Details for Job Order Number 78821:

Job Title: Information Security Analyst
Locations: New York, New York
Job Type: Contract
Email this job to a friend.

Information Security Analyst

Long term consulting opportunity with insurance firm in midtown Manhattan

  • Reporting into the Chief Information Officer (CIO) Team this position will focus on, imbedding security throughout the Systems Development Life Cycle (SDLC) and providing advice on regulations as they apply to security in application development.
  •  Provide expertice in application security principles, risks, attacks, and resources such as Open Web Application Security Project (OWASP)
  • Responsible for tools related to dynamic scans, static source code reviews, and application penetration testing e.g. BlackDuck, WhiteHat, Veracode, Nexpose, Metasploit
  • Advisor on application development architectures, platforms, methodologies, and supporting operations
  • Advisor on web proxies, web application firewalls, and vulnerability assessment tools
  • Provide consultation services to business units, Project Management Office (PMO), and developers during the early phases to ensure secure application design
  • Plan, test, and deploy security controls to augment Quality Assurance (QA) and Change Management functions
  • Contribute to the incident response analysis including updates to related documentation i.e. policies, standards, guidelines, procedures, and escalation processes
  • Participate in developing data protection controls in general

 

Qualifications

  • Bachelor’s degree in Information Security or equivalent years of experience required
  • Minimum three (3) years Risk Management experience required in an Information Technology environment or related discipline (Information Security, Business Continuity Management or Compliance)
  • Certified Information Systems Security Professional (CISSP) certification preferred; SANS and other InfoSec related certification a plus
  • Network and Endpoint security experience required; IDS, IPS, ATP, Malware defenses and monitoring experience
  • Demonstrated experience with firewall and system configuration and event log monitoring required
  • Knowledge and experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks