Security Analyst Job
Company Name:
Arca24.com
Salary period: Annual
Senior Security Analyst needed for a contract opportunity with Yoh's client located in Norristown, PA. With focus on Application Security.
Top Skills You Should Possess:
- Perform Security Risk Assessments/Application Security is a must
- Penetration Testing
- NERC-CIP and ISO 27001
What You'll Be Doing:
- Per Project Assessments (80%)
- Perform and document security assessments for a variety of projects at various stages of the project life cycle.
- Review design documents and interview subject matter experts to understand the architecture and design of the project deliverables and document risks and recommendations.
- Perform code review, as needed, to validate that secure software has been delivered. Document risks and recommendations.
- Perform functional security testing and abuse testing to validate that security controls were implemented as designed.
- Perform penetration tests of project deliverables and/or coordinate pen testing by third-party consultants.
- Document risk acceptances to obtain approvals for residual risks.
- Program Work (20%)
- Document a decision tree to determine the specific security assessments that need to be performed on a project deliverable based on risk (ie pen tests may not be needed for all software).
- Enhance security assessment review templates to ensure that all analysts have clear and consistent criteria for assessments and that the process is streamlined for efficiency.
- Participate in Joint Security Assessment Review Committee (JSARC) team meetings to refine the program.
- Review the assessments of other security analysts as part of the JSARC and vote on the assessments and recommendations.
- Support the risk assessment process in line with Client's ISO 27001 information security management system.
- Support the review of security controls for overall adherence to ISO 27001, NERC CIP, and SSAE-16 requirements.
What You Need to Bring to the Table:
- Bachelor's degree in computer science, information systems, information assurance, or a related field.
- Five (5) or more years of professional experience in information security.
- Experience performing tabletop/paper-based security assessments.
Bonus Points! Otherwise Known As Preferred
Qualifications:
- Advanced degree is preferred.
- Hands-on penetration testing experience is preferred.
- Security certifications - CISSP and CEH is preferred.
If This Sounds Like You, Apply Now!
Recruiter: Diana Allen
J2W: INFOTECH
TAX TERM: CON_W2
J2WNWIT
Ref:
SFSF: RENEstimated Salary: $20 to $28 per hour based on qualifications.
Arca24.com
Salary period: Annual
Senior Security Analyst needed for a contract opportunity with Yoh's client located in Norristown, PA. With focus on Application Security.
Top Skills You Should Possess:
- Perform Security Risk Assessments/Application Security is a must
- Penetration Testing
- NERC-CIP and ISO 27001
What You'll Be Doing:
- Per Project Assessments (80%)
- Perform and document security assessments for a variety of projects at various stages of the project life cycle.
- Review design documents and interview subject matter experts to understand the architecture and design of the project deliverables and document risks and recommendations.
- Perform code review, as needed, to validate that secure software has been delivered. Document risks and recommendations.
- Perform functional security testing and abuse testing to validate that security controls were implemented as designed.
- Perform penetration tests of project deliverables and/or coordinate pen testing by third-party consultants.
- Document risk acceptances to obtain approvals for residual risks.
- Program Work (20%)
- Document a decision tree to determine the specific security assessments that need to be performed on a project deliverable based on risk (ie pen tests may not be needed for all software).
- Enhance security assessment review templates to ensure that all analysts have clear and consistent criteria for assessments and that the process is streamlined for efficiency.
- Participate in Joint Security Assessment Review Committee (JSARC) team meetings to refine the program.
- Review the assessments of other security analysts as part of the JSARC and vote on the assessments and recommendations.
- Support the risk assessment process in line with Client's ISO 27001 information security management system.
- Support the review of security controls for overall adherence to ISO 27001, NERC CIP, and SSAE-16 requirements.
What You Need to Bring to the Table:
- Bachelor's degree in computer science, information systems, information assurance, or a related field.
- Five (5) or more years of professional experience in information security.
- Experience performing tabletop/paper-based security assessments.
Bonus Points! Otherwise Known As Preferred
Qualifications:
- Advanced degree is preferred.
- Hands-on penetration testing experience is preferred.
- Security certifications - CISSP and CEH is preferred.
If This Sounds Like You, Apply Now!
Recruiter: Diana Allen
J2W: INFOTECH
TAX TERM: CON_W2
J2WNWIT
Ref:
SFSF: RENEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
