IT Security and Risk Analyst

security, risk, infrastructure, security source code, manage, analyze, Cloud, Incident management, Risk management, Risk assessment, Work ethic, Risk analysis, Policies, IT security, CISM, CISSP, Network security, Java, Policies and procedures, NIST, OWASP
Full Time
$140,000 - $150,000
Work from home available

Job Description

Our direct client is seeking someone for a perm position in NYC. for an IT Security and Risk Analyst.  

Strong written and verbal communication skills, good judgment, high ethical standards, and a strong work ethic are a must


  • Analyze the results of penetrations tests, design reviews, source code reviews and other security tests. Triage security vulnerabilities to eliminate false positives and work with the developers for remediation. Classify the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
  • Implement Secure Software Development Life Cycle (S-SDLC) processes and develop secure coding practices for web applications, including database and middleware systems.
  • Formalize their IT Security and Risk Management Program including the documentation of Policies and Procedures and the Adoption of industry standard Information Security and IT Operations frameworks and best practices (i.e. NIST, OWASP, SOC2, ITIL).
  • Review/establish Security Incident Handling/Response and Risk Management controls and procedures
  • Administer periodic Pen Tests and routine vulnerability scans
  • Interface with our client’s vendor/procurement teams to manage risk assessments and security audits
  • Responsible for rapid enhancement of high level security source code review and ethical hacking/penetration testing of Java, Java EE, JSP, ASP.NET, Shell script, web based applications
  • Research and analysis of industry trends, best practices, and regulatory requirements.
  • Manage infrastructure security for large scale projects spanning multiple regions and data centers


  • Bachelor degree in Computer Science or related technical field
  • 8+ years of technology experience required
  • Security professional experienced in application-level security, network security and secure design/development.
  • CISSP, CISM or equivalent certification
  • Relevant work experience with industry standard Information Security and IT Operations and Risk Frameworks such as NIST, OWASP, SOC2, ITIL, ISO, etc).
  • Knowledge in Threat and Vulnerability Management, Information Risk and Governance, Incident, Security Strategy, and Business Resiliency (BCP/DR).
  • Strong knowledge in manual and automated security testing for Web Applications, proficient in understanding application level vulnerabilities like Cross Site Scripting (XSS), SQL Injection, ClickJacking, CSRF, authentication bypass, cryptographic attacks, authentication flaws etc.
  • Ability to exercise sound judgment regarding findings and make effective recommendations to management.
  • Ability to work effectively with people from many different disciplines with varying levels of technical experience
  • Knowledge of generally accepted information security audit standards, IT risk policies, and controls
  • Experience with Identity and Access Management (IAM) and development of user roles and policies for user access management.
  • Previous experience in implementing OAuth2.0, SAML and Single Sign-on (SSO) for corporate applications
  • Experience managing security in public cloud (AWS) is strongly preferred
  • Hands on prior experience in Java and Web technologies, Restful web services
  • Familiarity with Linux
  • Strong analytical skills to solve problems


Dice Id : datacny
Position Id : 6847290
Originally Posted : 2 months ago
Have a Job? Post it