Consultant Development Program (Internship)

Consultant Development Program (Internship)

at Tevora

Irvine, CA

June 3rd, 2024, to August 9th, 2024.

If you haven't heard of Tevora, it's because we've done our job!

Tevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you.

What's the role?
We are entering the eighth year of our Consultant Development Program, a 10-week immersive paid-training internship designed to help you strengthen the technical and professional skills you'll need to enter the workforce as a full-time Information Security Associate. Our anticipated start date of this cohort will begin on June 3rd, 2024, to August 9th, 2024.
Tevora University & Mentorship Program

• Practice Disciplines and Consultant 101 taught by Managing Directors
• Taught curriculum involves independent study and hands-on project work with mentoring from experienced Consultants and Practice Leads
  

A day in the life could include:

For the practice areas that you choose to explore, your expected activities and responsibilities include:

• Research emerging information security risk, privacy, and compliance topics for white papers and knowledge sharing
• Analysis of client organizations to investigate and identify information security risks and security control vulnerabilities
• Assist with researching risk treatment and vulnerability remediation for client reports
• Joining interviews with various clients' subject matter experts to assist in data collection
• Assist in template and procedure creation for Compliance and Risk solutions
• Assist in report writing and delivery of client reports
• Learning about National and International standards, frameworks, and legislations that govern the industry, such as ISO 27000, SOC, HIPAA, PCI DSS, GDPR, and NIST.
  

Practice Areas Include:

Enterprise Risk Management (ERM)

• Aid in the development and maintenance of Enterprise Risk Management programs for organizations across all industries
• Conduct Enterprise Risk Assessments and analyze potential exposure at a strategic level
• Perform Vendor Risk Assessments on behalf of client organizations
• Develop Governance frameworks and Strategies for managing information security
• Provide General Advisement Services to help organizations adequately address information security risks upon changes to strategic initiatives, projects, and infrastructure architecture

Federal (FED)

• Work with organizations connected to the Federal Government, such as defense contractors, financial institutions, and telecommunication systems, to develop and maintain information security programs that adhere to the standards of the Federal Government.
• Conduct assessments, develop Governance programs, and provide General Advisory Services to help navigate Federal Government standards including:
  • Federal Information Security Management Act (FISMA)
  • Federal Risk Authorization Management Program (FedRAMP)
  • Defense Federal Acquisition Regulation Supplement (DFARS)
  • North American Electric Reliability Corporation (NERC)
  • New York State Department of Financial Services (NYDFS) Cybersecurity Maturity Model (CMMC)State Risk Authorization Management Program (StateRAMP)

Healthcare (HLC)

• Work with hospitals, clinics, insurance companies, medical device manufacturers, and many other technologies service organizations in the Healthcare industry to ensure the protection of Protected Healthcare Information (PHI)
• Perform organizational security posture and control assessments against Healthcare organizations to validate adequate protection of sensitive healthcare data and ensure compliance against HIPAA and HITRUST.
• Provide General Advisement Services to help organizations navigate and implement HIPAA and HITRUST compliance upon changes to strategic initiatives, projects, and infrastructure architecture.

International Standards (ISO)

• Assess the security posture of organizations across a multitude of industries against internationally recognized ISO 27000 standards established by the International Organization for Standardization (ISO)
• Support organizations in the development of an ISO 27001 compliant Information Security Management Systems (ISMS), a systematic and iterative approach managing organizational risk for all forms of sensitive data.
• Aid organizations in aligning their ISMS with ISO 27018, a globally recognized standard designed to ensure security and privacy of Personally Identifiable Information (PII) within Cloud applications or services

Incident Response (IR)

• Participate in the incident response lifecycle and gain familiarity with relevant methodologies, including detection, analysis, remediation, and deployment of countermeasures
• Learn how to use common enterprise security tools and techniques during a computer security investigation
• Participate in SOC mentoring and skill-sharing programs
• Participate in the analysis of and response to computer network intrusions, web application and server attacks, and insider threats, as appropriate
• Participate in business process documentation, metric reporting, and process automation
• Participate in threat intelligence research and process documentation
• Complete other tasks as assigned by your assigned Mentor or Team Lead

Payments (PYT)

• Support organizations across a multitude of industries in the protection of credit card data
• Perform in-depth technology and process control assessments to validate adequate protection of credit card data and ensure compliance against the Payment Card Industry Data Security Standard (PCI DSS)
• Perform Payment Application (PA-DSS) technical control assessments to validate payment processing software used within Point-of-Sale are adequately protecting credit card data via appropriate use of cryptography, authentication, secure coding practices, and other technical controls.
• Provide General Advisement Services to help organizations navigate PCI DSS compliance upon changes to strategic initiatives, projects, and infrastructure architecture.

