PDS Tech Inc Information Security Risk Assessment Analyst in Menlo Park, California

PDS Tech, Inc is seeking a candidate for the Information Security Risk Assessment and Metrics Contractor position located in Menlo Park, CA.

Independently perform risk based security reviews of first and third parties at including internal systems, cloud providers, *aaS providers, outsourced vendors, etc.

Articulate security findings to internal and external stakeholders including third-party vendors

Provide defensible Recommendations on technical, physical and administrative control implementations based on assessment findings while balancing the cost versus benefits

Negotiate acceptance of remediation plans and timelines based on criticality of each finding

Participate in the development and oversight of corrective actions relating to security issues

Compile and report out security risk and operational metrics

Participate in cross-functional, team, and status review meetings

Recommend process improvement and strategic initiatives as related to security assessment

Must have prior experience with first or third-party security assessment

In-depth knowledge of security assessment lifecycle

Knowledge of evaluating systems architectural designs, data-flow diagrams and technical security implementations, particularly for systems hosted on the cloud platforms, for security deficiencies

Ability to identify and assess security risks and recommend mitigating controls

Knowledge of security technologies, devices and countermeasures as well as the the threats they are designed to counter

Good understanding of the various hacking techniques and the defensive countermeasures

Good understanding of the threat landscape as related to vendors

Good understanding of the cloud technology (IaaS, PaaS, SaaS) and the current IT trends in the industry

Experience with developing security reporting and recommendations that are meaningful, defensible and actionable for a variety of audiences

Knowledge and understanding of security controls across all security domains such as access management, encryptions, vulnerability management, authentication and authorization, network security (IPS/IDS/DLP/Gen-2 firewalls/2FA, etc.), physical security, etc.

Excellent verbal and written communication skills

Other desirable skills & experience

Program and project management skills

Risk management frameworks and techniques

Threat modeling techniques

Software development

CISSP, CEH certifications

Good grasp of NIST, PCI, ISO, and SOC

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.