Risk Assessment Engineer (Remote)
- Job Title
- Risk Assessment Engineer (Remote)
- Job ID
- Work From Home
- Pittsburgh, PA 15275
- Other Location
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record.
Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project-based work.
Conexess Group is aiding a large healthcare client in their search for a Risk Assessment Engineer in a remote capacity. This is a long-term opportunity with a competitive compensation package.
******We are unable to work C2C on this role******
- Partners with the enterprise to develop and implement security solutions and capabilities that are aligned with business, technology and threat drivers.
- Performs critical security reviews of application and systems on enterprise projects.
- Performs focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommends security enhancements.
- Assists project teams in the implementation of security measures to meet corporate security policies, standards and external regulations, e.g., Sarbanes-Oxley, HIPAA.
- Maintains appropriate security documentation for applications and systems.
- Communicates risk assessment findings to information security customers or business partners.
- Serves as an Information security expert and trusted advisor to partners in IT and the business to enable them to make informed risk management decisions.
- Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing residual risk.
- Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
- Stays up-to-date on current and emerging security threats and designs security architectures to mitigate them.
- 5-10 of experience with regulatory, compliance and information security management frameworks (e.g., IS027000, COBIT, NIST 800, etc.)
- BS or MA in Business, Computer Science, or Information Security is PREFERRED or a related field or equivalent work experience with certifications outlined below
- PREFERRED Certifications (if candidate does not have a bachelor’s degree of higher they MUST have one of the following) Certified Information Systems Security Professional (CISSP), Certified Cloud Information Professional (CCSP), Certified Information Security Manager (CISM), and/or Certified Risk and Information Systems Control (CRISC), Security+, Network+, etc.
- Experience of working in an agile environment and Secure Software Development Lifecycle (SSDLC)
- Working knowledge or understanding of following technologies/solutions/methodologies:
- Secure application architecture design and review
- Secure web services and mobile app design and review
- Encryption, hashing and key management
- Multifactor authentication, logging and vulnerability management
- Cloud Computing (AWS, Azure, Google, Private)
- OpenStack, ACI, OpenShift, Docker