Security Risk Management Specialist

Jun 29, 2018
San Jose, California

Security Risk Management Specialist
Duration: 6+ months, 
Location: San Jose, CA
2 Openings

​​Job Description: 
The candidate will provide exceptional project management oversight on vulnerability assessments and security audits (penetration tests). At a high level, the Project Manager will interview asset owners and technical stakeholders to determine their mission, strategy and key assets, and the risks they present from a security perspective, and drive focused penetration tests to identify security defects. Experience Required 1-5 years. 

The position involves managing multiple simultaneous penetration tests that generally take 5 weeks from start to finish. The Project Manager will be collaborating with and leading development teams, security architects, and internal/external penetration testing vendors through the penetration testing life cycle. This includes but is not limited to: 

• Scheduling penetration tests with all involved stakeholders 
• Facilitating and documenting scoping meeting outcomes, ensuring that the scope meets the objectives of the penetration test 
• Ensuring all pre-test action items have been completed prior to facilitating pre-test readiness meetings 
• Configuring laptops and shipping them to 3rd party testing vendors 
• Closely monitoring the test execution and providing timely response to issues causing delays in the testing process 
• Facilitating test result readouts and obtaining consensus that the development teams understand the defects, the defect severity, how to reproduce the defects, and the recommended remediations 
• Performing quality checks on the test reports 
• Entering all defects into defect tracking systems 
• Continual process improvement, developing and improving procedural documentation 

Candidates must meet the minimum requirements outlined. ​​

• Minimum Requirements: (“Must have” Qualifications) 
- Experience demonstrating project management of increasingly complex IT or security project management, ideally in a security capacity 
- Effectively managing the successful delivery of multiple short duration projects running in parallel 
- Ability to communicate, resolve conflict, and gain consensus with development teams, security architects, and other stakeholders in order to meet delivery dates and project objectives 
- Ability to understand complex software vulnerabilities and proposed remediations and articulate them to others at a simplified level 
- Desire to engage and learn security operations from a leader in cloud based collaboration technology 
- Must be willing to work with global teams outside the regular business hours of 8-5PM PST 

​​• Desired Skills/Qualifications/System Experience requirements: (“Nice to have Qualifications”) 
- Experience managing penetration engagements 
- Knowledge of penetration testing lifecycle or penetration testing experience 
- Possession of current PMP, CISSP and/or CCSP certifications 
- Understanding of cloud SaaS and PaaS