ZipRecruiter

Log In

1

Cyber Security Risk Assessment Jobs in California

Hyundai Capital

Sr. Cybersecurity GRC Manager

Irvine, CA

$119K - $161K/yr

... cybersecurity policies, regulatory requirements, and risk mitigation strategies ... What You Will Do 1. Develop and executive internal security risk assessments, threat modeling, and ...

Hyundai Capital

Sr. Cybersecurity GRC Manager

Irvine, CA · On-site

$132K - $204K/yr

... cybersecurity policies, regulatory requirements, and risk mitigation strategies ... What You Will Do 1. Develop and executive internal security risk assessments, threat modeling, and ...

ENSCO, Inc.

Cyber Security Engineer

El Segundo, CA

Some of the job responsibilities include but are not limited to: - Perform systems engineering activities in the areas of cybersecurity, Risk Management Framework (RMF) Assessment & Authorization (A ...

KBR

Cyber Security Engineer

El Segundo, CA

Perform systems engineering activities in the areas of cybersecurity, Risk Management Framework (RMF) Assessment & Authorization (A&A) in accordance with DoDI 8510.01 * Perform cryptographic System ...

KBR, Inc.

Cyber Security Engineer

El Segundo, CA · On-site

Perform systems engineering activities in the areas of cybersecurity, Risk Management Framework (RMF) Assessment & Authorization (A&A) in accordance with DoDI 8510.01 * Perform cryptographic System ...

ENSCO, Inc.

Cyber Security Engineer

El Segundo, CA · On-site

Some of the job responsibilities include but are not limited to: - Perform systems engineering activities in the areas of cybersecurity, Risk Management Framework (RMF) Assessment & Authorization (A ...

JS Consulting

Senior Software Engineer

Irvine, CA · On-site

$131K - $173K/yr

Cybersecurity risk assessment * Legacy Android (5) * Operating System level work * Regulated industry required Position Summary : We are looking for a Senior Software Engineer with deep experience in ...

krg technology inc

Cyber Security

Rosemead, CA

$113K - $152K/yr

Thanks & Regards Qualifications Cyber security experience with vulnerability and risk assessment Additional Information All your information will be kept confidential according to EEO guidelines.

next page

Showing results 1-20

All JobsCyber Security Risk Assessment JobsCyber Security Risk Assessment Jobs in California

Cyber Security Risk Assessment information

See California salary details

$56.3K

$131.2K

$183.6K

How much do cyber security risk assessment jobs pay per year?

As of Jun 16, 2026, the average yearly pay for cyber security risk assessment in California is $131,221.00, according to ZipRecruiter salary data. Most workers in this role earn between $109,500.00 and $148,000.00 per year, depending on experience, location, and employer.

Can you make $500,000 a year in cyber security?

Cyber security professionals, especially those in senior roles such as security architects or chief information security officers, can earn $500,000 or more annually, often through a combination of base salary, bonuses, and stock options. Achieving this level typically requires extensive experience, advanced certifications like CISSP or CISM, and working in high-demand industries or organizations with complex security needs.

What are the key skills and qualifications needed to thrive in Cyber Security Risk Assessment, and why are they important?

To excel in Cyber Security Risk Assessment, you need a solid understanding of information security principles, risk management frameworks, and often a degree in cybersecurity, IT, or related fields. Familiarity with tools like vulnerability scanners, SIEM systems, and certifications such as CISSP or CISM are commonly required. Analytical thinking, attention to detail, and strong communication skills help professionals effectively assess risks and convey findings to stakeholders. These skills are crucial for identifying vulnerabilities, prioritizing threats, and ensuring the organization’s data and systems are adequately protected.

What is the role of risk assessment in cyber security?

In cyber security, a risk assessment is a process that identifies, evaluates, and prioritizes potential threats and vulnerabilities to an organization's information systems. It helps security professionals, such as cyber security risk assessors, determine where to allocate resources and implement controls to reduce the likelihood and impact of cyber threats. Conducting regular risk assessments is essential for maintaining an effective security posture and complying with industry standards and regulations.

What is the difference between Cyber Security Risk Assessment vs Cyber Security Analyst?

