Cybersecurity Consultant

Location: Hybrid Salt Lake City, UT or Remote, US 

Who We Are 

Legato Security is an information security firm founded upon the belief that every organization has the right to keep its data private and secure. Our mission is to build close partnerships with our clients, serving them not as just a vendor, but as trusted advisors helping to build effective, proactive plans. Our focus is always on both the technical and human elements within an organization. We believe in comprehensive strategies designed to harden networks, deflect attackers, and rapidly recover from any accidents. As technology progresses, so do our tactics, ensuring our experts are always prepared to serve forward-looking leaders eager to stay ahead of emerging threats. 

Position Overview 

Legato Security is a seeking a consultant to take on an exciting role in Salt Lake City, UT. The successful candidate will work directly with clients, internal staff, and third-party vendors to evaluate cybersecurity best practices, compliance, procedures and tools. The successful candidate will understand many different compliance frameworks, understand security risk and controls, and will have in-depth knowledge of general security best practices. Previous vulnerability management, patching, risk management, compliance, and best practices evaluation is required. Growth opportunities are likely for a candidate who can hit the ground running, is a self-starter, and who can demonstrate excellent analytical, communication, and critical thinking skills. Growth within this team includes senior consultant, manager and director roles. 

Specific Job Responsibilities 

The consulting team supports our internal cybersecurity program as well as our client’s program needs.  Job responsibilities will vary based on the consulting role, but can include any of the following: 

• Internal: Conduct regular vulnerability assessments for customers using industry standard tools. Analyze the scan results and compile reports to help customers prioritize remediation efforts within their environment 
• Customer-facing: Work with customers to communicate their vulnerability presence and help them prioritize remediation efforts within their environment 
• Internal: Develop and maintain a patch management strategy in alignment with customer needs 
• Internal: Schedule and deploy patches to systems and applications in accordance with customer needs 
• Internal: Track remediation and patching efforts using vulnerability scans to confirm successful remediation 
• Internal: Participate in internal audit and compliance processes and work with third party auditors to meet compliance obligations 
• Internal: Perform internal risk assessments, and work with the team to implement controls and close identified gaps 
• Internal: Manage internal controls to meet compliance obligations such as policy and procedure, quarterly checks, and access auditing 
• Internal: Mange third party vendor risk management process for all vendors Legato Security utilizes or partners with 
• Client-facing: Perform risk assessments using many security and compliance frameworks on client infrastructure as part of client engagements 
• Client-facing: Write and deliver risk assessment reports with identified controls gaps and recommended remediation 
• Client-facing: Perform specific compliance framework gap assessments in client requirements as part of services engagements 
• Client-facing: Perform penetration, cybersecurity control and incident response testing activities 
• Client-facing: Perform incident response and remediation activities 
• Internal and Client-facing: Monitor and manage ongoing assessment controls and tools to determine additional risk in real time 
• General: Keep up to date with compliance framework changes, regulatory updates, and laws that may affect internal or client compliance and risk 

 Qualifications 

• Bachelor’s degree or equivalent experience in compliance, risk management, information technology, cyber security, or another related field 
• Minimum 2 years’ experience working in cybersecurity risk assessments, controls alignment, penetration testing, incident response, and/or third-party vendor risk management 
• Experience in Vulnerability Analysis and Patch Management 
• Excellent written and verbal communication skills 
• Demonstrable analytical and problem-solving skills 
• Understanding of many different compliance frameworks and regulations (NIST, CMMC, ISO27K, PCI DSS, HIPAA, GDPR, CPRA, FERPA, HITRUST, FedRAMP, SOX, etc.) 
• Understanding of cybersecurity best practices and ability to keep up to date on new recommendations 
• Ability to differentiate between different compliance frameworks and how they may apply to client environments differently 
• Previous experience working with outside clients is highly desirable 
• Security certifications such as CISSP, CRISC, CISA, CQA, CEH, etc. is highly desirable 

Compensation 

We conduct ongoing market research to ensure competitive pay at all levels. The compensation range for this role is $75-80k/year DOE. 

Perks 

• Start-up company in a growth phase with opportunity for advancement based on performance 
• Start-up culture with an office in downtown Salt Lake City, UT 
• Competitive medical and dental benefits for employee and family members 
• Other company-provided benefits such as short-term disability, basic life insurance, children’s orthodontia, with additional voluntary benefits available, and 401K match 
• Flexible Paid Time Off policy 
• Professional Development opportunities specific to role 

Embark on a journey where your skills are valued, your growth is fostered, and your voice is heard. At Legato Security, we understand that diversity is the key to innovation. Our hiring process is designed to provide a transparent, consistent, and uniform experience for all applicants, mitigating unconscious bias every step of the way. We foster a culture of belonging, where each team member is an integral part of the Legato community.  

Legato Security is an equal-opportunity employer.