We are looking for an experienced Security Risk Assessment/ Remediation Specialist to support our cyber security assessment program. This role involves conducting in-depth assessments of clients' cybersecurity programs around the globe, focusing on security governance, security architecture, cyber defense, and security risk management. The ideal candidate will have a proven track record in conducting comprehensive assessment along with hand on experience in penetration testing, and the ability to develop and implement effective remediation strategies.

Major Responsibilities:

• Conduct comprehensive assessments of clients' cybersecurity programs, evaluating their security governance, architecture, cyber defense mechanisms, and risk management practices.
• Provide expert analysis and feedback on the effectiveness of clients' cybersecurity measures, identifying gaps and recommending improvements aligned with best practices and regulatory requirements.
• Provide a detailed high-level overview of clients' organization's program maturity, areas of strength, opportunities for improvement, gap analysis and implementation roadmap.
• Lead cybersecurity workshops and training sessions for clients, focusing on enhancing awareness and understanding of Cloud Security Architecture, Application Security, Supply Chain Risk Management, and Threat Intelligence
• Perform penetration testing to identify vulnerabilities in clients' IT infrastructure, applications, and processes. This includes network penetration, web and mobile application testing, source code reviews, and social engineering tests.
• Analyze findings from assessments and penetration tests to determine the impact of detected vulnerabilities and work closely with clients to implement remediation strategies, providing guidance on best practices for security enhancements and risk mitigation.

Qualifications:

• Demonstrable experience collaborating with federal government entities such as Department of Defense (DoD), the Department of State (DOS), as well as state and local government institutions.
• Bachelor's degree in information security, Computer Science, Information Systems, or a related field.
• A minimum of 5 years of experience in cybersecurity, with a proven track record in program assessment, penetration testing, and remediation is required.
• Expert knowledge of security frameworks and standards such as NIST, ISO 27001, and CIS, with the ability to tailor assessments to specific industry regulations and requirements.
• Relevant professional certifications, such as CISSP, OSCP, CEH, or CISM, are highly desirable.
• Strong communication and interpersonal abilities, with the skill to articulate complex security issues to non-technical stakeholders.
• Willingness to travel internationally to client sites as needed.

This job description is a summary of the typical functions of the job, not an exhaustive or comprehensive list of all possible job responsibilities, tasks, and duties. CRDF Global reserves the right to amend and change job descriptions and job responsibilities to meet business and organizational needs as necessary.This position requires frequent travel to conduct on-site assessments, penetration tests, and remediation support for clients. Flexibility to work outside of traditional office hours to meet client needs and deadlines.

CRDF Global is an Equal Opportunity Employer (EOE). CRDF Global provides equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran, or disabled status. All positions require US work authorization and CRDF Global does not provide employment visa sponsorship. Unless otherwise stated, all positions are based in our Arlington, Virginia location. We work in a hybrid environment that provides employees a weekly mix of in-office and remote work.