Job Title: Security Control Assessor
Duration: 1 year contract - contract to hire option
Location: Portland, OR
Great opportunity to join a top employer embarking on a massive overhaul and modernization of their security infrastructure. The Security Assurance team is tasked with enterprise-wide security assessments to baseline organizational assets, critical information systems, emerging technologies and remediation plans. In this position you will analyze assessment efforts to provide management with a complete view of known vulnerabilities and associated risks.
Scope of assessment includes but not limited to: a detailed report of all findings or gaps associated with a system(s), the beginning of defining the POA&M and Security Assessment Report SAR deliverables.
If you are looking to utilize your leadership and strategy skills in a greenfield opportunity, this is the job for you. The candidate will need to be able to speak to a methodology for defining the likelihood of a vulnerability being leveraged to cause harm and how it could impact business
Skill and Experience Wish List
- Ability to review technical and operational controls and evaluate the effectiveness of the controls
- Ability to effectively communicate technical details in business language
- The ability to handle multiple projects in a fluid process 3-5 years experience with Security Testing and Evaluation
- Must have the ability to do Web Application Testing, Test a system based on a set of controls, and document the outcome of the control experience using tools such as
- BURP Suite
- Tripwire CCM
- Experience with the following frameworks and standards, ISO 27002, NIST SP 800-37, 800-39, 800-53 rev4 , and other 800 series standards, Policies and Procedures Vulnerability and Risk Assessment process and procedures.
- CEH Certification would be a HUGE +.
- Experience with penetration testing, network mapping and vulnerability management tools.
- Experience in the generation of management reports and technical remediation plans to address infrastructure concerns.