Security Analyst Job

Company Name:
Salary period: Annual
Senior Security Analyst needed for a contract opportunity with Yoh's client located in Norristown, PA. With focus on Application Security.
Top Skills You Should Possess:
- Perform Security Risk Assessments/Application Security is a must
- Penetration Testing
- NERC-CIP and ISO 27001
What You'll Be Doing:
- Per Project Assessments (80%)
- Perform and document security assessments for a variety of projects at various stages of the project life cycle.
- Review design documents and interview subject matter experts to understand the architecture and design of the project deliverables and document risks and recommendations.
- Perform code review, as needed, to validate that secure software has been delivered. Document risks and recommendations.
- Perform functional security testing and abuse testing to validate that security controls were implemented as designed.
- Perform penetration tests of project deliverables and/or coordinate pen testing by third-party consultants.
- Document risk acceptances to obtain approvals for residual risks.
- Program Work (20%)
- Document a decision tree to determine the specific security assessments that need to be performed on a project deliverable based on risk (ie pen tests may not be needed for all software).
- Enhance security assessment review templates to ensure that all analysts have clear and consistent criteria for assessments and that the process is streamlined for efficiency.
- Participate in Joint Security Assessment Review Committee (JSARC) team meetings to refine the program.
- Review the assessments of other security analysts as part of the JSARC and vote on the assessments and recommendations.
- Support the risk assessment process in line with Client's ISO 27001 information security management system.
- Support the review of security controls for overall adherence to ISO 27001, NERC CIP, and SSAE-16 requirements.
What You Need to Bring to the Table:
- Bachelor's degree in computer science, information systems, information assurance, or a related field.
- Five (5) or more years of professional experience in information security.
- Experience performing tabletop/paper-based security assessments.
Bonus Points! Otherwise Known As Preferred Qualifications:
- Advanced degree is preferred.
- Hands-on penetration testing experience is preferred.
- Security certifications - CISSP and CEH is preferred.
If This Sounds Like You, Apply Now!
Recruiter: Diana Allen

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.