Malleum

• Conduct web, network, mobile, and API penetration tests to identify vulnerabilities. • Support team assessments, simulating real-world attack scenarios. • Develop and execute custom exploits, scripts, and attack chains. • Conduct source code reviews for security weaknesses in applications. • Assess cloud security in AWS, Azure, and GCP, as well as containerized environments like Docker and Kubernetes. • Collaborate with blue teams, SOC analysts, and developers to remediate findings. • Write detailed technical reports and present findings to technical and non-technical stakeholders. • Stay updated on zero-day vulnerabilities, APT tactics, and emerging threats. • Participate in CTFs, security research, and bug bounty programs to refine skills.

• Establish and mature Malleum's Cybersecurity Program Management Office (PMO), defining its charter, governance model, and operating cadence • Standardize program and project delivery methodologies across the cybersecurity practice, harmonizing waterfall, agile, and hybrid approaches to client needs • Develop and roll out playbooks, templates, and standard operating procedures (SOPs) for intake, scoping, risk management, change control, status reporting, and closeout • Define and track portfolio-level KPIs, OKRs, and health metrics to give leadership real-time visibility into delivery performance, margin, and client outcomes • Implement consistent resource management, capacity planning, and forecasting practices across concurrent engagements • Build a centralized knowledge repository and lessons-learned program to accelerate ramp-up and embed continuous improvement • Mentor and coach project managers and delivery leads, establishing career pathways and competency frameworks within the PMO • Drive tooling standardization (e.g., ConnectWise, Jira, MS Project, Smartsheet, Confluence, Power BI) to ensure interoperability and reporting consistency • Partner with Finance, HR, and Sales Operations to align PMO processes with revenue recognition, staffing, and pipeline workflows • Champion governance forums (steering committees, portfolio reviews, risk councils) that elevate decision-making and stakeholder alignment • Lead end-to-end delivery of large-scale cybersecurity programs spanning architecture, operations, compliance, and transformation initiatives • Serve as the primary point of accountability to executive stakeholders at marquee public-sector and Fortune 500 clients • Manage program scope, schedule, budget, risk, and quality across multi-year engagements with national security implications • Coordinate cross-functional teams including security architects, red teamers, DevSecOps engineers, GRC specialists, and analysts • Translate complex technical concepts into clear executive-level briefings, roadmaps, and decision documents • Ensure programs align with frameworks such as NIST CSF, ISO 27001, ITSG-33, CMMC, and allied defense standards • Drive continuous improvement in delivery methodology, KPIs, and client outcomes • Support business development through scoping, proposals, and trusted-advisor relationships

