2 Cyber Security Application Specialist Jobs in Manhattan, NY
Sorry! This job is no longer available. Please explore similar jobs listed on the left.
NYC Careers is Hiring a Cyber Security Application Specialist Near Manhattan, NY
Cyber Security Application Specialist
Cyber Security Application Specialist
- Agency: DEPARTMENT OF FINANCE
- Job type: Full-time
Location
MANHATTAN
- Title Classification: Exam may be required
Department
Cyber Security
Job Description
CANDIDATES WITH A PERMANENT COMPUTER SYSTEMS MANAGER OR COMPARABLE CIVIL SERVICE TITLE WITH SIMILAR DUTIES/RESPONSIBILITES ARE ENCOURAGED TO APPLY. PLEASE INCLUDE YOUR EMPLOYEE IDENTIFICATION NUMBER (EIN) WHEN APPLYING AND INDICATE IN YOUR COVER LETTER YOUR PERMANENT CIVIL SERVICE TITLE.
The NYC Department of Finance (DOF) is responsible for administering the tax revenue laws of the city fairly, efficiently, and transparently to instill public confidence and encourage compliance while providing exceptional customer service.
The Finance Information Technology (FIT) Division designs, builds, and supports all facets of DOF’s computer systems, including hardware, software, applications, infrastructure, telephone, and data security. FIT delivers and administers tax-related payment programs for the City of New York by providing the information technology solutions needed to achieve its mission of collecting revenue while ensuring an efficient and improved customer experience. FIT is also responsible for the systems and websites which enable citywide payments, land records, property assessment, parking adjudications, customer service, and the Sheriff’s public safety work.
As a member of Finance Cyber Security Governance team, the selected candidate will work within a multi-disciplined team to provide expertise on application security and DevSecOps initiatives to guide the application development community to utilize the best security practices. The candidate will work to help further develop and refine the Finance Cyber Security program into SDLC as that process matures.
Duties and responsibilities will include, but are not limited to:
- Provide engineering and development direction for application security designs that solve business problems.
- Collaborate with other teams to help architect solutions that are inherently secure.
- Conduct thorough assessment of applications to identify and analyze potential security vulnerabilities.
- Coordinate and perform penetration testing, code reviews, and other security tests to ensure applications meet security standards.
- Effectively use and manage security scanning tools to identify and mitigate security risks in applications.
- Evaluate and prioritize security risks, providing recommendations for remediation to enhance the overall security posture of applications.
- Develop, implement, and enforce security policies and best practices for application development and deployment.
- Work closely with development and IT teams to integrate security measures into the software development life-cycle and address security issues promptly.
- Actively participate in incident response activities, investigating and resolving security incidents related to applications.
- Promote security awareness among development teams, fostering a culture of security-conscious application development.
- Ensure applications comply with relevant security standards, regulations, and industry best practices.
- Maintain accurate documentation of security processes, assessments, and remediation efforts.
- Provide / partner to provide training sessions to educate development teams on secure coding practices and emerging security threats.
- Stay abreast of the latest security trends, vulnerabilities, and technologies, incorporating new knowledge into security strategies.
- Effectively communicate security risks and solutions to both technical and non-technical stakeholders, facilitating a clear understanding of potential threats.
- Contribute to cross-functional security initiatives, ensuring a holistic and integrated approach to overall organizational security.
- Knowledge of integrating software security into the software development cycle.
- Understanding how to develop secure coding guidelines and train developers on those guidelines.
- Ensure the number of software vulnerabilities are minimized by using static and dynamic analysis, including Fuzz testing, and penetration testing of applications.
- Help develop integrity checks to ensure data is accurate. Knowledge on how to develop production security algorithms to help protect users and data.
- Experience working with container security.
- Provide DevOps security solution integration with various security test tools.
- Working with application teams on security solution design and implementation. Be a security subject matter expert and respond to any internal security engineering questions/requests.
- Accessing security solutions proof of value and conducting proof of concepts.
- Educating other team members on application security standards and best practices.
- Participating in enterprise technology and functional planning processes to develop standards and best practices.
