Information Security Analyst IV

RESPONSIBILITIES

Kforce has a client in NYC that is seeking a Information Security Analyst IV.

Summary:

The Information Security Analyst will work in a dynamic team environment and play an important role in helping the Federal Reserve carry out its responsibilities. They will be responsible for risk assessments, Cloud mitigations, security application testing, thread modeling security design review and overall information systems risk. We're seeking a seasoned security professional with 5+ years of hands-on experience in application security assessments and penetration testing. You should possess expert-level knowledge of cloud security across major platforms (AWS, Azure, etc.), with deep understanding of security architecture, identity management, and cloud-native controls. Advanced proficiency in Burp Suite Professional is essential, including experience with extensions, macros, and custom scanning configurations. Additionally, you should have practical experience conducting IoT and ICS security assessments, familiarity with OT protocols and industry frameworks (IEC 62443, NIST), and comprehensive knowledge of OWASP Top 10, API security risks, and common web application vulnerabilities.

REQUIREMENTS

• Bachelor's degree in Computer Science, Information Security, or related field, or equivalent practical experience demonstrating the required skills and competencies

Preferred Certifications:

GWAPT, CEH, CISSP, CSSLP or cloud security certifications (AWS Security Specialty)

• Proven expertise in securing the software development lifecycle through GitLab
• Practical knowledge of DevSecOps practices including shift-left security, infrastructure-as-code security, and automated testing
• Experience implementing and configuring security tools within CI/CD pipelines (SAST, DAST, SCA, container scanning) is required, along with solid understanding of containerization and orchestration security (Docker, Kubernetes) and cloud-native application architectures
• Working knowledge of industry security standards and frameworks including

NIST, ISO 27001, CIS

Controls, SOC 2, and cloud-specific benchmarks

• Experience conducting vendor security assessments and third-party risk evaluations is essential, as is familiarity with compliance requirements relevant to cloud applications
• Proven ability to build strong relationships with development teams, work collaboratively in Agile environments, and present effectively to executive leadership with a consultative approach
• Able to assess risk, prioritize based on business impact, and think like an attacker while balancing security requirements with practical business objectives and operational constraints
• Self-directed and autonomous professional who successfully manages multiple concurrent projects, consistently meets deadlines and SLAs, and delivers high-quality work in fast-paced environments with shifting priorities
• Strong technical writer experienced in creating comprehensive security reports and documentation
• Committed to knowledge sharing and proficient with collaboration tools (Jira, Confluence, ServiceNow) The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role.

We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future. We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note:

Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law. This job is not eligible for bonuses, incentives or commissions. Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.