Job Title: Information Security Risk Analyst
Job Location: Menlo Park, CA
Job Duration: 6 months (Extension or Conversion possible)
- Independently perform risk based security reviews of first and third parties at Facebook including internal systems, cloud providers, *aaS providers, outsourced vendors, etc.
- Articulate security findings to internal and external stakeholders including third-party vendors.
- Provide defensible Recommendations on technical, physical and administrative control implementations based on assessment findings while balancing the cost versus benefits.
- Negotiate acceptance of remediation plans and timelines based on criticality of each finding.
- Participate in the development and oversight of corrective actions relating to security issues.
- Compile and report out security risk and operational metrics.
- Participate in cross-functional, team, and status review meetings.
- Recommend process improvement and strategic initiatives as related to security assessment.
- Must have prior experience with first or third-party security assessment.
- In-depth knowledge of security assessment lifecycle.
- Knowledge of evaluating systems architectural designs, data-flow diagrams and technical security implementations, particularly for systems hosted on the cloud platforms, for security deficiencies.
- Ability to identify and assess security risks and recommend mitigating controls.
- Knowledge of security technologies, devices and countermeasures as well as the the threats they are designed to counter.
- Good understanding of the various hacking techniques and the defensive countermeasures.
- Good understanding of the threat landscape as related to vendors.
- Good understanding of the cloud technology (IaaS, PaaS, SaaS) and the current IT trends in the industry.
- Experience with developing security reporting and recommendations that are meaningful, defensible and actionable for a variety of audiences.
- Knowledge and understanding of security controls across all security domains such as access management, encryptions, vulnerability management, authentication and authorization, network security (IPS/IDS/DLP/Gen-2 firewalls/2FA, etc.), physical security, etc.
Bachelor's Degree and/or advanced degree with a concentration in one of the followings: Computer Science, Management Information Systems, or Cyber Security
T: (408) 601-2182
T: (408) 601-2182