About Us We are a premier cybersecurity consultancy, blending advanced offensive and defensive strategies to safeguard our customers. With a team known for its contributions to cybersecurity research at platforms like Black Hat and DEF CON, we excel at identifying and mitigating sophisticated threats. Large enterprises from a range of industries trust us for advanced adversarial emulation and for critical support in managing their cyber frameworks. Governments trust us with classified projects, relying on our precision and discretion to handle sensitive information securely. We’re a small group that makes a big impact. Our deep technical expertise and our commitment to clients continues to fuel our success, and with success comes growth – we’re currently searching for a GRC Consultant with a strong background in CMMC and/or NIST 800-171/53.… Role Profile In this position your mandate is to ensure that our clients meet the stringent cybersecurity standards set by regulatory bodies in their industries and jurisdictions. Working remotely, you'll advise clients on best practices, develop work plans, harness resources, and ultimately drive engagements to completion. This is a challenging role, but also an outstanding opportunity to join an accelerating startup in a position that’s crucial to the company’s continued success. Key Responsibilities - Provide guidance and support to client organizations throughout their cybersecurity maturity journey, helping them to build robust cybersecurity roadmaps. - Work with clients to design and implement right-sized cybersecurity controls in line with global industry, sector, and regulatory frameworks and standards. - Collaborate with clients’ teams to develop and implement risk treatment methodologies and plans necessary to achieve and maintain their program compliance. - Clearly articulate cybersecurity requirements to client organizations’ employees of all levels to ensure understanding and senior leadership sponsorship. - Assist organizations with the review and update of existing security policies and procedures to align with evolving requirements and best practices in cybersecurity. - Prepare detailed reports on the status of an organization's cybersecurity compliance. Prepare and deliver thoughtful, insightful, and professional presentations to clients and internal Malleum stakeholders. - Keep abreast of the latest cybersecurity threats and trends, as well as updates to the relevant industry standards such as the CMMC framework. - Achieve utilization targets, complete projects on time and budget, and meet quality standards. - Study, learn, test, document, execute and seek to continuously improve scalable consulting services processes to effectively deliver customer engagements while achieving a high level of customer satisfaction. - Execute project planning, scheduling, and other coordination of internal and client resources to conduct interviews, meetings, and presentations. - Develop a thorough understanding of our solution and service offerings, sales process, marketing materials, contract and Statement of Work structure, methodologies, delivery standards, work tools, and processes. - Pursue additional education and stay current on best practices, technical skills, and tools related to the position's duties. Candidate Profile We’re looking for a star. As an ideal candidate you’re a natural consultant: driven, highly organized, autonomous and analytical, with outstanding communication and interpersonal skills, and the ability to quickly establish your credibility and build trusting relationships with clients. You thrive under pressure, you learn fast, and your expertise stretches beyond typical GRC work into the implementation of cybersecurity controls to support clients’ continuous improvement efforts. It is essential that you fulfill the requirements to acquire a SECRET level II security clearance. Key Qualifications - Post-secondary education in information technology, computer science, or equivalent combination of education and experience. - 4+ years of experience in IT security, risk management, or compliance. - Current certification as a Registered Practitioner Advanced (RPA) or Registered Practitioner (RP) is an asset. The ability to achieve a Registered Practitioner (RP) credential under the CMMC version 2.0 framework is essential. - In-depth knowledge of NIST SP 800-171. Knowledge of the CMMC framework and DFARS 252.204-7012 regulations are a strong asset. - Relevant professional certifications such as CISSP, CRISC, CISA, CISM, coupled with advanced knowledge of a range of cybersecurity technologies and solutions. - Skilled and experienced in managing projects and leading consulting engagements, with a record of delivering exceptional value to clients. - Experience with cybersecurity systems and infrastructure design and configuration is a significant asset. - Superior communication and presentation skills with the ability to explain complex security concepts to non-technical staff. - Exceptional client-service orientation, with the ability to build trust and develop rapport with a broad range of client stakeholders, including Defense Industrial Base compliance and information system professionals. - Independent and autonomous, with the drive to seek out and leverage internal resources as needed, and proactively take ownership of their work and career development. - Excellent analysis and problem-solving skills, especially in the information systems, security, and privacy space. - Ability to learn new subject matter and context quickly and to maintain market and subject matter awareness. - Ability to understand SOWs, customer proposals, project notes, deliverables, and final reports; assimilate previous experience, relevant subject matter, data, facts, and results; and develop relevant questions of colleagues to hasten understanding scenarios, methodologies, processes, and "lessons learned." We thank all applicants for their interest, but only those selected for an interview will be contacted. Malleum accommodates individuals with disabilities throughout the recruitment process. Please indicate your need for accommodations in your application.

