Who we are
S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges.
We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.
But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day.
We’re excited you’re thinking about joining us.
Working in cyber at S-RM
Our Cyber Security team is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Managed Services, Risk & Resilience, and Incident Response practices are in more demand than ever.
We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve. We don’t get too hung up on hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them. If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back.
We also don’t believe there’s a typical cyber security professional. We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and expertise to help you learn and grow.
If that sounds like your kind of team, we’d like to hear from you.
The role
Our Offensive Security Consultants support our delivery consultants running our offensive security services. They help to interpret client challenges, innovate solutions, and deliver findings. Our aim is to become trusted advisors to our clients.
You will work across the full spectrum of our pen testing services, whether point in time or continuous, as well as participate in larger engagements such as red teams. You will help our clients to build cyber resilience, enhance their understanding of the threat landscape and become better prepared to face dynamic and evolving security risks.
1.1 MAIN DUTIES AND RESPONSIBILITIES
Client Engagement and Account Management
Engage with clients to understand their cyber security challenges
Translate client challenges into solutions that fit S-RM’s Offensive Security service offering and value proposition
Develop an understanding of delivery timelines, project resourcing requirements and pricing
Understand S-RM’s proposal process and lead on proposal writing and presentations in some cases
Contribute to the expansion of client accounts and winning of new business
Gain an understanding of S-RM’s target sectors and industries
Offensive Security
Penetration testing
Vulnerability assessments and monitoring
External infrastructure
External Attack Surface Management
Web application
API pentesting
Phishing and spear phishing
Internal pentesting
Mobile application pentesting (Android and iOS)
OT Pentesting
IOT Pentesting
Cloud Pentesting
Open-Source Intelligence (OSINT) gathering
Configuration Reviews
Cloud configuration review
Application configuration review
Hardware build review
Firewall review
Delivery & Client communications
Deliver findings in a range of formats, including written reports, presentations, and verbal briefings
Threat Intelligence
Keep abreast of threat intelligence developments, threat actor activity and security industry developments in mitigations and tooling
Develop and deliver client threat profiles, threat assessments and dark web analysis
Project Management
Support vCISO engagements, accessing the full range of S-RM’s resources and expertise
Collaborate with incident response, ethical hacking, and digital forensics teams to integrate our services and support to clients
Support the delivery of retainer relationships
Support the delivery of the Attack Surface Management (ASM) service
Internal Initiatives and Strategy
Support internal initiatives on product development, process management, tech enablement, efficiency and exploring different ways to support clients
Contribute to the adaption of security frameworks to create innovative products
Challenge received wisdom and existing products and services. Suggest alternative approaches where appropriate
Develop documentation and evolve the testing methodologies where applicable
Professional Development and Domain Knowledge
Commit to continuous professional development and personal knowledge improvement across the full range of cyber security competencies, in line with personal utilisation targets (see Objectives)
Complete up to one formal training course over the financial year. This is beyond internal training sessions
Share knowledge with the wider team in line with company values, including contributing to internal training initiatives and programmes
Our benefits
We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, including:
S-RM is a global intelligence and cyber security consultancy. Founded in 2005, we have 400+ practitioners spanning nine international offices, serving clients across all regions and major sectors.
We support our clients by providing intelligence that informs critical decision-making and strategies, from investments and partnerships through to disputes; by helping organisations build resilience to cyber security threats; and by responding to cyber-attacks and organisational crises.
Client focus is at the heart of what we do. Our advice is direct, honest and objective. We deliver actionable results for our clients by bringing together the best talent and creating teams designed to address unique problems and complex challenges.
For more information: www.s-rminform.com
