Senior Associate Security Compliance Analyst

About EisnerAmper

At EisnerAmper, we look for individuals who welcome new ideas, encourage innovation, and are eager to make an impact. Whether you’re starting out in your career or taking your next step as a seasoned professional, the EisnerAmper experience is one-of-a-kind. You can design a career you’ll love from top to bottom – we give you the tools you need to succeed and the autonomy to reach your goals.

EisnerAmper is looking to hire a Senior Associate Security Compliance Analyst to join its Risk & Compliance Services practice as a dedicated member of the IT Risk, Data Privacy & Security team. We are seeking a Cybersecurity Compliance Analyst with a strong technical foundation in vulnerability and penetration testing to support our clients’ compliance, audit, and risk programs. This role is ideal for someone who understands security tools and testing techniques but applies them in a compliance-focused environment—validating controls, interpreting technical evidence, and helping clients understand their security posture.

What it Means to Work for EisnerAmper

• You will get to be part of one of the largest and fastest growing accounting and advisory firms in the industry
• You will have the flexibility to manage your days in support of our commitment to work/life balance
• You will join a culture that has received multiple top “Places to Work” awards
• We believe that great work is accomplished when cultures, ideas and experiences come together to create new solutions
• We understand that embracing our differences is what unites us as a team and strengthens our foundation
• Showing up authentically is how we, both as professionals and a Firm, find inspiration to do our best work

What Work You Will be Responsible For

• Perform vulnerability assessments across Windows and Linux environments to support compliance and audit requirements.
• Use Kali Linux or similar platforms (Parrot OS, BlackArch) to perform reconnaissance, validate control effectiveness, and gather technical evidence.
• Leverage tools such as Nmap, Burp Suite, Metasploit, and Wireshark to identify risks and confirm whether security controls are operating as intended.
• Support IT audit teams by interpreting scan results, validating configurations, and documenting technical evidence.
• Evaluate basic web application security risks using the OWASP Top 10 as a reference framework.
• Use scripting (Bash, Python, PowerShell) to automate evidence gathering or streamline validation tasks.
• Prepare clear, client-ready documentation explaining findings, risk impacts, and compliance implications.
• Communicate technical concepts to non-technical stakeholders in a clear and professional manner.
• May be required to occasionally work extended hours, or travel to/work from different firm offices and/or client locations.

Basic Qualifications

• Bachelors Degree
• 2–3 years of hands-on experience performing penetration testing or vulnerability assessments in Windows/Linux environments.
• Experience with Kali Linux or similar testing distributions.
• Familiarity with core tools: Nmap, Burp Suite, Metasploit, Wireshark.

Preferred/Desired Qualifications

• Strong documentation and communication skills for client-facing compliance work.
• Understanding of OWASP Top 10 and basic web application security concepts.
• Basic scripting knowledge (Bash, Python, or PowerShell).
• CEH or similar certification.
• Someone who enjoys the technical side of security but can pivot that knowledge into structured compliance work.
• Comfortable reviewing configurations, validating controls, and making technical findings understandable for auditors and business leaders.
• Detail-oriented, methodical, and able to connect technical testing results to compliance frameworks.

About our Risk & Compliance Team

Specializing in services such as risk advisory and technology risk, RCS employees aren’t just passionate about technology, but we see it as our driving force for innovation and forward thinking. We’re committed to serving as advocates to our clients, enabling them to navigate, transform, secure, and maintain processes and controls they need to reach their unique goals. Whether it’s complying with a new regulatory requirement or automating controls within a process, providing peace of mind for those “what’s next” moments is our mantra and unique promise to clients.

Risk & Compliance Services employees are encouraged to think like an owner when supporting clients. Through this entrepreneurial and business-first mindset, we’re pushed to take a step outside of our comfort zones and deliver solutions that both create a lasting business impact for our clients and allow us to grow as professionals.

Our core values of trust, integrity and accountability allow us to act as strategic innovators. Because when we build trust with each other, we can bring new ideas to the table and execute them without fear of failure.

About EisnerAmper

EisnerAmper is one of the largest accounting, tax, and business advisory firms, with approximately 450 partners and 4,500 employees across the world. We combine responsiveness with a long-range perspective; to help clients meet the pressing issues they face today and position them for success tomorrow.

Our clients are enterprises as diverse as sophisticated financial institutions and start-ups, global public firms, and middle-market companies, as well as high net worth individuals, family offices, not-for-profit organizations, and entrepreneurial ventures across a variety of industries. We are also engaged by the attorneys, financial professionals, bankers, and investors who serve these clients.

Key skills/competency

• Vulnerability Assessments
• Penetration Testing
• Cybersecurity Compliance
• IT Risk Management
• Kali Linux
• Nmap
• Burp Suite
• Metasploit
• Wireshark
• OWASP Top 10
• Scripting (Python, Bash, PowerShell)
• Client Communication
• Technical Documentation
• Audit Support
• Control Validation