Previous Job
Information Security Risk Assessment Analyst
Ref No.: 18-09724
Location: Menlo Park, California
Independently perform risk based security reviews of first and third parties at Facebook including internal systems, cloud providers, *aaS providers, outsourced vendors, etc.
Articulate security findings to internal and external stakeholders including third-party vendors
Provide defensible Recommendations on technical, physical and administrative control implementations based on assessment findings while balancing the cost versus benefits
Negotiate acceptance of remediation plans and timelines based on criticality of each finding
Participate in the development and oversight of corrective actions relating to security issues
Compile and report out security risk and operational metrics
Participate in cross-functional, team, and status review meetings
Recommend process improvement and strategic initiatives as related to security assessment

Must have prior experience with first or third-party security assessment
In-depth knowledge of security assessment lifecycle
Knowledge of evaluating systems architectural designs, data-flow diagrams and technical security implementations, particularly for systems hosted on the cloud platforms, for security deficiencies
Ability to identify and assess security risks and recommend mitigating controls
Knowledge of security technologies, devices and countermeasures as well as the the threats they are designed to counter
Good understanding of the various hacking techniques and the defensive countermeasures
Good understanding of the threat landscape as related to vendors
Good understanding of the cloud technology (IaaS, PaaS, SaaS) and the current IT trends in the industry
Experience with developing security reporting and recommendations that are meaningful, defensible and actionable for a variety of audiences
Knowledge and understanding of security controls across all security domains such as access management, encryptions, vulnerability management, authentication and authorization, network security (IPS/IDS/DLP/Gen-2 firewalls/2FA, etc.), physical security, etc.
Excellent verbal and written communication skills
Other desirable skills & experience
Program and project management skills
Risk management frameworks and techniques
Threat modeling techniques
Software development
CISSP, CEH certifications
Good grasp of NIST, PCI, ISO, and SOC