AspectCyber Security Risk AssessmentCyber Security Analyst
Primary FocusIdentifying and evaluating security risks and vulnerabilitiesMonitoring, analyzing, and responding to security threats
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment teams, consulting firms, security departmentsSecurity operations centers, IT departments, incident response teams

While both roles require similar certifications and work within cybersecurity, a Cyber Security Risk Assessment focuses on evaluating potential vulnerabilities and risks to an organization’s assets. In contrast, a Cyber Security Analyst actively monitors and responds to security threats, ensuring ongoing protection. Understanding these differences helps organizations assign the right responsibilities to each role.

Is SOC analyst a high paying job?

SOC analysts typically earn competitive salaries that increase with experience, certifications, and the size of the organization. Entry-level positions may start at average wages, while experienced analysts with certifications like CISSP or CEH can earn higher salaries, making it a financially rewarding cybersecurity role.

What are some common challenges faced by professionals conducting cyber security risk assessments?

Professionals in cyber security risk assessment often face challenges such as keeping up with rapidly evolving threats, effectively communicating technical risks to non-technical stakeholders, and ensuring comprehensive coverage across complex IT environments. Balancing thoroughness with tight deadlines can also be demanding, as assessments must be both detailed and timely. Collaborating with various departments to gather accurate information and maintain up-to-date asset inventories is crucial for effective risk analysis and mitigation.

What is a cyber security risk assessment?

A cyber security risk assessment is a process used to identify, evaluate, and prioritize potential threats and vulnerabilities that could negatively impact an organization's information systems. By analyzing assets, threats, vulnerabilities, and impacts, organizations can determine the likelihood and consequences of cyber incidents. The goal is to implement appropriate measures to reduce risks to acceptable levels, ensuring data protection and regulatory compliance. Regular risk assessments help organizations stay ahead of evolving cyber threats and make informed security decisions.

What is the 80 20 rule in cyber security?

In cyber security risk assessment, the 80/20 rule suggests that approximately 80% of security issues are caused by 20% of vulnerabilities or threats. Security professionals focus on identifying and mitigating the most critical risks to efficiently improve overall security posture.
What are popular job titles related to Cyber Security Risk Assessment jobs in California? For Cyber Security Risk Assessment jobs in California, the most frequently searched job titles are:
What job categories do people searching Cyber Security Risk Assessment jobs in California look for? The top searched job categories for Cyber Security Risk Assessment jobs in California are:
What cities in California are hiring for Cyber Security Risk Assessment jobs? Cities in California with the most Cyber Security Risk Assessment job openings:
Cyber Security Risk Assessment jobs near you

Cybersecurity Engineer, Product Security

CHAOS Industries

San Francisco, CA • On-site

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted 19 days ago

Job description

CHAOS Industries is redefining modern defense with a multi-product portfolio that gives the ultimate advantage-domain dominance. The company's products are powered by Coherent Distributed Networks (CDN™), empowering warfighters, commercial air operators, and border protection teams to act faster, adapt rapidly, and stay ahead of evolving threats.
CHAOS Industries was founded in 2022 and has raised a total of $1 billion in funding from leading investors, including 8VC, Accel, and Valor Equity Partners. The company is headquartered in Los Angeles, with offices in Washington, D.C., San Francisco, San Diego, Seattle, and London. For more information, please visit www.chaosinc.com.
Role Overview:
We are seeking a Cybersecurity Engineer focused on Product Security to help design, assess, and secure our next-generation sensor platforms and supporting software ecosystems. This role will work closely with Software Engineering, Embedded Systems, Hardware Engineering, Infrastructure, and Program teams to ensure security is integrated throughout the product lifecycle - from architecture and development through deployment and operational support.
The ideal candidate has experience securing complex software and hardware systems within defense, aerospace, or other highly regulated environments. This individual will lead software security architecture efforts, perform threat modeling and risk assessments, support compliance initiatives, and help establish secure engineering standards across the organization.
This is a highly collaborative and hands-on role with direct impact on the security and resiliency of mission-critical technologies deployed in operational environments.
Responsibilities:
  • Product Security Engineering
    • Design and implement secure software and hardware system architectures for mission-critical platforms and supporting infrastructure
    • Partner with engineering teams to integrate security requirements throughout the software development lifecycle (SDLC)
    • Conduct architecture reviews and identify security risks across software, embedded, cloud, and hardware systems
    • Develop secure design standards, engineering guidance, and product security best practices
    • Support secure development initiatives including code review, dependency management, secrets management, and vulnerability remediation
  • Threat Modeling & Risk Assessment
    • Lead threat modeling exercises for software, embedded systems, hardware platforms, and supporting infrastructure
    • Conduct cybersecurity risk assessments for products, systems, and operational environments
    • Identify attack surfaces, trust boundaries, and potential exploitation paths
    • Work with engineering teams to prioritize and remediate identified security risks
    • Develop mitigation strategies for cybersecurity threats impacting deployed systems and sensitive technologies
  • Compliance & Security Authorization
    • Support cybersecurity compliance initiatives and product authorization efforts including:
    • RMF (Risk Management Framework)
    • ATO (Authority to Operate)
    • Export control and regulated data handling requirements
    • Assist with development of system security documentation, security controls, SSPs, and assessment artifacts
    • Support internal and external security audits, assessments, and accreditation activities
    • Collaborate with government, customer, and program stakeholders on security requirements and authorization activities
  • Security Testing & Validation
    • Assist with security testing activities including vulnerability assessments, penetration testing coordination, and validation of remediation efforts
    • Support secure configuration and hardening efforts across software, operating systems, and embedded environments
    • Review software and system telemetry to identify potential security weaknesses or anomalous behavior
    • Collaborate with Security Operations and Infrastructure teams to improve enterprise and product security visibility
  • Cross-Functional Collaboration
    • Work closely with Software, Embedded, Hardware, DevOps, and Infrastructure teams to balance security, performance, and operational requirements
    • Contribute to the development of scalable product security processes and governance
    • Support customer and internal security reviews related to deployed technologies and operational environments
    • Mentor engineering teams on secure development and security-by-design principles

