Cyber Security Specialist – Cloud & Application Security

New York, NY onsite12+ months plus extensions$90.-$100 per hour W2 onlyYour role as a Cyber Security Specialist:- Cloud & Application SpecialistYou will work in a dynamic team environment and play an important role in helping Client carry out its responsibilities. The Cyber Security Risk Analyst will be responsible for risk assessments, Cloud mitigations, security application testing, thread modeling security design review and overall information systems risk management. The role is an individual contributor who will work closely with technology squads to flawlessly deliver technological projects to the business customers. The candidate will be required to perform risk assessments which include application security testing focusing on Cloud migration workloads with specific focus on the mission critical systems supporting Markets operations. The position resides in the Information Security Function and reports to Cyber Security Assurance Manager.Core Security Risk Assessment Responsibilities Conduct comprehensive cloud application security risk assessments to identify vulnerabilities, threats, and compliance gaps across cloud-based applications and infrastructure. Execute IoT (Internet of Things) and ICS (Industrial Control Systems) security assessments to evaluate security posture and identify potential risks in connected devices and operational technology environments. Perform dynamic application security testing using Burp Suite and other industry-standard tools to identify vulnerabilities in web applications and APIs.CI/CD Security Integration Manage and monitor CI/CD pipeline security compliance using GitLab, ensuring security controls are properly implemented and maintained throughout the software development lifecycle. Partner with development squads to integrate security tooling into CI/CD pipelines, providing guidance on tool selection, configuration, and optimization. Implement automated security gates to ensure only compliant and secure workloads are promoted to production cloud environments.Quality & Timeliness Execute all security assessments in a timely and accurate manner, meeting established SLAs and maintaining high-quality standards in reporting and documentation. Conduct thorough third-party vendor security assessments, evaluating risks associated with external partnerships and supply chain dependencies.Collaboration & Continuous Improvement Collaborate closely with Application Security Analysts to share knowledge, coordinate assessment activities, and ensure comprehensive coverage of security testing initiatives. Contribute to team objectives by actively participating in peer reviews, knowledge sharing sessions, and process improvement initiatives.Documentation & Knowledge Transfer Create and maintain detailed security assessment reports including executive summaries, technical findings, risk ratings, and remediation recommendations. Document security processes, procedures, and runbooks for assessment methodologies and tooling configurations.Communication & Stakeholder Management Present security findings and recommendations to technical and non-technical stakeholders, including development teams, management, and business owners. Participate in regular status meetings and provide progress updates on assessment activities and pipeline initiatives. Triage and prioritize security findings based on risk severity and business impact. Serve as a security subject matter expert for development teams, answering questions and providing guidance on secure coding practices.Quals--What we are looking for: (Required Technical Skills & Experience)Cloud & Application SecurityWe're seeking a seasoned security professional with 5+ years of hands-on experience in application security assessments and penetration testing. You should possess expert-level knowledge of cloud security across major platforms (AWS, Azure, etc.), with deep understanding of security architecture, identity management, and cloud-native controls. Advanced proficiency in Burp Suite Professional is essential, including experience with extensions, macros, and custom scanning configurations. Additionally, you should have practical experience conducting IoT and ICS security assessments, familiarity with OT protocols and industry frameworks (IEC 62443, NIST), and comprehensive knowledge of OWASP Top 10, API security risks, and common web application vulnerabilities.CI/CD & DevSecOpsThe ideal candidate brings proven expertise in securing the software development lifecycle through GitLab. You should have practical knowledge of DevSecOps practices including shift-left security, infrastructure-as-code security, and automated testing. Experience implementing and configuring security tools within CI/CD pipelines (SAST, DAST, SCA, container scanning) is required, along with solid understanding of containerization and orchestration security (Docker, Kubernetes) and cloud-native application architectures.Security Frameworks & ComplianceYou should possess working knowledge of industry security standards and frameworks including NIST, ISO 27001, CIS Controls, SOC 2, and cloud-specific benchmarks. Experience conducting vendor security assessments and third-party risk evaluations is essential, as is familiarity with compliance requirements relevant to cloud applications.Required Professional CompetenciesCommunication & CollaborationExcellent communicator who can translate complex security findings into clear recommendations for both technical and business audiences. Proven ability to build strong relationships with development teams, work collaboratively in Agile environments, and present effectively to executive leadership with a consultative approach.Analytical & Problem-SolvingStrong analytical mindset with exceptional attention to detail. Able to assess risk, prioritize based on business impact, and think like an attacker while balancing security requirements with practical business objectives and operational constraints.Organization & Self-ManagementSelf-directed and autonomous professional who successfully manages multiple concurrent projects, consistently meets deadlines and SLAs, and delivers high-quality work in fast-paced environments with shifting priorities.Documentation & Knowledge TransferStrong technical writer experienced in creating comprehensive security reports and documentation. Committed to knowledge sharing and proficient with collaboration tools (Jira, Confluence, ServiceNow).Education: Bachelor's Degree in Computer Science, Information Security, or related field; OR equivalent practical experience demonstrating the required skills and competencies.Preferred Certifications: GWAPT, CEH, CISSP, CSSLP or cloud security certifications (AWS Security Specialty)