Consultant Development Program (Fall)

Consultant Development Program

at Tevora

Irvine, CA and Fairfax, VA - DC Local

Oct 1st, 2024, to November 29th, 2024.

If you haven't heard of Tevora, it's because we've done our job!

Tevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you.

What's the role? We are pleased to announce we are entering into our Fall Cohort for our Consultant Development Program. Our program is an immersive paid-training program designed to help you strengthen the technical and professional skills you'll need to enter the workforce as a full-time Information Security Associate. Our anticipated start date of this cohort will begin on Oct 1st, 2024, to Nov 29th, 2024. Tevora University & Mentorship Program

• Practice Disciplines and Consultant 101 taught by Managing Directors
• Taught curriculum involves independent study and hands-on project work with mentoring from experienced Consultants and Practice Leads

A day in the life could include:

For the practice areas that you choose to explore, your expected activities and responsibilities include:

• Research emerging information security risk, privacy, and compliance topics for white papers and knowledge sharing
• Analysis of client organizations to investigate and identify information security risks and security control vulnerabilities
• Assist with researching risk treatment and vulnerability remediation for client reports
• Joining interviews with various clients' subject matter experts to assist in data collection
• Assist in template and procedure creation for Compliance and Risk solutions
• Assist in report writing and delivery of client reports
• Learning about National and International standards, frameworks, and legislations that govern the industry, such as ISO 27000, SOC, HIPAA, PCI DSS, GDPR, and NIST.

Please review our different practice areas:

Federal (FED)

• Work with organizations connected to the Federal Government, such as defense contractors, financial institutions, and telecommunication systems, to develop and maintain information security programs that adhere to the standards of the Federal Government.
• Conduct assessments, develop Governance programs, and provide General Advisory Services to help navigate Federal Government standards including:
  • Federal Information Security Management Act (FISMA)
  • Federal Risk Authorization Management Program (FedRAMP)
  • Defense Federal Acquisition Regulation Supplement (DFARS)
  • North American Electric Reliability Corporation (NERC)
  • New York State Department of Financial Services (NYDFS) Cybersecurity Maturity Model (CMMC)State Risk Authorization Management Program (StateRAMP)

Enterprise Risk Management (ERM)

• Aid in the development and maintenance of Enterprise Risk Management programs for organizations across all industries
• Conduct Enterprise Risk Assessments and analyze potential exposure at a strategic level
• Perform Vendor Risk Assessments on behalf of client organizations
• Develop Governance frameworks and Strategies for managing information security
• Provide General Advisement Services to help organizations adequately address information security risks upon changes to strategic initiatives, projects, and infrastructure architecture

Healthcare (HLC)

• Work with hospitals, clinics, insurance companies, medical device manufacturers, and many other technologies service organizations in the Healthcare industry to ensure the protection of Protected Healthcare Information (PHI)
• Perform organizational security posture and control assessments against Healthcare organizations to validate adequate protection of sensitive healthcare data and ensure compliance against HIPAA and HITRUST.
• Provide General Advisement Services to help organizations navigate and implement HIPAA and HITRUST compliance upon changes to strategic initiatives, projects, and infrastructure architecture.

Incident Response (IR)

• Participate in the incident response lifecycle and gain familiarity with relevant methodologies, including detection, analysis, remediation, and deployment of countermeasures
• Learn how to use common enterprise security tools and techniques during a computer security investigation
• Participate in SOC mentoring and skill-sharing programs
• Participate in the analysis of and response to computer network intrusions, web application and server attacks, and insider threats, as appropriate
• Participate in business process documentation, metric reporting, and process automation
• Participate in threat intelligence research and process documentation
• Complete other tasks as assigned by your assigned Mentor or Team Lead

Threat (TRT)

• Participate in Internal and External network penetration tests
• Participate in Web application penetration tests
• Study penetration testing methodologies and spend time in training labs
• Shadowing of penetration testers and learning in real-world scenarios
• Remediation validation and reporting support
• Writing executive and technical summaries of test results and activities
• Communication of test status and findings with clients
• Complete other tasks as assigned by your assigned Mentor or Team Lead

DevOps

• Be part of a product development team supporting two business owned services
• Exposure to the complete software development lifecycle
• Participate in the daily scrums reviewing current Tasks (tickets).
• Participate in Agile ceremonies, including sprint planning, daily stand-ups, ticket refinement and retrospectives.
• Collaborate with QA team members to troubleshoot and resolve software defects and issues.
• Support and maintain existing software applications by troubleshooting and resolving bugs, and implementing enhancements as needed.
• Build unit tests using Cypress and Jest
• Complete other tasks as assigned by your assigned Mentor or Team Lead

Necessary skills and qualifications:

The Developing Consultant (DC) is an up-and-coming part of the client-facing consulting team. DCs are responsible for helping in conducting project delivery activities based on their selected Tevora Information Security practice areas including: Enterprise Risk, Compliance, Solutions Implementation, and Threat Research. Interns are expected to continually develop their skills through personal development and Information Security industry participation.

Key Responsibilities

• Developing the technical and business skills required to perform billable work on projects as quickly as possible
• Learning about industry-standard certifications and their benefits
• Learning about National and International standards and frameworks like PCI-DSS, HIPAA, and ISO 27001
• Observing Implementations of enterprise security solutions
• Observing and helping with internal and external penetration testing and social engineering projects

Requirements

Every DC at Tevora is a technologist at heart but understands the critical intersection between business and technology. Foundationally, the ideal candidate will have basic familiarity with:

• Networking concepts like firewalls, routers, switches, and DNS
• Computer troubleshooting and server systems administration
• Business planning and accounting
• Any knowledge of compliance frameworks is a plus

Abilities

• Multi-tasking and time management skills
• Dynamic, enthusiastic, and excellent interpersonal skills
• Excellent writing both expository and technical documentation
• Intermediate working knowledge of Excel and Word
• Self-starter who likes to tinker and learn on their own

Education and Experience

• Bachelor's Degree from an accredited 4-year university (or Military equivalent)
• Currently enrolled at an accredited 4-year university (or Military equivalent)
• IT, Cybersecurity, and Information Security certifications a plus

We've got you covered!

• Sick Time Off
• Vibrant work culture
• Career advancement opportunities

Additional requirements:

• A valid driver's license is required.
• Eligibility to work in the United States.
• Required to work onsite at our Fairfax, VA or Irvine, CA location.

Thank you for your interest in our Consultant Development Program (CDP). If you are selected for this program, you will become a Developing Consultant with us. This opportunity will challenge and motivate both your aptitude and attitude in Cyber Security. Successful completion of our program as a Developing Consultant may lead to a full-time offer as an entry-level Information Security Associate.

EEOC Statement

Tevora is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, disability status, or other applicable legally protected characteristics.