Cybersecurity Consultant (Carmel IN, U.S. Based) in CARMEL, Indiana at Reveal Risk

Cybersecurity Consultant (Technical).

Indianapolis, IN

Full-time | 2–4 years of experience | Indianapolis, IN (local only)

Reveal Risk is hiring a full-time Cybersecurity Consultant (Technical focus) to join our Indianapolis team — ideally someone coming from a corporate cybersecurity or enterprise IT and/or security role who is excited to make the jump into consulting. This is an early to mid-level role for someone with 2–4 years of hands-on cybersecurity or IT experience who enjoys owning technical workstreams end-to-end across a wide mix of security domains, tools, and client environments.

You will partner with senior consultants on engagements focused on technical assessments, cloud and endpoint security, identity, vulnerability management, and security architecture review. Over time you will also have the opportunity to lead smaller engagements end-to-end. You will combine real technical curiosity with clear communication to help clients reduce risk and implement practical controls.

KEY RESPONSIBILITIES

• Client Project Delivery (~80% of working hours): Independently own technical workstreams within client engagements, partner with senior consultants on strategy and direction, and occasionally lead smaller engagements end-to-end. Deliver clear, pragmatic, right-sized outcomes for each client.

• Own individual workstreams end-to-end with minimal oversight — plan, execute, QC, and deliver high-quality work products.

• Perform technical and control-level assessments across domains such as identity and access management, cloud security (AWS, Azure, and/or GCP), endpoint, network, vulnerability management, logging and monitoring, and backup/recovery.

• Review client security configurations, architecture diagrams, and tooling to identify gaps and recommend practical improvements.

• Support (and occasionally lead) vulnerability management engagements, scanner tuning, prioritization, remediation planning, and flexibility using multiple tools or what the client may have.

• Partner with the Reveal Risk team to drive penetration testing engagements — serving as the primary engagement lead between our penetration testers and our clients, coordinating scoping, kickoff, status, findings review, and remediation follow-through.

• Assess and tune endpoint protection, EDR/XDR, email security configurations. You don't need expertise in every platform but should be able to have a working understanding of alerts, read the logs and the interest to depend your understanding in that skillset.
  
  
• Contribute to cloud security reviews using frameworks such as CIS Benchmarks, AWS Well-Architected Security Pillar, and Microsoft Cloud Security Benchmark.

• Facilitate client workshops, whiteboarding sessions, and working meetings to walk through findings, recommendations, and remediation approaches.

• Translate technical findings and risks into business value, not just technical language, so client leadership understands the "so what" and can act on it.

• Adapt communication style to different stakeholder audiences (engineers, IT leadership, executives) and keep clients informed between touchpoints to build trust.

• Build clear, professional technical deliverables (assessment reports, findings matrices, architecture diagrams, remediation plans, runbooks) for both technical and executive audiences.

• Plan and track your own workstreams using strong project management practices (scope, milestones, status, risks); escalate blockers early.
  
  
• Provide light support to business development activities as needed, such as scoping calls, proposal content, and follow-ups for prospective clients.

• Internal Collaboration and Service Development (~15%): Contribute to knowledge sharing, technical playbook refinement, cross-service collaboration, and the overall quality of the technical practice.

• Suggest and help document improvements to assessment workbooks, architecture review templates, checklists, and technical delivery accelerators based on what you learn in client work.

• Actively share knowledge from your engagements — new tools, techniques, attack trends, useful scripts — in internal sessions and written form.

• Collaborate across Reveal Risk service lines (Strategy/CISO, GRC, Human Risk Management, Resiliency Planning, Technical Services) to bring the right mix of expertise to each client problem.

• Willingness to help onboard interns, rotating team members, and newer associates as opportunities arise.

• Participate in a culture that values transparency, humility, and feedback, both giving and receiving across all levels of the organization.
  
  

• Professional Growth and Industry Engagement (~5%): Continue developing your technical depth and representing the firm in the Indianapolis cybersecurity community.

