Crowe’s Risk Consulting Practice is one of the firm’s five business units. Risk is aligned by competency centers including Internal Audit, Regulatory Compliance, IT Audit, and Security & Privacy. Crowe’s approach to Information Security Services starts with the projects performed inside the Crowe Center for Cyber Security. Within Crowe, this Center specializes in delivering enterprise security services targeted at providing value that is customized to client environments and business processes.
Crowe recognizes that highly technical engagements, such as Penetration Testing and IT Forensic Assessments, require significant investments of both key personnel and resources. Crowe has not only created a dedicated Security and Privacy team of 30 specialized individuals, but also focused that team to establish the Crowe Center for Cyber Security. This Center includes two dedicated penetration testing and research laboratories that serve as a foundation in technology assessment services, ensuring that our team stays on the cutting edge of the security field.
Crowe has an internship opportunity available within its Risk Consulting practice for the Security and Privacy (S&P) competency center. The S&P team members are the technical leaders of the firm that assist community, regional, national, and international clients address their security concerns. Crowe’s clients traverse all industries such as financial, government, healthcare, insurance, transportation, power, and industrial organizations.
The S&P team is comprised of individuals with diverse expertise in assessing the security of our client’s environments at all layers, including platform and server, network and infrastructure, applications and databases, mobile technology, virtualization, and security technologies such as malware/anti-virus, DLP, and encryption. On an annual basis we also conduct 300 engagements that simulate attacks from either outside or inside our client’s networks. Our approach goes beyond vulnerability scanning – we actively investigate and attempt to compromise data on systems in the same manner taken by an attacker. We also provide social engineering services to test the human element of security weakness. Additionally, S&P provides consultative services, such as detailed risk assessments to identify and quantify and diagnose potential risks; data protection assessments to help organizations identify, classify, and protect data; and Third Party assessments to evaluate a client’s third party program, and/or perform a security assessment of a particular vendor relationship.
As a member of the S&P team, you will be working with our client’s network and system administrators, information security teams, Internal Audit, and the C-Suite on a weekly basis with the goal to enhance their IT environments overall security posture.
Be responsible for supporting IT Security and Privacy projects that include but are not limited to:
Internal and External Penetration Testing (including wireless security and social engineering)
Reviews of operating system security (including Microsoft Windows, Active Directory, and *NIX)
Reviews of network architecture and security of various industry accepted networking platforms
Physical Security and Workstation Configuration Reviews
Database, Virtualization, Mobile Device, and Web Server Security Reviews
Prepare client deliverables including reports or other necessary documentation to support the work performed
This is a fast-paced environment with a high learning curve; however, we value on-the-job training immensely so if you are willing to learn, we are willing to teach. You will be exposed to a variety of technologies in different environments
Willing and able to be a pro-active team member
Expect to travel (60%) regularly throughout the continental US (some international travel does exist)
Capable of independently managing time and able to prioritize tasks in a fast-paced environment
Passion for Information Security
Daily opportunities to expand technical expertise as well as improve communication skills as you perform security assessments and present observations to upper management executives
Real world experience in multiple diverse live client environments
Travel Points (Airline, hotel, etc. points that you earn when you travel you keep)
Competitive hourly wages (field + travel time) including overtime pay
Desirable Pre-requisite Knowledge:
Information security industry standards and concepts including the OSI model
Basic understanding of TCP/IP, routing, switching, and Internet architecture
Microsoft Windows Servers and Workstations
Microsoft Active Directory
Experienced with common firewalls and network controls
Web Applications and Web Servers (Microsoft IIS, Apache)
Databases (SQL, Oracle, etc.)
Willing to travel 60% annually
Junior or senior pursuing academic degrees in one of the following preferred majors or similar background; focus on security or specific technology would be beneficial but not required:
Computer Information Systems
Management Information Systems
Minimum Major & Cumulative GPA of 3.0 required. Minimum Major & Cumulative GPA of 3.2 preferred
Crowe Horwath LLP (www.crowehorwath.com) is one of the top 10 public accounting and consulting firms in the United States. Under its core...