About Us We are a premier cybersecurity consultancy, blending advanced offensive and defensive strategies to safeguard our customers. With a team known for its contributions to cybersecurity research at platforms like Black Hat and DEF CON, we excel at identifying and mitigating sophisticated threats. Large enterprises from a range of industries trust us for advanced adversarial emulation and for critical support in managing their cyber frameworks. Governments trust us with classified projects, relying on our precision and discretion to handle sensitive information securely. We’re a small group that makes a big impact. Our deep technical expertise and our commitment to clients continues to fuel our success, and with success comes growth – we’re currently searching for a Senior DFIR Specialist to strengthen our incident response and threat-hunting capabilities while helping lead and mentor others on our team. Role Profile In this role, working remotely, you will lead and execute complex digital forensics and incident response engagements for Malleum clients facing sophisticated threat actors. You will act as both a hands-on practitioner and a technical leader, coordinating investigations, guiding responders, and working closely with Red Team and threat emulation specialists to understand and counter real-world adversaries. This is an outstanding opportunity to join a fast-growing consultancy in a role that is critical to protecting organizations against advanced, persistent threats. Key Responsibilities - Lead and perform end-to-end DFIR investigations, including evidence acquisition, analysis, containment, and remediation. - Analyze attacker behavior across endpoints, networks, and cloud environments, with a strong focus on adversarial TTPs and attacker tradecraft. - Apply Red Team and adversary emulation insights to improve detection, response, and containment strategies. - Serve as a technical lead on incident response engagements, coordinating activities and guiding junior team members. - Communicate findings clearly to both technical and non-technical stakeholders, including executive-level audiences. - Contribute to the development of DFIR playbooks, detection logic, and internal methodologies. - Support threat hunting, post-incident reviews, and proactive security improvement initiatives for clients. Candidate Profile As an ideal candidate, you are a deeply technical DFIR professional who thrives in hands-on investigations and is equally comfortable stepping into a leadership role when required. You have a strong understanding of modern adversaries, their tactics, techniques, and procedures, and you enjoy working collaboratively across offensive and defensive security functions. Key Qualifications - Extensive experience in digital forensics and incident response across enterprise environments. - Strong knowledge of adversarial TTPs, attacker tooling, and intrusion lifecycle stages. - Practical exposure to Red Teaming or adversary emulation concepts, and the ability to translate offensive insights into defensive action. - Demonstrated ability to lead or mentor team members during high-pressure incident response engagements. - Experience with endpoint, network, and cloud forensic analysis tools and techniques. - Excellent written and verbal communication skills, with the ability to produce clear, actionable reports. We thank all applicants for their interest, but only those selected for an interview will be contacted. Malleum accommodates individuals with disabilities throughout the recruitment process. Please indicate your need for accommodations in your application.

About Us We are a premier cybersecurity consultancy, blending advanced offensive and defensive strategies to safeguard our customers. With a team known for its contributions to cybersecurity research at platforms like Black Hat and DEF CON, we excel at identifying and mitigating sophisticated threats. Large enterprises from a range of industries trust us for advanced adversarial emulation and for critical support in managing their cyber frameworks. Governments trust us with classified projects, relying on our precision and discretion to handle sensitive information securely. We’re a small group that makes a big impact. Our deep technical expertise and our commitment to clients continues to fuel our success, and with success comes growth – we are currently searching for an experienced Cybersecurity Program Manager to support the delivery of complex cybersecurity initiatives for enterprise and public-sector clients. Role Profile In this role, working remotely, you'll lead multi-stream cybersecurity programs, working closely with client stakeholders and Malleum consultants to ensure initiatives are delivered on time, on budget, and to a high standard of quality. This is a challenging role, but also an outstanding opportunity to join a rapidly growing consultancy in a position that is critical to our continued success. Key Responsibilities - Lead the planning, execution, and oversight of cybersecurity programs comprising multiple interdependent workstreams - Act as the primary point of contact for program-level client engagement, including senior and executive stakeholders - Develop and maintain program artifacts including roadmaps, schedules, risk and issue logs, dependency tracking, and status reports - Coordinate and manage internal consultants and external vendors to ensure consistent, high-quality delivery - Ensure cybersecurity initiatives align with client risk appetite, regulatory requirements, and business objectives - Escalate risks and issues appropriately while proposing practical mitigation strategies - Support the translation of cybersecurity strategy into executable, measurable initiatives - Prepare and deliver clear, executive-ready communications and presentations - Achieve utilization targets, deliver projects on time and on budget, and meet defined quality standards - Study, learn, document, and continuously improve scalable delivery processes and program management practices within Malleum Candidate Profile We are looking for a motivated, detail-oriented professional who thrives in complex environments and takes ownership of outcomes. Key Qualifications - Significant experience delivering cybersecurity, information security, or technology risk initiatives - Proven experience managing complex programs or large-scale projects, ideally in a consulting or advisory environment - A strong understanding of cybersecurity domains such as governance, risk, and compliance, cloud security, identity, and security operations - Experience working with recognized frameworks and standards such as NIST, ISO 27001, or similar - Demonstrated ability to manage senior stakeholders and communicate effectively at the executive level - Strong organizational, analytical, and problem-solving skills Preferred Qualifications - Professional certifications such as PMP, CISSP, CISM, or CRISC are considered assets but are not required We thank all applicants for their interest, but only those selected for an interview will be contacted. Malleum accommodates individuals with disabilities throughout the recruitment process. Please indicate your need for accommodations in your application.