At-Bay - Cyber Advisor, Post-Cyber Event Hardening

• Assessment & Prioritization • Conduct targeted reviews of the insured’s environment to identify security control gaps • Analyze and prioritize system weaknesses across cloud and on-premise infrastructure to focus remediation on the highest-risk areas • Implementation & Hardening • Deploy security improvements, including advanced endpoint protection, email security tools, and modern network access controls • Integrate zero-trust principles and robust identity protections to ensure resilient access management • Execute technical hardening measures to eliminate common attack vectors and secure critical infrastructure components • Strategic Resilience & Advisory • Achieve a demonstrably stronger security posture for the insured than existed prior to the cyber event • Translate technical improvements into strategic business value, helping the insured build a sustainable culture of security • Security Product & Tooling Evolution • Continuously evaluate and update technical “betterment” playbooks and toolsets to stay ahead of evolving threat actor tactics • Test and vet new security solutions to ensure the service utilizes the most effective and reliable technologies available • Cross-Functional Intelligence Sharing • Provide anonymized insights from engagements to help internal teams refine risk models and security requirements • Collaborate with internal teams to align technical remediation efforts with policy standards and emerging insurance trends • Knowledge Leadership & Training • Act as a subject matter expert for the broader security and insurance teams on the "what and how" of modern infrastructure hardening • Create internal anonymized post-mortems to demonstrate the ROI of the service and highlight successful security transformations • Continuous Threat Research • Stay current on the threat landscape to ensure hardening steps remain effective against the latest attack vectors • How you’ll make an impact: • Gain a deep understanding of At-Bay’s business—specifically how our insurance products, distribution, and technology stack integrate with the Post-Cyber Event Hardening service to serve our customers • Execute targeted assessments and become proficient in analyzing security toolsets to identify security control gaps and deliver tailored, high-impact risk mitigation strategies • Establish the collaborative relationships necessary to drive success across multiple teams, including Underwriting, Claims, and MDR • Establish a confident communication style with customers, guiding them through technical remediation steps and advising them on achieving a measurably stronger security posture • Contribute to the refinement and scalability of the Post-Cyber Event Hardening service by updating technical "betterment" playbooks and vetting new security solutions • Serve as the technical lead for cybersecurity engagements, providing expert guidance throughout the hardening phase and delivering comprehensive, actionable reports • Successfully bridge the gap between complex technical fixes and strategic business value, helping insureds build a sustainable culture of security • Participate in strategic discussions and initiatives that leverage your field insights to shape the future of At-Bay’s cybersecurity service roadmap • What you’ve accomplished already: • Proven experience in security hardening, including security control implementation and optimization across diverse, complex environments • Deep technical knowledge in deploying and configuring Endpoint Detection and Response (EDR/MDR), Identity and Access Management (IAM), and Email Security solutions • Extensive experience implementing Multi-Factor Authentication (MFA) and Active Directory/Entra ID security improvements • Expertise in securing network architectures, including firewall remediation, VPN, ZTNA, SASE, and cloud environment hardening (Azure, AWS, or GCP) • Excellent communication skills with the ability to guide customers through technical remediation steps during high-stress, post-event periods • Proven ability to identify and categorize security control gaps, providing tailored recommendations and applying rapid, high-impact remediations • A collaborative mindset with the ability to work effectively alongside internal and external teams to achieve technical remediation • Experience collecting and analyzing data from various security tools to drive informed risk management decisions and proactive defense strategies • Proven track record of delivering insights on emerging cyber threats and translating them into proactive defensive measures