Describe a security assessor's responsibilites when assigned to an IT project.

Review initial security scoping documents, submitted by the project team, for completeness and accuracy.

Review system requirements packages to ensure that projects address enterprise and compliance requirements, standards, and best practices. 

Review system design packages to assess the proposed system architecture, communication paths, roles, and functionality. Ensure you understand the as-is and to-be states. 

Perform source code review of in-house developed applications to identify vulnerable code. 

Conduct technical security testing of the application or system to identify vulnerabilities and determine risk exposure.

Work with the project team to address outstanding security findings. Complete your review providing a summary of the assessment, findings, mitigations, and recommendation.