 partners and 8,500+ employees in the United States and at our Shared Services Center in Bangalore, India.

Grant Thornton works with a broad range of publicly- and privately-held companies, government agencies, financial institutions, and civic and religious organizations. Core industries served include consumer and industrial products, financial services, not-for-profit, private equity, and technology. Grant Thornton focuses on serving dynamic organizations that pursue growth holistically — whether through revenue improvement, leadership, mission fulfillment or innovation.

It is Grant Thornton’s policy to promote equal employment opportunities. All personnel decisions, including, but not limited to, recruiting, hiring, training, promotion, compensation, benefits and termination, are made without regard to race, creed, color, religion, national origin, sex, age, marital status, sexual orientation, gender identity, citizenship status, veteran status, disability or any other characteristic protected by applicable federal, state or local law.

Requisition ID: 045131

New York City, NY
New York City, New York