Job Title

Join EisnerAmper, where we embrace innovative ideas and encourage personal impact. At our firm, you'll find opportunities to shape a fulfilling career—equipped with the tools you need to succeed and the freedom to achieve your goals. We are on the lookout for a Senior Associate to enhance our Risk & Compliance Services practice as a key member of our IT Risk, Data Privacy & Security team. We seek a Cybersecurity Compliance Analyst with a solid technical background in vulnerability and penetration testing to assist our clients in their compliance, audit, and risk initiatives. This position is perfect for someone who is proficient in security tools and testing methodologies while focusing on compliance—validating controls, interpreting technical evidence, and helping clients understand their security posture. What It Means to Work for EisnerAmper: Become part of one of the largest and fastest-growing accounting and advisory firms in the industry. Enjoy the flexibility to manage your schedule, supporting our commitment to work/life balance. Join a culture that has received numerous accolades as a top workplace. We believe in the power of diverse cultures, ideas, and experiences to create innovative solutions. We know that our differences unite us and strengthen our team foundation. We find inspiration through authenticity, enabling us to deliver our best work. Your Responsibilities Include: Conduct vulnerability assessments across Windows and Linux environments to fulfill compliance and audit requirements. Utilize Kali Linux or similar platforms (Parrot OS, BlackArch) for reconnaissance, control effectiveness validation, and technical evidence gathering. Employ tools such as Nmap, Burp Suite, Metasploit, and Wireshark to identify risks and confirm the functioning of security controls. Assist IT audit teams by interpreting scan results, validating configurations, and documenting technical evidence. Assess basic web application security risks using the OWASP Top 10 framework. Apply scripting skills (Bash, Python, PowerShell) to automate evidence gathering and streamline validation tasks. Prepare clear, client-facing documentation to report findings, risk impacts, and compliance implications. Communicate technical concepts to non-technical stakeholders in a professional manner. May require occasional extended hours or travel to and from various firm offices and client locations. Basic Qualifications: Bachelor's Degree. 2-3 years of hands-on experience with penetration testing or vulnerability assessments in Windows/Linux environments. Experience with Kali Linux or similar testing distributions. Familiarity with core security tools: Nmap, Burp Suite, Metasploit, Wireshark. Preferred Qualifications: Strong documentation and communication skills for client-facing compliance efforts. Understanding of OWASP Top 10 and basic web application security principles. Basic scripting knowledge (Bash, Python, PowerShell). CEH or a similar certification. A passion for the technical aspects of security while being able to transition that knowledge into structured compliance work. Ability to review configurations, validate controls, and make technical findings comprehensible for auditors and business leaders. Detail-oriented, methodical, and adept at connecting technical testing results to compliance frameworks. EisnerAmper takes pride in being a merit-based employer. We do not discriminate based on veteran or disability status or any other protected characteristics under federal, state, or local law. About our Risk & Compliance Team: Our team specializes in risk advisory and technology risk services. We are passionate about technology, viewing it as the key driver for innovation. We advocate for our clients, helping them navigate, transform, secure, and maintain processes and controls to achieve their unique goals. Our mission is to provide peace of mind in their