Who You Are
You've spent time inside breaches - and now you use everything you learned there to help organizations make sure they don't happen again. You don't just consume threat intelligence; you understand where it comes from. While others are citing vendor feeds, you're synthesizing attacker TTPs from real IR data and turning them into guidance your clients can act on.
You're comfortable facilitating a tabletop exercise with a hospital's incident response team and presenting a cyber resilience roadmap to a CFO. You know what attackers do - which misconfigurations they exploit, which identity gaps they walk through, which controls organizations think are working but aren't. And you know how to translate that into programs that close the gap before the next breach, not after.
You've built trusted advisor relationships before. You know that getting there means showing up with answers grounded in reality, not frameworks, and following through every time. You're organized enough to manage a portfolio of retainer clients, strategic enough to drive meaningful roadmap progress, and technically credible enough that security practitioners and executives both leave the room trusting what you said.
Why You Matter
You'll be joining MOXFIVE as a Resilience Advisor, owning client relationships and leading delivery for our MOXGUARD advisory practice - the program that converts real-world incident response lessons into prevention-first security programs.
You'll manage an active portfolio of retainer clients and help onboard new ones as the program scales. But this isn't a role that maintains the status quo. You'll be drawing from MOXFIVE's live IR operations to deliver intelligence most consultants never have access to, designing tabletop exercises based on attacks we investigated, and turning post-incident findings into deployed security improvements for clients across healthcare, financialservices, manufacturing, legal, government, and more.
Most advisory programs offer frameworks. MOXGUARD offers a permanent post-incident perspective - and you're the one who brings it to life for every client in your portfolio.
What You'll Do
MOXGUARD Service Delivery
Own the client relationship and serve as the trusted advisor for your assigned MOXGUARD accounts across targeted verticals
Lead delivery of annual Active Directory posture reviews, identity gap analyses, and visibility evaluations
Develop and present each client's Annual Cyber Resilience Roadmap - a 12-month action plan built around their actual maturity, risk profile, and priorities
Facilitate tabletop exercises grounded in real attack patterns from MOXFIVE's IR operations, including on-site sessions when in-person collaboration adds value
Conduct annual risk and exposure assessments across client environments and present actionable findings
Drive recurring client meetings, keeping roadmap progress moving and advisory sharp
Coordinate biannual policy and runbook alignment reviews - ensuring documentation reflects what works in real incidents, not just what sounds good on paper
Threat Intelligence & Content Development
Deliver monthly IR-informed threat intelligence briefings for both technical and executive audiences
Communicate patterns and trends observed across MOXFIVE's IR engagements - recurring misconfigurations, identity gaps, control failures - and embed those insights into client programs before they become incidents
Strategic Consulting & Implementation
Lead implementation projects that originate from IR engagements, converting post incident recommendations into deployed solutions
Scope requirements, develop statements of work, oversee technical resources, and support delivery of Resilience consulting engagements
Identify opportunities to evolve consulting engagements into long-term MOXGUARD relationships
Practice Development
Contribute to methodology refinement, template development, and process improvement across the practice
Support business development through scoping calls, proposals, and client presentations
What You'll Bring
6+ years of progressive cybersecurity experience, with at least 3 years in client facing advisory, consulting, or senior technical roles
A strong technical foundation in incident response, digital forensics, and threat analysis - with the ability to translate IR findings into strategic advisory content and tailored client recommendations
Foundational understanding of Active Directory security, identity and access management, and enterprise security architecture
Experience delivering security assessments, gap analyses, remediation roadmaps, and implementation projects
Familiarity with EDR, SIEM, PAM, and other enterprise security platforms
Understanding of cyber insurance processes, coverage requirements, and carrier expectations
Proven ability to build trusted relationships and communicate with credibility to both technical practitioners and C-suite executives
Strong project management skills and the ability to manage multiple concurrent client engagements without losing the thread on any of them
Bonus points for:
Bachelor's degree in cybersecurity, computer science, information technology, or a related field
Industry certifications such as CISSP, CISM, GCIH, GCFA, or equivalent GIAC credentials
Background in a consulting firm or MSSP environment managing client portfolios
Exposure to incident response operations at scale
Familiarity with forensic sweep methodologies and threat hunting techniques
Experience supporting cyber insurance underwriting or claims processes