• Pursue and maintain relevant technical certifications or training (examples: Security+, Network+, CySA+, GIAC GSEC/GCIH, AWS/Azure security associate, CCSP).

• Attend local industry events, chapter meetings, CTFs, or working groups (ISSA, InfraGard, OWASP, or other local IT and cybersecurity user groups).

• Bring back new tools, attack trends, and emerging defenses to help evolve the practice.

QUALIFICATIONS

Required

• 2–4 years of hands-on professional experience in cybersecurity, systems administration, network engineering, cloud engineering,IT infrastructure, or a closely related technical field.
  
  
• Working, hands-on knowledge of at least two of the following: identity and access management, endpoint/EDR, cloud security (AWS, Azure, or GCP), vulnerability management, network security, or SIEM/logging.
  
  
• Comfortable reading and reasoning about system architectures, configurations, and technical documentation.
  
  
• Ability to independently manage individual workstreams across 2–4 concurrent client projects, prioritize your own work, and deliver high-quality output with minimal oversight.
  
  
• Ability to understand how your work fits into the client’s broader business problem and communicate technical findings in business terms.
  
  
• Strong communication skills — able to explain technical findings and risks to both technical and non-technical audiences.
  
  
• High attention to detail and a personal bar for the quality, clarity, and professionalism of deliverables.
  
  
• Organized and self-directed; fluent in basic project management practices such as tracking scope, milestones, risks, and action items.
  
  
• Collaborative, humble, team-first mindset with a genuine interest in growing as a consultant.
  
  
• Resides in the Indianapolis, IN metro area (or willing to relocate at own expense before start date). Relocation assistance is not offered.

Preferred (Not Required)

• Bachelor’s degree in Information Security, Computer Science, Information Systems, Network Engineering, or a related technical field.

• Previous consulting or advisory experience (boutique firm, Big 4, or internal consulting function). One or more professional certifications (current or expired), such as: Security+, Network+, CySA+, CEH, GSEC, GCIH, AWS Certified Security – Specialty, Microsoft SC-200/SC-100, CCSP, or OSCP.

• Hands-on exposure to any of the following technical cybersecurity areas:

• Identity and Access Management (IAM) and/or Privileged Access Management (PAM) Cloud security (AWS, Azure, GCP) — configuration review, guardrails, CSPM tooling

• Endpoint security and EDR/XDR (CrowdStrike, SentinelOne, Microsoft Defender) Vulnerability and threat management (Tenable, Qualys, Rapid7, Wiz) SIEM, logging, and detection engineering (Splunk, Microsoft Sentinel, Elastic)

• Security architecture review and reference architecture development

• Infrastructure or systems administration background (Windows, Linux, Active Directory, Entra ID)

• Implementation or tuning of security tools (IAM, PAM, EDR, email security, backup)

BENEFITS

• Competitive salary (target range: [$70,000 – $105,000] and team profit-sharing plan. Comprehensive benefits package including:

• Health, dental, and vision insurance (99% employer-paid premiums)

• 401(k) with company match

• Paid time off and company holidays

• Flexible work schedule

• Professional development assistance

• And more!

OTHER POSITION DETAILS

• Full-time, exempt position. Based in Indianapolis, IN — local candidates only. Flexible work model blending Indy-area office days, home office, and client sites; this is not a remote-from-anywhere role and relocation is not offered.

• Occasional travel (0–20%) for client workshops, team meetings, or industry events.

• Monday–Friday, 8 hours/day with some flexibility as long as core working hours of 9am–4pm ET are covered.

OUR CORE VALUES

• We work with integrity, transparency, and trust.

• We listen and reduce ambiguity to create win:win solutions.

• We are a collaborative team that celebrates shared success.

• We are enthusiastic, confident, humble, and professional.

ABOUT REVEAL RISK

Reveal Risk is a dynamic and growing boutique consulting company specializing in cybersecurity and risk management. We are a team of passionate experts dedicated to helping our clients navigate complex challenges and achieve their goals.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.