With over 45 years of experience, Kforce continues to set the standard in the technology staffing & solutions industry. With an unwavering commitment, Kforce strives to provide candidates with exceptional service in meeting their employment and career needs. Kforce provides consulting, contract-to-hire or direct hire positions with a wide range of organizations; from small, privately held companies to large, multinationals. Our technical specialty areas include: data management, functional and business analysis, infrastructure and systems application development.

Backed by approximately 1,900 staffing specialists, Kforce is committed to "Great People = Great Results" for our valued clients and candidates. Our Firm operates with 62 offices in 41 markets in North America and two in the Philippines.

The Security Analyst is responsible for ensuring the development of secure applications and networks by interacting with Software Developers, Network Engineers, QA Testers, and Business Analysts.

The selected Security Analyst will be responsible for the following:

• Performing application risk assessments and threat modeling


• Administering application vulnerability scans and coordinating remediation activities


• Reviewing network security designs and making recommendations


• Managing and configuring security database assessment and auditing tools


• Providing consultation to the IT Department on application and network security best practices


• Ensuring application and network compliance to documented IT security policies, procedures, processes, and standards requirements

• Exceptions reports, audit / review reports, and technical / process recommendations


• Reporting of security statistics / metrics, technical standards, procedures, guidelines, etc.

• 2-3 years of experience in an application security role


• Strong development experience is essential as well as the ability to work with development teams to resolve issues and improve awareness around secure coding practices


• Experience with inserting information security controls and checkpoints into the application design process


• Strong knowledge in standard software development applications, Windows, UNIX, and database environments including SQL, DB2, Oracle, and Sybase


• Working knowledge of how to build secure Web-applications


• In-depth knowledge of TCP/IP and related communication protocols


• Knowledge of NT authentication schemes (Kerberos, NTLM, and AD), Web applications access databases (JDBC, ODBC, SQLNET, etc.)


• Strong knowledge of networking technologies, routing, and switching IDS, IPS, and firewall monitoring experience


• Experience using code, Web, and database scanners


• Experience with AppScan, NESSUS, and other application assessment tools


• Familiar with risk analysis and risk management methodologies


• Solid understanding of application vulnerabilities and countermeasures


• Must be able to provide and recommend remediation approach and not just provide vulnerability information


• Information Security Technology / Compliance experience


• Familiarity with major regulations such as Sarbanes-Oxley and FERC (a strong plus)


• Excellent communication skills (self-directed and motivated) with the ability to work independently as well as collaboratively in a team environment


• Professional maturity in dealing with all levels of management and staff


• Certified Information Systems Security Professional (CISSP) or other Security Certification (is a plus)