Mid-level Security Analyst
225 Liberty St #1020 New York, NY 10281 | Contract to Direct Hire
Position: IT Security and Risk Analyst
Location: New York
A financial company is presently looking for an IT Security and Risk Analyst to add to their growing team.
- Analyze the results of penetrations tests, design reviews, source code reviews and other security tests. Triage security vulnerabilities to eliminate false positives and work with the developers for remediation. Classify the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
- Implement Secure Software Development Life Cycle (S-SDLC) processes and develop secure coding practices for web applications, including database and middleware systems.
- Formalize IT Security and Risk Management Program including the documentation of Policies and Procedures and the Adoption of industry standard Information Security and IT Operations frameworks and best practices (i.e. NIST, OWASP, SOC2, ITIL).
- Review/establish Security Incident Handling/Response and Risk Management controls and procedures
- Administer periodic Pen Tests and routine vulnerability scans
- Interface with our client’ s vendor/procurement teams to manage risk assessments and security audits
- Responsible for rapid enhancement of high level security source code review and ethical hacking/penetration testing of Java, Java EE, JSP, ASP.NET, Shell script, web based applications
- Research and analysis of industry trends, best practices, and regulatory requirements.
- Manage infrastructure security for large scale projects spanning multiple regions and data centers
- Bachelor degree in Computer Science or related technical field
- Individual with min of 8 years of technology experience
- Security professional experienced in application-level security, network security and secure design/development.
- CISSP, CISM or equivalent certification
- Relevant work experience with industry standard Information Security and IT Operations and Risk Frameworks such as NIST, OWASP, SOC2, ITIL, ISO, etc).
- Knowledge in Threat and Vulnerability Management, Information Risk and Governance, Incident, Security Strategy, and Business Resiliency (BCP/DR).
- Strong knowledge in manual and automated security testing for Web Applications, proficient in understanding application level vulnerabilities like Cross Site Scripting (XSS), SQL Injection, ClickJacking, CSRF, authentication bypass, cryptographic attacks, authentication flaws etc.
- Ability to exercise sound judgment regarding findings and make effective recommendations to management.
- Ability to work effectively with people from many different disciplines with varying levels of technical experience
- Knowledge of generally accepted information security audit standards, IT risk policies, and controls
- Experience with Identity and Access Management (IAM) and development of user roles and policies for user access management.
- Previous experience in implementing OAuth2.0, SAML and Single Sign-on (SSO) for corporate applications.
- Experience managing security in public cloud (AWS) is strongly preferred
- Hands on prior experience in Java and Web technologies, Restful web services
- Familiarity with Linux
- Strong analytical skills to solve problems
- Strong written and verbal communication skills, good judgment, high ethical standards, and a strong work ethic are a must
- No travel required
- No telecommunication
Benefits include Medical and Dental Insurance, 401(k), Employee Service Center, Referral Bonuses, Loyalty and Longevity Bonuses, along with Hotel Engine Benefits.
If you feel like you are the right fit for the job above, please click the apply online button below and I will be sure to reach out ASAP!