Conducts automated and manual vulnerability assessments and business impact analyses. Creates test cases using in-depth technical analysis of risks and typical vulnerabilities. Assesses effectiveness of security controls for infrastructure and application components, and recommends remedial action.