A Security Threat and Risk Assessment is the overall activity of assessing and reporting security risks for an information system to help make well-informed risk-based decisions. An STRA also documents risk ratings and planned treatments.

The job description of a Threat and Risk Assessment can include the following:

Responsibilities:

• Identify and analyze technical threats to, and vulnerabilities of, networks.
• Identify, contain, and conduct initial mitigations and report system compromises.
• Review, analyze, and/or apply internet security protocols; cryptographic algorithms; directory standards; networking protocols; network hardening; technical IT security controls; IT security tools and techniques; intrusion detection/protection systems; firewalls; router; multiplexers and switches; and wireless devices.
• Analyze security data and provide alerts, advisories, and reports.
• Install, configure, integrate, adjust, operate, monitor performance, and detect faults on security devices and systems.
• Conduct impact analysis for new software implementations, major configuration changes and patch management.
• Troubleshoot security products and incidents.
• Identify the security products and their configuration to meet security-related project objectives.
• Implement and test configuration specifications.

Selection Criteria:

• Often a degree in computer science or computer engineering degree OR College diploma in the IT field with specialization in IT/cyber security, network security, or similar OR equivalent training and experience. 
• Industry-level certifications in a related field such as security operations, network security, threat detection and mitigation, and security appliance operations.
• Cybersecurity operations training and experience.
• Experience working in Cyber Threat Intelligence or Cybersecurity Operations functions.
• Experience in developing mitigation and remediation procedures.
• Must have strong analytic, listening, communication, and decision-making skills.