Previous Job
Security Risk Assessor
Ref No.: 22-08734
Location: Roseville, California
Pay Rate : $ 50.00 /Hour
Job Title: Security Risk Assessor

Position is ONSITE in Roseville, CA – do not submit candidates who are not willing to relocate upon offer

  • Analyze security event reports. Identify and report suspicious activity.
  • Analyze vulnerability assessment reports. Identify and report vulnerable systems to management for corrective action.
  • Analyze system configuration reports. Identify and report noncompliant systems to management for corrective action.
  • Prepare and maintain inventories of systems, servers, databases, networks, and configurations.
  • Document and submit firewall rule requests.
  • Prepare and maintain configuration hardening guidelines.
  • Keep current on industry-reported vulnerabilities.
  • Identify potentially vulnerable systems.
  • Recommend countermeasures to mitigate potential risk.
  • Track in a Plan of Action and Milestones all safeguards that are deferred by the customer
  • Shall ensure all IT decisions are made with consideration of security and risk impact on the entire CD-MMIS system.
  • Provide innovative strategic technology direction for CD-MMIS and oversight of technology projects.
  • Define approaches for technology including SOA design and development, web services, commercial, off-the-shelf (COTS) products, middleware tools, productivity tools and Web technologies.
  • Develop plans and strategies to reduce/mitigate risks to CD-MMIS.

The successful candidate needs the following skills:
  • Extensive experience using spreadsheets to analyze vulnerability assessment reports, configuration compliance reports and security event logs.
  • Experience using word processing software to develop plans, procedures, reports and other documentation.
  • Familiarity using databases to maintain inventories of systems, applications, networks, as well as logical identities and authorizations.
  • Familiarity using office productivity tools to develop presentations for customer briefings and training purposes.
  • Familiarity using collaboration tools for information sharing.

  • Shall have a minimum of eight years of experience in the field of
  • Information Security, Information Security Risk Assessment or IT audit.
  • Broad range of technology experience to include: Z/OS, UNIX, Windows Server 2003/2008/2012, Intrusion detection systems, TCP/IP, Secure Application Programming.
  • At least five years of experience implementing security controls.
  • Experience in a variety of complex architecture projects, able to lead and direct other architects in all phases of enterprise-wide architecture development projects and/or initiatives.
  • Experience with new architectural approaches such as SOA.
  • Substantial exposure to data processing, hardware platforms, enterprise software applications and outsourced systems including a good understanding of computer systems characteristics, features and integration capabilities and experience with SDLC from business requirements through implementation.
  • Proven experience in program and project management, planning, organization, risk mitigation, development and implementation.
  • Knowledge and experience with network and host-based security strategies and methodologies; risk assessments and analysis; incident response; information security awareness and education; and a strong technical background with experience and knowledge of allocation layer security, knowledge of operating systems, networking protocols, intrusion detection/protection, active content, malware, defense in depth.
  • Must have excellent communication skills, verbal and written, including the ability to create, plan and organize effective presentations. Good interpersonal skills as demonstrated by working in a collaborative environment.
  • Additional relevant management experience may substitute for the degree on a two for one basis.

Bachelor's Degree in Computer Science, Business Administration/Management or related field. Master's degree in one of these fields preferred.

Additional Qualifications:
Knowledge of and experience in HIPAA, CISA, CISSP or SANS certification. Knowledge of and experience in National Institute of Standards and Technology (NIST) and Centers for Medicare and Medicaid Services (CMS) security standards