Cybersecurity Consultant

Who We Are

At Kyndryl, we run and reimagine the mission-critical technology systems that drive advantage for the world’s leading businesses.  We are at the heart of progress; with proven expertise and a continuous flow of AI-powered insight, enabling smarter decisions, faster innovation, and a lasting competitive edge. For our people—Kyndryls—that means doing purposeful work that powers human progress. Join us and experience a flexible, supportive environment where your well-being is prioritized and your potential can thrive.

The Role

Senior Cybersecurity Consultant with a strong technical and consulting background, capable of leading and delivering advanced cybersecurity engagements across areas such as security assessments, cyber deception, Continuous Threat Exposure Management (CTEM), threat modeling, and threat intelligence.

The ideal candidate combines hands-on cybersecurity expertise with the ability to manage project delivery, coordinate teams, engage with senior client stakeholders, and produce high-quality technical and executive deliverables. They bring solid knowledge of cybersecurity frameworks such as MITRE ATT&CK, NIST, ISO 27001, CIS Controls, OWASP, and related references, and are comfortable translating technical findings, threat scenarios, and exposure risks into actionable remediation plans.

This profile requires strong experience assessing complex technology environments, identifying attack paths and security gaps, prioritizing risks, and advising clients on practical improvements to strengthen their security posture. The candidate should be able to operate across multiple domains, including cloud security, identity security, infrastructure security, threat intelligence, detection, vulnerability management, and security operations.

The role requires a senior consultant who can lead engagements end to end, from scoping and planning to execution, reporting, presentation, and follow-up. They should demonstrate autonomy, analytical rigor, strong communication skills, and the ability to work effectively with CISOs, security teams, architects, infrastructure teams, cloud teams, SOC teams, and engineering teams.

Who You Are

EDUCATION AND CERTIFICATIONS:

Bachelor’s or Master’s degree in Computer Engineering, Cybersecurity, Telecommunications, Information Security, or a related technical discipline.

Relevant cybersecurity certifications will be positively valued, such as CISSP, CISM, CRISC, CCSP, OSCP, OSWE, GIAC certifications, ISO 27001 Lead Auditor / Lead Implementer, or equivalent certifications.

EXPERIENCE:

7+ years of experience in cybersecurity services, security consulting, security assessments, threat management, offensive security, security architecture, or related cybersecurity domains.

Experience leading cybersecurity projects, coordinating delivery teams, managing client stakeholders, and ensuring the quality of consulting deliverables.

Previous experience in a consulting environment or professional services organization will be highly valued.

LANGUAGES:

Spanish and English, B2 level or higher.

Ability to communicate effectively with both technical and executive stakeholders in written and spoken English.

SKILLS AND KNOWLEDGE:

Strong experience in the delivery of cybersecurity consulting services, including security assessments, maturity assessments, technical reviews, risk analysis, and security improvement plans.

Solid knowledge of cybersecurity frameworks, methodologies, and standards such as NIST Cybersecurity Framework, MITRE ATT&CK, ISO/IEC 27001, CIS Controls, OWASP, ENISA, CCN-STIC, or equivalent references.

Experience in identifying, analyzing, and prioritizing security risks, control gaps, vulnerabilities, attack paths, and exposure scenarios across complex technology environments.

Knowledge or experience in areas such as:

• Security assessments across infrastructure, cloud, applications, identity, and security operations environments.
• Continuous Threat Exposure Management, including exposure discovery, validation, prioritization, remediation governance, and continuous posture improvement.
• Cyber deception concepts, technologies, and use cases, including decoys, deceptive assets, lures, honeytokens, detection logic, and adversary engagement.
• Threat modeling methodologies such as STRIDE, attack trees, abuse cases, kill chain-based modeling, or architecture-driven threat analysis.
• Threat intelligence lifecycle, including collection, analysis, contextualization, dissemination, and operationalization of intelligence.
• MITRE ATT&CK-based analysis, adversary behavior mapping, detection opportunities, and security control validation.
• Cloud and hybrid security across AWS, Azure, and/or Google Cloud Platform.
• Identity and access management, privileged access, secrets management, and attack paths related to identity compromise.
• Network security, segmentation, perimeter controls, lateral movement analysis, and exposure reduction.
• Application security principles, secure design, API security, and integration with DevSecOps practices.
• Vulnerability management, attack surface management, security posture assessment, and risk-based remediation.
• Logging, monitoring, detection engineering, SOC use cases, and integration of findings into security operations.
• Security architecture and secure design principles across enterprise technology environments.
• Executive and technical reporting, including the ability to translate complex technical findings into business-relevant risk narratives.

