Cybersecurity Consultant

Cybersecurity Consultant
Location: Nassau County, NY (Hybrid – Onsite Quarterly + Remote)
Duration: Long-Term Engagement (5-Year Contract + Extensions)
Client: County Government – Supporting IT, District Attorney, and Police Department Systems

Position Overview
Nassau County is seeking a highly experienced Cybersecurity Consultant to assess, evaluate, and strengthen the County's overall cybersecurity posture across multiple departments, including core IT infrastructure, the District Attorney's Office, and Police Department systems.

This is a strategic advisory and assessment-focused role, not a pure hands-on engineering position. The consultant will act as a trusted partner, identifying risks, performing security assessments, and delivering actionable recommendations to modernize and secure the County's IT environment.

The ideal candidate brings deep experience in public sector cybersecurity, risk management, and enterprise security assessments, along with the ability to communicate effectively with both technical teams and executive stakeholders.

Key Responsibilities

Cybersecurity Assessments & Strategy

• Evaluate existing cybersecurity programs, policies, and procedures across County departments
• Conduct comprehensive risk and threat assessments across IT, law enforcement, and legal systems
• Identify security gaps, vulnerabilities, and compliance risks across infrastructure and applications
• Analyze current cybersecurity maturity and recommend improvements aligned with best practices

Vulnerability Management

• Perform monthly vulnerability scans across County IT and District Attorney networks and systems
• Analyze scan results and prioritize findings based on risk severity and threat intelligence
• Provide detailed remediation guidance, including effort estimates for internal teams

Penetration Testing

• Conduct advanced penetration testing across:
  • Internal and external networks
  • Web applications
  • Wireless environments
  • Social engineering scenarios
• Assess vulnerabilities across County IT, Police Department, and District Attorney systems
• Deliver clear findings with exploit scenarios and business impact analysis

Advisory & Recommendations

• Provide strategic recommendations to modernize and strengthen cybersecurity infrastructure
• Advise on security architecture improvements across networks, systems, and applications
• Support development and evolution of cybersecurity roadmaps and policies
• Align recommendations with evolving threat landscape and public sector requirements

Reporting & Documentation

• Deliver detailed technical reports including:
  • Risk-based prioritization of findings
  • Clear remediation steps
  • Estimated effort required for internal staff
• Present findings to technical teams and executive leadership
• Maintain comprehensive documentation of assessments and recommendations

Stakeholder Engagement & Communication

• Maintain ongoing communication with County stakeholders through regular status updates
• Conduct minimum of four (4) onsite quarterly visits to support departments directly
• Collaborate with IT leadership, law enforcement IT teams, and legal stakeholders
• Translate technical findings into actionable business insights

Implementation Support (Advisory Level)

• Provide hands-on guidance to support implementation of cybersecurity initiatives
• Assist County teams in adapting and executing cybersecurity plans
• Support prioritization and execution strategy, while not directly performing remediation unless requested

Required Qualifications
Experience

• 7–10+ years of experience in cybersecurity consulting, risk assessment, or security architecture
• Proven experience supporting public sector, government, or law enforcement environments
• Experience performing enterprise-level:
  • Risk assessments
  • Vulnerability management
  • Penetration testing
• Demonstrated experience advising on cybersecurity strategy and modernization

Technical Expertise

• Strong knowledge of:
  • Network security architecture
  • Endpoint and server security
  • Application security
  • Identity and access management (IAM)
• Hands-on experience with:
  • Vulnerability scanning tools (e.g., Nessus, Qualys)
  • Pen testing frameworks (e.g., Metasploit, Burp Suite, Kali Linux)
• Understanding of:
  • Threat intelligence and risk scoring
  • Security frameworks (NIST, CIS, ISO 27001)

Certifications (Preferred)

• CISSP (Certified Information Systems Security Professional)
• CEH (Certified Ethical Hacker)
• OSCP (Offensive Security Certified Professional)
• CISM / CISA

Soft Skills

• Strong communication and presentation skills (technical + executive level)
• Ability to translate complex findings into actionable recommendations
• Strong stakeholder management across multiple departments
• High level of professionalism working with sensitive government systems

Work Environment & Requirements

• Hybrid model with quarterly onsite visits required in Nassau County, NY
• Must be able to pass background checks due to sensitive systems access
• Must comply with strict confidentiality and security protocols (NDA required)

• Must be authorized to work in New York State

Engagement Details

• Long-term consulting engagement (5 years + potential extension)

Focus on assessment, advisory, and strategic guidance (not full remediation ownership)

• High visibility role with impact across critical County systems