Job Title: Security Control Assessor

Duration: 1 year contract - contract to hire option
Location: Portland, OR


Great opportunity to join a top employer embarking on a massive overhaul and modernization of their security infrastructure. The Security Assurance team is tasked with enterprise-wide security assessments to baseline organizational assets, critical information systems, emerging technologies and remediation plans. In this position you will analyze assessment efforts to provide management with a complete view of known vulnerabilities and associated risks.

Scope of assessment includes but not limited to: a detailed report of all findings or gaps associated with a system(s), the beginning of defining the POA&M and Security Assessment Report SAR deliverables.

If you are looking to utilize your leadership and strategy skills in a greenfield opportunity, this is the job for you. The candidate will need to be able to speak to a methodology for defining the likelihood of a vulnerability being leveraged to cause harm and how it could impact business

Skill and Experience Wish List

  • Ability to review technical and operational controls and evaluate the effectiveness of the controls
  • Ability to effectively communicate technical details in business language
  • The ability to handle multiple projects in a fluid process 3-5 years experience with Security Testing and Evaluation
  • Must have the ability to do Web Application Testing, Test a system based on a set of controls, and document the outcome of the control experience using tools such as
    • Acunetix
    • ZAP
    • Fiddler
    • BURP Suite
    • Nessus
    • IP360
    • Tripwire CCM

  • Experience with the following frameworks and standards, ISO 27002, NIST SP 800-37, 800-39, 800-53 rev4 , and other 800 series standards, Policies and Procedures Vulnerability and Risk Assessment process and procedures.
  • CEH Certification would be a HUGE +.
  • Experience with penetration testing, network mapping and vulnerability management tools.
  • Experience in the generation of management reports and technical remediation plans to address infrastructure concerns.