Senior Director, Cybersecurity

Who We Are  

FTI Consulting is the leading global expert firm for organizations facing crisis and transformation. We work with many of the world’s top multinational corporations, law firms, banks and private equity firms on their most important issues to deliver impact that makes a difference. From resolving disputes, navigating crises, managing risk and optimizing performance, our teams respond rapidly to dynamic and complex situations.

At FTI Consulting, you’ll work side-by side with leaders who have shaped history, helping solve the biggest challenges making headlines today. From day one, you’ll be an integral part of a focused team where you can make a real impact. You’ll be surrounded by an open, collaborative culture that embraces diversity, recognition, professional development and, most importantly, you.

Are you ready to make your impact?

About The Role 

FTI Consulting is seeking a Senior Director – Advanced Threat Services to join its Australian Cybersecurity team. This is a high-impact consulting leadership role for an experienced technical cybersecurity manager who wants to lead and expand a high-performing team that works on bespoke, technically challenging client engagements.

Advanced Threat Services includes three service lines, all of which are client-facing: offensive security, digital forensics and incident response (DFIR) and security engineering. Currently in the Threat Services team, some of our technical cybersecurity consultants have one specialty (for example, some are dedicated to penetration testing), while others work across multiple technical disciplines (for example, penetration testing and also security engineering). 

You will also have the opportunity to lead post-incident reviews on some of the largest cybersecurity and data breach related disputes and litigation matters in Australia.

You will lead the delivery and ongoing development of Advanced Threat Services, including advanced offensive security, DFIR and security engineering services while mentoring penetration testers, incident responders and security engineers and managing key client relationships.

This role requires extensive experience in technical cybersecurity disciplines, strong team and stakeholder management skills, technical depth and the ability to communicate clearly in executive, regulatory and legal contexts.

What You’ll Do 

• Lead and manage the delivery of large ongoing penetration testing retainer engagements, as well as smaller “one-off” offensive security engagements, including (but not limited to) web and network penetration testing, red team exercises and white-box cloud security assessments.

• Lead and manage the delivery of major cybersecurity incident response engagements, including (but not limited to) ransomware, data extortion, cryptocurrency theft, insider threat, business email compromise and accidental data disclosure incidents.

• Lead and manage security control uplift engagements for clients with a focus on cloud security engineering.

• Manage technical security engagements from end-to-end, from initial client contact and scoping through to reporting, presentation of findings to clients and engagement close-out.

• Perform quality assurance on offensive security, DFIR and security engineering fieldwork and reports to ensure consistency and excellence in our offensive security services.

• Build and maintain strong trusted relationships with our key clients, law firm contacts and insurance panel contacts.

• Manage and lead a team of high-performing, client-facing technical cybersecurity consultants. You will be responsible for line management and their ongoing growth and professional development, encouraging them to develop deep technical skillsets that exceed your own in each consultant’s specific area of expertise.

• Maintain current knowledge of industry trends, threats and emerging offensive security and DFIR methodologies (including those related to the use or exploitation of AI) to ensure the ongoing relevance and excellence of our service offerings.

• Manage the risks of penetration testing and incident response engagements and execute sound judgement to avoid adverse impacts to client IT environments whilst maintaining the technical excellence of our assessments and response engagements.

• Contribute to and drive the creation and use of business development material and the response to specific client proposals related to technical cybersecurity service lines.

• Plan and oversee the ongoing development and improvement of the infrastructure and technical tools that support our client-facing offensive security and incident response services.

• Assist to manage and execute offensive security-adjacent services from time to time, based on our team’s needs, such as security architecture, security engineering and incident response.

How You’ll Grow 

This is an excellent opportunity for a person with proven, hands-on cybersecurity leadership experience to join a high-performing cybersecurity consulting team in a senior role. With the ever-evolving cybersecurity landscape, the need for continuous professional development remains at the forefront of the quality of our team and is wholly supported. 

We are committed to investing and supporting you in your professional development and we aim to promote continuous learning and individual skills development through on-the-job learning, self-guided professional development courses and external offensive security certifications. 

What You Will Need to Succeed 

At a minimum, we expect candidates to have:

• Tertiary qualifications in cybersecurity, similar technology discipline or agreed equivalent experience. 

• 7+ years of experience delivering professional offensive security and / or incident response services within consulting or complex enterprise environments.

• Previous experience as a senior or lead penetration tester and / or senior or lead incident responder or cyber-focused forensic investigator.

• Strong reporting skills, with the ability to present excellent technical cybersecurity analysis in professional reports that are approachable and impressive to a non-technical audience.

• Experience using and / or bypassing EDR tools such as CrowdStrike, SentinelOne, Carbon Black etc.

• Experience implementing, assessing, investigating and / or attacking both on-premises security controls and cloud security controls in Microsoft 365 and AWS.

• The ability to work on multiple client matters at one time.

• The ability to work with limited supervision.

• The ability to work with senior team members and clients in time sensitive situations.

• A strong work ethic and integrity and high level of professionalism.

• Excellent written and spoken English skills.

• Travel to FTI Consulting’s interstate and/or client locations as required.

Additionally, the below is highly desirable:

• Strong experience across both offensive security and incident response, ideally in a consulting context.

• Demonstrable experience leading and building high-performing technical cybersecurity teams.

• Have previously had line management responsibilities for client-facing consultants.

• Industry certifications including or equivalent to OSCP, OSEP, OSWP, OSWE, CREST CRT, CRTP, CARTP, GCFE, GCFA, GREM, GNFA or offensive security and / or DFIR SANS certifications.

• Have identified and published CVEs.

• Have developed open source offensive security, forensics or security engineering tools.

• Technical hands-on experience with capturing and analysing forensic images from different systems incuding Windows, Linux, OSX and Smartphones.

• Experience using tools such as Volatality, FTK Imager, Cellbrite, WireShark, EnCase, Axiom, Splunk, ELKetc.

• Experience documenting the technical details gathered from Forensics analysis into Incident Reports for wider consumption.

• Knowledge of Chain of Custody procedures.

• Understanding of data loss / data theft prevention concepts and technologies.

• Have presented at offensive security conferences, such as BSides or SecTalks.

• Australian Government security clearance or the ability to obtain one.

FTI Consulting acknowledges that we stand on the lands of the First Nations peoples and would like to pay our respects to Elders past and present. We extend solidarity and hope for a future where all are afforded justice, dignity and peace.

FTI Consulting is an equal opportunity employer and does not discriminate on the basis of race, color, national origin, ancestry, citizenship status, protected veteran status, religion, physical or mental disability, marital status, sex, sexual orientation, gender identity or expression, age, or any other basis protected by law, ordinance, or regulation.

Compensation

Minimum Pay: $205,000

Maximum Pay: $245,000

Compensation Disclosure: The compensation range reflects potential base salary for the role. Actual compensation is determined based on a wide array of relevant factors including market considerations, business needs, and an individual's location, skills, level of experience, and qualifications