WHO YOU'LL WORK WITH
You will be based in one of our North America offices as a member of the product team (together with a solution leader, tech lead, product engineers, designers, data scientists) shaping and building a new analytics hub to create and deploy analytics solutions across our defense and security clients on some of their toughest issues, in a fast-paced, non-hierarchical and caring environment.
You will have exposure to the client leadership team serving defense and national security clients, senior McKinsey leaders and consultants, as assets are developed and brought to new clients.
In addition to the defense analytics product team, you will work with our broader ecosystem of data and analytics experts within the Social, Healthcare and Public Entities (SHaPE) Practice. The team has grown to 300+ colleagues globally over the last four years. It is a unique mix of public sector and healthcare experts, statisticians, engineers, data scientists, and more. We are redefining what it means for clients to work with McKinsey by driving innovation through advanced analytics, user experience design thinking, and new product development.
WHAT YOU'LL DO
You will understand the end to end security picture of the assets being built and act as the security point of contact for any platforms or tools being accessed during development.
You will implement the required security and monitoring tools, develop customized tools to ensure the cloud platform is secured to meet requirements of client and the firm, assess and track system activity logs for potential threats, perform internal/external vulnerability assessments synergizing with cross-functional teams, work with the tech lead to ensure security is built into asset development and network infrastructure.
You will own the implementation of security governance practices (e.g. security architecture reviews, IRM policy compliance, etc.) as well as any updates to security, compliance and risk management policies and standards for a secure GovCloud cloud environment, in alignment with enterprise risk management policies.
You will implement industry leading practices around cyber risks and Cloud security and perform security assessments of cloud platforms/environments using NIST 800-171 requirements.
You will design and develop security policies, standards and procedures e.g. firewall management, SSL/IPSec, security incident and event management (SIEM), data protection (DLP, encryption), user account management (SSO, SAML), and password/key management.
You will identify software weaknesses that could lead to exploitable vulnerabilities such as SQL injection, cross-site scripting, cross-site request forgery, buffer overflows, use of hard-coded passwords, weak encryption, sensitive data.
You will constantly look for better ways of solving security problems and designing the solution, and are not afraid of challenging the status quo.
This role requires US citizenship and the ability to obtain a certain level of security clearance mandated by the relevant U.S. government branch or agency.