We are looking for a Security Assurance and Testing specialist. The role will be responsible for managing and executing security assurance tasks. This includes (1) defining and maintaining new security assurance profiles for various types of systems and domains, (2) creating test plans and designing test cases that can evaluate compliance and detect vulnerabilities, and (3) performing security assessment and verification to ensure customers' systems are in line with the relevant standards such as ISO, OWASP, NIST, and others. Ideal candidates combine expertise in security frameworks, risk assessment, and security testing.
Responsibility:
1. Security assurance profile development: Create and specify security assurance profiles for specific types and domains of IT or OT systems, similar to the Common Criteria (CC) Protection Profiles. This involves analyzing and documenting security requirements, threat models, and security functionalities that are aligned with relevant security standards and guidelines (e.g., ISO, OWASP, NIST) for a given system.
2. Security test plan and test case development: Define test strategies and develop test plans to validate security profiles, ensuring that all specified security requirements are met. This includes specifying tests for requirements outlined in the security profiles and ensuring test plans address both automated and manual testing requirements and identifying any tools needed to support testing.
3. Test execution and validation: Conduct security testing according to the defined test plans, execute test cases, and validate the system’s security controls against specified requirements, identifying any vulnerabilities or gaps.
4. Documentation and compliance reporting: Generate clear documentation and reports on testing outcomes and profile compliance.
Required skills and qualifications:
1. Strong knowledge of cybersecurity concepts, controls, vulnerabilities, and risk management.
2. Security standards and methodologies: Proficiency with security standards and methodologies such as ISO/IEC 15408, NIST, OWASP, or other relevant security frameworks.
3. Test plan development and execution: Experience designing, executing, and managing security test plans, ideally using structured testing methodologies like OWASP, NIST SP 800-53, or similar.
4. Risk assessment and vulnerability management: Familiarity with risk assessment and vulnerability management processes and tools.
5. Analytical and problem-solving skills: Ability to analyze complex systems and identify potential security risks.
6. Communication and documentation skills: Ability to produce clear, comprehensive documentation for both technical and non-technical stakeholders.
Educational Background:
1. Bachelor’s or Master’s Degree in Computer Science, Cybersecurity, Information Assurance, or a related field.
2. Certifications: Certifications in security and assurance (e.g., CISSP, CEH, CISM, or CCSK) and specialized certifications in security standards and compliance (e.g., Common Criteria certification, ISO/IEC 27001) are highly valued.
Experience:
1. Typically, 5+ years in cybersecurity, with significant experience in security assurance, compliance, or evaluation and security testing roles.
2. Hands-on experience with security standards such as Common Criteria, OWASP, NIST, or similar standards would be a strong asset.