Overview

RSM UK is a leading global network of audit, tax and consulting firms. In the UK, we provide diverse advisory services to help middle-market businesses thrive. Our consulting team delivers six core solutions: business transformation, forensic, deal services, restructuring, finance function support, and risk and governance. Our goal is to be the premium adviser to the middle market, globally, with a digital-first approach and strong client relationships.

As a Principal Consultant specialising in Cyber Security within Technology Risk Assurance, you will be responsible for assisting in managing, delivering and leading cyber engagements across a diverse portfolio of mid-market clients, ensuring excellent client service and identifying further work opportunities. The role involves managing the delivery of agreed work activities with a primary focus on technical security, including offensive security services.

Responsibilities

• Deliver cyber security engagements from scoping through to delivery, debriefs and report writing.
• Contribute to the development of new market-facing cyber security products and services and to internal knowledge hubs.
• Support the development of other team members.
• Represent RSM in external meetings, including client workshops, audit committees and regional networking events.
• Build trusted relationships with senior client stakeholders and identify client and service opportunities.

What we are looking for / Qualifications

• Experience of working in professional services firms.
• Demonstrable experience delivering and leading cyber security advisory and offensive security testing engagements.
• Demonstrable experience delivering advisory engagements related to security operations and defensive controls.
• Understanding of technology trends, cyber threats, and industry issues.
• Proficiency in report writing.
• Experience with security testing techniques (threat modelling, reconnaissance, social engineering, enumeration, attack path mapping, exploitation, cleanup) across various adversarial perspectives (white/grey/black box).
• Proficiency in infrastructure and web application testing; API testing desirable.
• Proficiency with common penetration testing tools (e.g., Kali Linux, Metasploit, Nmap, BurpSuite, Nessus) and other industry-standard tools.
• Industry-recognised certification (OSCP, PenTest+, CHECK, CREST, or equivalent).
• Motivated to lead with purpose, innovate, and make a lasting impact.
• Ability to take responsibility for work tasks, quality, and deadlines under supervision.

What we can offer you

• Hybrid working.
• 26 days holiday.
• Lifestyle, health and wellbeing benefits, including financial wellbeing tools, electric car scheme and virtual GP access.
• Access to 300+ on-demand courses developed by our in-house Talent Development team.

Diversity and Inclusion

At RSM, we aim to create a strong sense of belonging for people of all identities, backgrounds and cultures. Diverse teams bring a broader range of ideas and insights to work, and we are committed to building an inclusive culture that supports differences and strengthens collaboration.

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Information Technology

Industries

• Accounting