Systems and Organizations Controls (SOC)

• Perform comprehensive System and Organization Controls (SOC) assessments to against service provider organizations across a multitude of industries, providing assurance of reliability and protection of all forms of sensitive data.
• Support in the remediation of security control deficiencies through the development of policies and providing business process re-engineering recommendations to ensure compliance with SOC.
• Provide Augmented Staff services, directly working within client organizations as a supporting team member to aid in the maintenance of security and compliance programs.

Solutions (SOL)

• Plan technical execution plans to meet business requirements
• Gather requirements to complete execution plans
• Execute on previously designed plans
• Document execution procedures and provide professional insights into technologies involved
• Assist Consultants with client engagements

Third-Party Risk Management (TPRM)

• Assist client organizations in building, designing, and operating Third-Party Risk Management programs.
• Review and assess organizational strategy to address third-party risk and provide recommendations based on industry-relevant regulatory frameworks and security best practices.
• Conduct Vendor Risk Assessments on behalf of client organizations.

Threat (TRT)

• Participate in Internal and External network penetration tests
• Participate in Web application penetration tests
• Study penetration testing methodologies and spend time in training labs
• Shadowing of penetration testers and learning in real-world scenarios
• Remediation validation and reporting support
• Writing executive and technical summaries of test results and activities
• Communication of test status and findings with clients
• Complete other tasks as assigned by your assigned Mentor or Team Lead
  

Necessary skills and qualifications:

The Developing Consultant (DC) is an up-and-coming part of the client-facing consulting team. DCs are responsible for helping in conducting project delivery activities based on their selected Tevora Information Security practice areas including: Enterprise Risk, Compliance, Solutions Implementation, and Threat Research. Interns are expected to continually develop their skills through personal development and Information Security industry participation.

Key Responsibilities

• Developing the technical and business skills required to perform billable work on projects as quickly as possible
• Learning about industry-standard certifications and their benefits
• Learning about National and International standards and frameworks like PCI-DSS, HIPAA, and ISO 27001
• Observing Implementations of enterprise security solutions
• Observing and helping with internal and external penetration testing and social engineering projects

Requirements

Every DC at Tevora is a technologist at heart but understands the critical intersection between business and technology. Foundationally, the ideal candidate will have basic familiarity with:

• Networking concepts like firewalls, routers, switches, and DNS
• Computer troubleshooting and server systems administration
• Business planning and accounting
• Any knowledge of compliance frameworks is a plus

Abilities

• Multi-tasking and time management skills
• Dynamic, enthusiastic, and excellent interpersonal skills
• Excellent writing both expository and technical documentation
• Intermediate working knowledge of Excel and Word
• Self-starter who likes to tinker and learn on their own

Education and Experience

• Bachelor's Degree from an accredited 4-year university (or Military equivalent)
• Currently enrolled at an accredited 4-year university (or Military equivalent)
• IT, Cybersecurity, and Information Security certifications a plus
  

We've got you covered!

• Sick Time Off
• Vibrant work culture
• Career advancement opportunities
  

Additional requirements:

• A valid driver's license is required.
• Eligibility to work in the United States.
• Required to work onsite at our Irvine, CA location.
  

Thank you for your interest in our Consultant Development Program (CDP). If you are selected for this program, you will become a Developing Consultant with us. This opportunity will challenge and motivate both your aptitude and attitude in Cyber Security. Successful completion of our program as a Developing Consultant may lead to a full-time offer as an entry-level Information Security Associate.

EEOC Statement

Tevora is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, disability status, or other applicable legally protected characteristics.