Minimum Requirements:
  • 5+ years of experience in cybersecurity engineering, product security, application security, or related engineering roles
  • Experience with software security design and secure system architecture principles
  • Hands-on experience conducting threat modeling and cybersecurity risk assessments
  • Knowledge of secure software development lifecycle (SSDLC) practices and application security concepts
  • Familiarity with cybersecurity frameworks and compliance standards including:
  • RMF
  • NIST 800-53
  • NIST 800-171
  • CMMC
  • DFARS
  • Experience supporting security authorization activities such as ATO processes and security documentation development, and eMASS
  • Understanding of cloud, endpoint, network, and identity security concepts
  • Strong analytical, troubleshooting, and technical communication skills
  • Ability to operate effectively in a fast-paced startup environment
  • Must be a U.S. Citizen eligible for government facilities and sensitive information
  • Ability to obtain additional security clearances as required by contract

Preferred Requirements:
  • Active Security Clearance
  • Experience supporting defense, aerospace, government contracting, or regulated technology environments
  • Experience securing embedded systems, sensor platforms, or edge computing technologies
  • Familiarity with export control requirements including ITAR and EAR
  • Experience with secure DevSecOps pipelines and automation practices
  • Experience with Microsoft GCC High environments and regulated cloud architectures
  • Firmware development experience
  • BIOS/UEFI security or development experience
  • Hardware security design experience
  • Trusted Platform Module (TPM), secure boot, cryptographic hardware, or supply chain security knowledge
  • Experience with scripting or automation using Python, PowerShell, or Bash
  • Security certifications such as CISSP, CSSLP, GSEC, Security+, or equivalent

Why CHAOS?
  • Health Benefits: Medical, dental, and vision benefits 100% paid for by the company
  • Additional benefits: 401k (+ 50% company match up to 6% of pay), FSA, HSA, life insurance, and more
  • Our Perks: Free daily lunch, 'No meeting Fridays', unlimited PTO, casual dress code
  • Compensation Components: Competitive base salaries, generous pre-IPO stock option grants, relocation assistance, and (coming soon!) annual bonuses
  • Team Growth: 250 employees and counting across 5 global offices

Salary Range: $110,000 - $190,000
The stated compensation range reflects only the targeted base compensation range and excludes additional earnings such as bonus, equity, and benefits. If your compensation requirements fall outside of the range, we still encourage you to apply. The salary range for this role is an estimate based on a range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations.
Recruiting Agencies: CHAOS Industries does not accept unsolicited resumes or outreach. Unsolicited submissions will not be reviewed or compensated.
#LI-onsite

Apply