Sr. Security Risk Assessment Consultants
|Reference # :||17-01373||Title :||Sr. Security Risk Assessment Consultants|
|Location :||Washington, DC|
|Position Type :||Contract|
|Experience Level :||Start Date :||12/18/2017|
|Must be legal to work in the United States without sponsorship.|
The manager is looking for a very strong candidate with risk assessment, risk framework, cloud implementation, cloud security, cloud audit, compliance for custom software and COTS software. Candidate should have a CISSP and other security certifications. (They do not want a government checklist jockey.) Candidate must work onsite in Washington, DC. Superior communication skills are a must.
Need full lifecycle Risk Assessment development background that includes:
End-to-end Risk Assessments working with Information Technology partners, business requirements and technology requirements and have conversation with Sr. Management, Information Technology and Business owners.
Proven Application, Infrastructure and Cloud Assessment background is needed.
Experience defining security controls and assessing how these were implemented.
Understanding of application security architecture
Experience with cloud architecture and implementation of security controls within Cloud deployments (AWS, Azure).
Clear understanding of a variety of Risk Frameworks and advantages of each for different types of risks.
Experience in reviewing business processes and providing information security requirements, conducting design reviews, conduct testing, identifying and reporting risks.
Conducting security architecture, threat modeling and design reviews.
Assist and conduct penetration and vulnerability assessments.
Risk documentation / communication with stakeholders. Ability to translate technical risks into business risks.
Experience in integrating risk management concepts and processes such as risk profile, threat models in existing Risk Management Processes.
Demonstrated IT Security expertise in Cloud technologies, Identity and Access Management, Logging and Monitoring, SDLC, Threat and Vulnerability Management, Enterprise Architecture, Incident Response.
CISSP certification is preferred. Additional certifications (CISA, GIAC, GSSP-NET, GWAPT, GPEN, CISM) a big plus.
Superior communication skills required.
Job Status: Contract/Temporary