Strong analytical skills and the ability to understand complex environments, identify security priorities, and propose practical, risk-based remediation actions.

Ability to lead workshops, interviews, technical sessions, and executive presentations with client stakeholders.

Experience coordinating teams, reviewing deliverables, mentoring consultants, and ensuring methodological consistency across projects.

Ability to operate effectively between hands-on technical analysis, advisory work, architectural discussions, and senior stakeholder communication.

Strong autonomy, ownership, communication skills, and delivery orientation.

Ability to contribute to the growth of cybersecurity consulting capabilities through reusable assets, methodologies, service offerings, and knowledge sharing.

KEY RESPONSIBILITIES:

Lead and deliver cybersecurity consulting engagements focused on security assessments, cyber deception projects, Continuous Threat Exposure Management (CTEM), threat modeling, threat intelligence, and related offensive and defensive security initiatives.

Act as the technical and delivery lead for security assessment projects, ensuring quality, consistency, timely execution, and alignment with client expectations and business objectives.

Define project approaches, methodologies, work plans, deliverables, and execution models for advanced cybersecurity consulting services.

Conduct and oversee security assessments across cloud, hybrid, on-premise, application, infrastructure, identity, and security operations environments.

Identify security weaknesses, exposure points, attack paths, control gaps, and areas for improvement, translating findings into actionable remediation plans and prioritized recommendations.

Lead CTEM-related initiatives, including exposure identification, validation, prioritization, remediation tracking, and continuous improvement of the client’s security posture.

Design, implement, and assess cyber deception strategies and capabilities, including deception use cases, decoys, lures, detection logic, and integration with security operations processes.

Lead threat modeling activities for applications, platforms, architectures, and critical business processes, supporting technical teams in identifying risks and defining appropriate security controls.

Support threat intelligence initiatives by analyzing threat actors, tactics, techniques, and procedures, and translating intelligence into practical security improvements, detection opportunities, and risk reduction actions.

Collaborate with client stakeholders, including CISOs, security teams, architecture teams, infrastructure teams, cloud teams, SOC teams, and engineering teams.

Coordinate multidisciplinary teams during project execution, providing technical guidance, quality assurance, mentoring, and support to junior and mid-level consultants.

Produce high-quality technical and executive deliverables, including assessment reports, maturity evaluations, threat models, CTEM roadmaps, cyber deception strategies, remediation plans, and security recommendations.

Support the definition and evolution of cybersecurity methodologies, reusable frameworks, accelerators, templates, and delivery standards.

Contribute to pre-sales and business development activities by supporting proposal preparation, scope definition, effort estimation, technical presentations, and client workshops.

Stay up to date with emerging threats, attack techniques, security technologies, industry frameworks, and best practices, ensuring their practical application in consulting engagements.

Being You

The “Kyn” in Kyndryl means kinship, which represents the strong bonds we have with each other, our customers and our communities. We focus on ensuring all Kyndryls feel included and we welcome people of all cultures, backgrounds, and experiences. Even if you don’t meet every requirement, we encourage you to apply. We believe in growth, and we’re excited to see what you can bring. At Kyndryl, employee feedback has told us that our number one driver of employee engagement is belonging. That sense of belonging — being a valued, respected, trusted member of the team — is fundamental to our culture and fueling great experiences for our customers. This dedication to welcoming everyone into our company means that Kyndryl gives you the ability to thrive and contribute to our culture of empathy and shared success. That’s The Kyndryl Way.

What You Can Expect

Your career with us isn’t just a job—it’s an adventure with purpose.  We offer a dynamic, hybrid-friendly culture that supports your well-being and empowers you to grow. Our Be Well programs are thoughtfully designed to support your financial, mental, physical, and social health—because we know that when you feel your best, you do your best.

From your very first day, you’ll dive into impactful work that powers the systems our customers rely on every day. You won’t just contribute—you’ll make a difference, tackling meaningful projects that sharpen your skills and fuel your growth.

We’re here to champion your journey. With powerful tools to chart your career path, personalized development goals aligned with your ambitions, and continuous feedback to keep you inspired and on track, you’ll have everything you need to thrive and evolve. You’ll develop in-demand skills to grow your career and achieve your ambitions with access to cutting-edge learning opportunities—from certifications with Microsoft, Google, and Amazon to coaching and hands-on experiences. And through it all, you’ll be part of a culture that values empathy, restless learning, and a devotion to shared success.

We want you to thrive here—and we’re committed to helping you do just that. Ready to make an impact? Join us and help shape what’s next.

Get Referred!

If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.