[REMOTE] Consultant, Cybersecurity Engineering

BARR Advisory is a security and compliance solutions provider specializing in cybersecurity and compliance for organizations with high-value data that serve regulated industries such as healthcare, financial services, and government. Serving some of the fastest growing cloud-based organizations around the globe, BARR simplifies compliance across multiple regulatory and customer requirements.

BARR Advisory services include:

• Advisory & Managed Services
• GRC & Engineering
• Assessments & Testing
• Attestation & Certification

BARR services span all major security, privacy, and regulatory frameworks:

• SOC (SOC 1, SOC 2, SOC 3, and SOC for Cybersecurity)
• ISO Certification (27001, 27017, 27018, 27701, 42001, 9001, 22301)
• Healthcare (HITRUST, HIPAA)
• Government (FedRAMP, GovRAMP, CMMC, DFARS, NIST)
• Privacy & Data Protection (GDPR, CCPA, GBLA, PCI DSS, CSA STAR, Microsoft DPR)

As an Associate Consultant in Cybersecurity Engineering, you will play a hands-on role in supporting client security operations while also contributing to compliance and audit-readiness efforts.

This role sits within our Service Delivery team and is designed for a technical professional who enjoys working across both engineering and GRC environments. You’ll support clients through activities like incident response, vulnerability management, and cloud security, while also supporting clients by aligning their security programs to frameworks such as CMMC, FedRAMP, ISO 27001:2022, and SOC 2.

This is a strong fit for someone who enjoys variety, is eager to learn, and is interested in growing into a client-facing consulting role. Individuals who thrive in this role are detail-oriented, proactive, and able to translate technical work into clear, actionable insights for clients.

• →Respond to client security alerts by performing initial triage, containment, and documentation of security incidents
• →Execute vulnerability scans across client environments, analyze findings, and support remediation and patch validation
• →Review firewall rules and network configurations to ensure alignment with security policies and best practices
• →Support cloud security efforts across AWS, Azure, or GCP environments, including configuration reviews and hardening activities
• →Partner with the GRC team to support internal audits, gap assessments, and control testing for frameworks such as ISO 27001:2022 and SOC 2
• →Work directly with clients to collect, organize, and validate technical evidence for compliance engagements (SOC 2, ISO 27001:2022, FedRAMP, CMMC)
• →Translate technical findings into clear documentation, reports, and client-facing recommendations
• →Support multiple client engagements simultaneously while maintaining organization and attention to detail

A strong performer in this role will:

• Be driven to achieve strong client outcomes through high-quality, consistent work
• Comfortably pivot between engineering responsibilities and GRC advisory work across client engagements
• Demonstrate a strong willingness to learn and adapt to evolving client environments and priorities
• Take initiative to identify issues and proactively work toward solutions with a “see it, own it, solve it” mindset
• Effectively manage multiple client engagements while maintaining organization and attention to detail

• 1–3 years of experience in a technical role (e.g., MSP, SOC, Systems Administration, or similar environment)
• Foundational knowledge of networking concepts (firewalls, VPNs, VLANs), security tools (EDR, SIEM, Vulnerability Scanners),  and cloud infrastructure
• Basic understanding of security frameworks such as ISO 27001, NIST, or SOC 2, including the ability to understand and communicate why controls matter in a business context
• Ability to manage multiple client priorities simultaneously while maintaining strong organization and attention to detail
• Strong written and verbal communication skills, with the ability to translate technical work into clear, actionable insights
• High attention to detail and the ability to document work clearly and accurately
• Interest in working in a client-facing, consulting environment and growing into a consulting role

• Hold certifications such as ISC2 Associate (CISSP) or CompTIA certifications (e.g., Security+, Network+, Pentest+). 
• Have hands-on experience with vulnerability management tools or SIEM platforms
• Have exposure to compliance-driven environments or audit support activities
• Have experience working directly with clients in a service-based or consulting environment
• Are comfortable translating technical concepts into clear, actionable recommendations

BARR Advisory is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, gender identity, sexual orientation, national origin, disability status, protected veteran status, or any other characteristic protected by law. 

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment. Please contact us to request accommodation.

Unfortunately, at this time, we cannot consider candidates who require sponsorship to work in the US,  now or in the future.  We are also not in a position to consider candidates who currently reside outside of the United States.