PJT Partners is a global advisory-focused investment bank. Our team of senior professionals delivers a wide array of strategic advisory, shareholder advisory, restructuring and special situations and private fund advisory and placement services to corporations, financial sponsors, institutional investors and governments around the world. We offer a unique portfolio of advisory services designed to help our clients achieve their strategic objectives. We also provide, through PJT Park Hill, private fund advisory and fundraising services for alternative investment managers, including private equity funds, real estate funds and hedge funds.
From the beginning, PJT Partners has firmly believed that having the best people is key to building an enduring franchise. Our perspective was, and remains, that a great team brings in both top tier clients and appeals to a wide range of diverse, talented colleagues. Fostering an inclusive culture, which welcomes differing perspectives and beliefs, enables us to provide the best advice and insights to our clients.
To learn more about PJT Partners, please visit our website at www.pjtpartners.com.
Overview
The Technology department at PJT is responsible for creating and continuously improving a robust and secure technology foundation that supports the firm’s business activities. Underpinning that, the Cybersecurity function ensures that the firm accurately identifies, investigates, and remediates incidents and evaluates applicable controls related to the firm’s technology. As the technology landscape at PJT is undergoing significant change, the Cybersecurity function is also evolving to help enable that change.
Role Description
We are seeking an experienced, hands-on Cybersecurity Professional to own and drive the firm’s vulnerability management and patching program. This is an execution-focused role — the ideal candidate will be equally comfortable building strategy and rolling up their sleeves to conduct scans, validate remediations, coordinate fixes directly with engineering and infrastructure teams, and provide reporting and metrics on remedial actions and SLA-adherence.
In addition to vulnerability management, this individual will serve as a critical incident response resource, providing coverage during hours when the primary SOC team may not be available. This includes triaging and responding to critical-severity incidents, escalating appropriately, and ensuring continuity of response without gaps.
The candidate should bring a solutions-oriented, investigative mindset, comfort in a fast-paced environment, and the ability to build strong relationships across Technology and relevant business functions.
Responsibilities
Vulnerability Management (Hands‑On Execution)- Conduct regular vulnerability assessments of all systems, applications, and infrastructure
- Execute vulnerability scans using tools such as Nessus, Qualys, or Rapid7; perform or coordinate penetration testing and security assessments.
- Analyze vulnerability data and issue actionable remediation, mitigation, or risk‑acceptance recommendations calibrated to the firm’s risk profile.
- Drive remediation directly with engineering, infrastructure, and application teams — tracking findings from discovery through to validated closure.
- Validate all remediations to confirm findings are fully resolved.
- Develop and maintain meaningful vulnerability metrics and dashboards for senior leadership, incorporating risk‑based scoring, SLA adherence, and trend analysis.
- Work with cross‑functional teams to embed vulnerability management considerations into the design, development, and testing of new systems and applications.
- Coordinate with external vendors and partners to optimize detection quality, validate findings, and improve remediation workflows.
Program Management & Governance- Develop and maintain security policies, procedures, and standards aligned to industry best practices (NIST, CIS, ISO) and PJT policy requirements.
- Support audit evidence collection and manage remediation timelines for compliance‑related findings.
- Communicate security risks and program status to management and stakeholders; provide clear, prioritized recommendations.
- Understand and effectively balance risk versus business operability in all remediation decisions.
- Provide leadership and mentorship to junior security team members; manage and direct external teams as needed.
Engineering- Support and maintain the vulnerability management platform infrastructure, including scanner and agent configuration, and integration with downstream ticketing and reporting systems.
- In support of the overall PJT security program, assist with project work on security infrastructure, including SIEM, EDR, and related tooling — contributing engineering effort as priorities require.
Qualifications
Education & Experience- Bachelor’s degree in Computer Science, Information Security, or a related field.
- 7–10+ years of experience in information security, with a strong focus on vulnerability management, secure design review, patch operations, and incident response.
- Demonstrated experience running a hands‑on vulnerability management program — not solely in an oversight or program management capacity.
- Experience providing incident response coverage, including participation in on‑call rotations or extended‑hours response.
Technical Skills- Proficiency with vulnerability management platforms such as Nessus, Qualys, or Rapid7; ability to operate these tools directly, not just interpret reports.
- Knowledge of cloud security posture management (CSPM) platforms such as Wiz or Microsoft Defender for Cloud, and exposure management workflows.
- Strong technical skills in vulnerability scanning, patch management, and network security protocols.
- Working knowledge of operating systems (Windows, Linux) and web application security.
- Familiarity with SIEM tools for alert triage and incident investigation.
- Scripting and automation skills in PowerShell or Python; experience with workflow tools such as ServiceNow or JIRA.
Frameworks & Standards- Working knowledge of security frameworks including NIST CSF, CIS Controls, and ISO 27001.
- Understanding of incident response frameworks (e.g., NIST SP 800‑61, PICERL) and how vulnerability management integrates into the IR lifecycle.
Soft Skills & Availability- Excellent communication and interpersonal skills; able to convey complex security issues to both technical and non‑technical audiences.
- Strong leadership and mentorship abilities; demonstrated experience managing cross‑functional teams and external consultants.
- Ability to work independently, manage competing priorities, and adapt to rapidly shifting demands.
- Willingness and ability to provide extended‑hours incident response coverage as required by the role, including off‑hours and weekend on‑call responsibilities.
PJT is an equal opportunity employer. We do not discriminate on the basis of, and will consider all qualified applicants for employment without regard to race, color, religious creed, religion, sex, pregnancy, national origin, ancestry, citizenship status, age, marital or partnership status, sexual orientation, gender identity expression, disability, medical condition or genetic information or predisposition, veteran or military status, status as a victim of domestic violence, a sex offense or stalking, or any other category protected by law. PJT Partners also complies with all applicable laws with regard to providing reasonable accommodation of disabilities to applicants. For more information or to request an accommodation, please contact Human Resources.
California Applicants: PJT Partners will consider for employment qualified applicants with arrest and/or conviction records in a manner consistent with applicable law including, but not limited to, the San Francisco Fair Chance Ordinance and/or Los Angeles Fair Chance Initiative for Hiring Ordinance.
Applicant Privacy Notice
View our Applicant Privacy Notice here. If you are a California resident, please refer to our California Applicant Privacy Notice for further information.
- In order to be considered, please ensure your resume/CV is submitted in PDF format.
#J-18808-Ljbffr