Conduct threat and risk analysis and analyze the business impact of new and existing systems and technologies to eliminate risk, performance, and capacity issues. They implement vulnerability assessments and configure audits of operating systems, web servers, and databases and detect patterns, insecure features, and malicious activities in the infrastructure.