Friday, July 27, 2018

Information Security Risk Analyst

Position Details:
Client:             Facebook
Job Title:         Information Security Risk Analyst
Job Location:  Menlo Park, CA
Job Duration:  6 months (Extension or Conversion possible)

Job Requirement:
  • Independently perform risk based security reviews of first and third parties at Facebook including internal systems, cloud providers, *aaS providers, outsourced vendors, etc.
  • Articulate security findings to internal and external stakeholders including third-party vendors.
  • Provide defensible Recommendations on technical, physical and administrative control implementations based on assessment findings while balancing the cost versus benefits.
  • Negotiate acceptance of remediation plans and timelines based on criticality of each finding.
  • Participate in the development and oversight of corrective actions relating to security issues.
  • Compile and report out security risk and operational metrics.
  • Participate in cross-functional, team, and status review meetings.
  • Recommend process improvement and strategic initiatives as related to security assessment.

Skills: 
  • Must have prior experience with first or third-party security assessment.
  • In-depth knowledge of security assessment lifecycle.
  • Knowledge of evaluating systems architectural designs, data-flow diagrams and technical security implementations, particularly for systems hosted on the cloud platforms, for security deficiencies.
  • Ability to identify and assess security risks and recommend mitigating controls.
  • Knowledge of security technologies, devices and countermeasures as well as the the threats they are designed to counter.
  • Good understanding of the various hacking techniques and the defensive countermeasures.
  • Good understanding of the threat landscape as related to vendors.
  • Good understanding of the cloud technology (IaaS, PaaS, SaaS) and the current IT trends in the industry.
  • Experience with developing security reporting and recommendations that are meaningful, defensible and actionable for a variety of audiences.
  • Knowledge and understanding of security controls across all security domains such as access management, encryptions, vulnerability management, authentication and authorization, network security (IPS/IDS/DLP/Gen-2 firewalls/2FA, etc.), physical security, etc.

Education:      
Bachelor's Degree and/or advanced degree with a concentration in one of the followings: Computer Science, Management Information Systems, or Cyber Security

Ritvik Chaturvedi
Technical Recruiter
T: (408) 601-2182