Senior Associate- Security Compliance Analyst
About The Position
At EisnerAmper, we look for individuals who welcome new ideas, encourage innovation, and are eager to make an impact. Whether you’re starting out in your career or taking your next step as a seasoned professional, the EisnerAmper experience is one-of-a-kind. You can design a career you’ll love from top to bottom – we give you the tools you need to succeed and the autonomy to reach your goals. EisnerAmper is looking to hire a Senior Associate to join its Risk & Compliance Services practice as a dedicated member of the IT Risk, Data Privacy & Security team. We are seeking a Cybersecurity Compliance Analyst with a strong technical foundation in vulnerability and penetration testing to support our clients’ compliance, audit, and risk programs. This role is ideal for someone who understands security tools and testing techniques but applies them in a compliance-focused environment—validating controls, interpreting technical evidence, and helping clients understand their security posture. What it Means to Work for EisnerAmper: You will get to be part of one of the largest and fastest growing accounting and advisory firms in the industry You will have the flexibility to manage your days in support of our commitment to work/life balance You will join a culture that has received multiple top “Places to Work” awards We believe that great work is accomplished when cultures, ideas and experiences come together to create new solutions We understand that embracing our differences is what unites us as a team and strengthens our foundation Showing up authentically is how we, both as professionals and a Firm, find inspiration to do our best work
Requirements
- Bachelors Degree
- 2–3 years of hands-on experience performing penetration testing or vulnerability assessments in Windows/Linux environments.
- Experience with Kali Linux or similar testing distributions.
- Familiarity with core tools: Nmap, Burp Suite, Metasploit, Wireshark.
Nice To Haves
- Strong documentation and communication skills for client-facing compliance work.
- Understanding of OWASP Top 10 and basic web application security concepts.
- Basic scripting knowledge (Bash, Python, or PowerShell).
- CEH or similar certification.
- Someone who enjoys the technical side of security but can pivot that knowledge into structured compliance work.
- Comfortable reviewing configurations, validating controls, and making technical findings understandable for auditors and business leaders.
- Detail-oriented, methodical, and able to connect technical testing results to compliance frameworks.
Responsibilities
- Perform vulnerability assessments across Windows and Linux environments to support compliance and audit requirements.
- Use Kali Linux or similar platforms (Parrot OS, BlackArch) to perform reconnaissance, validate control effectiveness, and gather technical evidence.
- Leverage tools such as Nmap, Burp Suite, Metasploit, and Wireshark to identify risks and confirm whether security controls are operating as intended.
- Support IT audit teams by interpreting scan results, validating configurations, and documenting technical evidence.
- Evaluate basic web application security risks using the OWASP Top 10 as a reference framework.
- Use scripting (Bash, Python, PowerShell) to automate evidence gathering or streamline validation tasks.
- Prepare clear, client-ready documentation explaining findings, risk impacts, and compliance implications.
- Communicate technical concepts to non-technical stakeholders in a clear and professional manner.
- May be required to occasionally work extended hours, or travel to/work from different firm offices and/or client locations.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
