Information Security Risk Assessment Analyst
1 Hacker Way Menlo Park, CA 94025
Position Title: Information Security Risk Assessment Analyst
Position Description: Protingent Staffing has an exciting opportunity with our client in Menlo Park, CA.
- Independently perform risk based security reviews of first and third parties including internal systems, cloud providers, *aaS providers, outsourced vendors, etc.
- Articulate security findings to internal and external stakeholders including third-party vendors
- Provide defensible recommendations on technical, physical and administrative control implementations based on assessment findings while balancing the cost versus benefits
- Negotiate acceptance of remediation plans and timelines based on criticality of each finding
- Participate in the development and oversight of corrective actions relating to security issues
- Compile and report out security risk and operational metrics
- Participate in cross-functional, team, and status review meetings
- Recommend process improvement and strategic initiatives as related to security assessment
- Must have prior experience with first or third-party security assessment
- In-depth knowledge of security assessment lifecycle
- Knowledge of evaluating systems architectural designs, data-flow diagrams and technical security implementations, particularly for systems hosted on the cloud platforms, for security deficiencies
- Ability to identify and assess security risks and recommend mitigating controls
- Knowledge of security technologies, devices and countermeasures as well as the threats they are designed to counter
- Good understanding of the various hacking techniques and the defensive countermeasures
- Good understanding of the threat landscape as related to vendors
- Good understanding of the cloud technology (IaaS, PaaS, SaaS) and the current IT trends in the industry
- Experience with developing security reporting and recommendations that are meaningful, defensible and actionable for a variety of audiences
- Knowledge and understanding of security controls across all security domains such as access management, encryptions, vulnerability management, authentication and authorization, network security (IPS/IDS/DLP/Gen-2 firewalls/2FA, etc.), physical security, etc.
- Excellent verbal and written communication skills
- Education: Bachelor' s Degree and/or advanced degree with a concentration in one of the followings: Computer Science, Management Information Systems, or Cyber Security
- Program and project management skills
- Risk management frameworks and techniques Threat modeling techniques Software development CISSP, CEH certifications Good grasp of NIST, PCI, ISO, and SOC
Benefits Package: Protingent offers competitive salary, 100% paid health insurance, education/certification reimbursement, pre-tax commuter benefits, Paid Time Off (PTO) and an administered 401k plan.
About Protingent: Protingent is a niche provider of top Engineering and IT talent to Software, Electronics, Medical Device, Telecom and Aerospace companies nationwide. Protingent exists to make a positive impact and contribution to the lives of others as well as our community by providing relevant, rewarding and exciting work opportunities for our candidates.