Threat & Risk Assessment

A Security Threat and Risk Assessment is the overall activity of assessing and reporting security risks for an information system to help make well-informed risk-based decisions. An STRA also documents risk ratings and planned treatments.

The job description of a Threat and Risk Assessment can include the following:


  • Identify and analyze technical threats to, and vulnerabilities of, networks.
  • Identify, contain, and conduct initial mitigations and report system compromises.
  • Review, analyze, and/or apply internet security protocols; cryptographic algorithms; directory standards; networking protocols; network hardening; technical IT security controls; IT security tools and techniques; intrusion detection/protection systems; firewalls; router; multiplexers and switches; and wireless devices.
  • Analyze security data and provide alerts, advisories, and reports.
  • Install, configure, integrate, adjust, operate, monitor performance, and detect faults on security devices and systems.
  • Conduct impact analysis for new software implementations, major configuration changes and patch management.
  • Troubleshoot security products and incidents.
  • Identify the security products and their configuration to meet security-related project objectives.
  • Implement and test configuration specifications.

Selection Criteria:

  • Often a degree in computer science or computer engineering degree OR College diploma in the IT field with specialization in IT/cyber security, network security, or similar OR equivalent training and experience. 
  • Industry-level certifications in a related field such as security operations, network security, threat detection and mitigation, and security appliance operations.
  • Cybersecurity operations training and experience.
  • Experience working in Cyber Threat Intelligence or Cybersecurity Operations functions.
  • Experience in developing mitigation and remediation procedures.
  • Must have strong analytic, listening, communication, and decision-making skills.