- Correctly balance security risk and product advancement.
- Perform proactive research to detect new attack vectors.
- Design and implement mitigations for common classes of bugs in a popular web framework before code is developed.
1. A master's degree in computer science from an accredited college or university and three (3) years of progressively more responsible, full-time, satisfactory experience in Information Technology (IT) including applications development, systems development, data communications and networking, database administration, data processing, or user services. At least eighteen (18) months of this experience must have been in an administrative, managerial or executive capacity in the areas of applications development, systems development, data communications and networking, database administration, data processing or in the supervision of staff performing these duties; or
2. A baccalaureate degree from an accredited college or university and four (4) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or
3. A four-year high school diploma or its educational equivalent, and six (6) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or
4. A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in "1" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in "1" above.
In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of the required experience in IT on the basis of 30 semester credits for six (6) months of the required experience. Graduate credits in computer science may be substituted for a maximum of one (1) year of the required experience in IT on the basis of 30 graduate semester credits in computer science for one (1) year of the required IT experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, executive, or supervisory capacity as described in "1" above.
The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.
1. A master's degree in computer science from an accredited college or university and three (3) years of progressively more responsible, full-time, satisfactory experience in Information Technology (IT) including applications development, systems development, data communications and networking, database administration, data processing, or user services. At least eighteen (18) months of this experience must have been in an administrative, managerial or executive capacity in the areas of applications development, systems development, data communications and networking, database administration, data processing or in the supervision of staff performing these duties; or
2. A baccalaureate degree from an accredited college or university and four (4) years of progressively more responsible, full-time, satisfactory experience as described in \"1\" above; or
3. A four-year high school diploma or its educational equivalent, and six (6) years of progressively more responsible, full-time, satisfactory experience as described in \"1\" above; or
4. A satisfactory combination of education and experience equivalent to \"1\", \"2\" or \"3\" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in \"1\" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in \"1\" above.
In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of the required experience in IT on the basis of 30 semester credits for six (6) months of the required experience. Graduate credits in computer science may be substituted for a maximum of one (1) year of the required experience in IT on the basis of 30 graduate semester credits in computer science for one (1) year of the required IT experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, executive, or supervisory capacity as described in \"1\" above.
- \tBachelor's degree in computer science or related field\n-\tA deep understanding of the web's architecture\n-\tAbility to find flaws in software and can effectively communicate how to fix them.\n-\tStrong communication skills and accustomed to working closely with a product team.\n-\tThe ability to think about problems from an out-of-the box perspective doesn't always default to industry norms.\n-\tAbility to think like an attacker and use that context to develop threat models.\n-\tAt least 1 year of experience implementing DevOps toolchain (Jenkins, SonarQube, GitHub, Nexus, Code quality tools) implementation and automation.\n-\tMinimum 3 years of experience with scripting and automation.\n-\tMinimum 3 years on experience with web application and web service implementation.\n-\tHands-on experience with application development is required.\n-\tSoftware engineering experience in production environment.\n-\tExperience making and defending sound technical arguments that incorporate relevant technical and business considerations and building consensus among stakeholders.\n-\tFamiliarity with the OWASP framework and application security best practices.\n-\tPassion to work on newer technologies and explore the security domain.\n-\tSpecific relevant experience should include training, writing, and presenting application security assessment reports.\n-\tKnowledge of web services security, (SOAP, XML Encryption,).\n-\tKnowledge of encryption technologies (web, database, and file).\n-\tKnowledge of Identity and Access management and its application in an enterprise.\n-\tIndustry certification is a plus.\n-\tStrong written and verbal communication skills.
The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.
Job ID
633401
Title code
1005D
Civil service title
COMPUTER SYSTEMS MANAGER
Title classification
Competitive-1
Business title
Cyber Security Application Specialist
Posted until
2024-05-23
- Experience level: Experienced (non-manager)
Number of positions
1
Work location
375 Pearl Street
- Category: Technology, Data & Innovation
Job Summary
Full Time
$114k-146k (estimate)
04/24/2024
05/24/2024
Similar Jobs
Popular Articles
