Cyber Security Application Specialist - New York, United States - City of New York

Description

Job Description

IMPORTANT NOTE:

CANDIDATES WITH A PERMANENT COMPUTER SYSTEMS MANAGER OR COMPARABLE CIVIL SERVICE TITLE WITH SIMILAR DUTIES/RESPONSIBILITES ARE ENCOURAGED TO APPLY. PLEASE INCLUDE YOUR EMPLOYEE IDENTIFICATION NUMBER (EIN) WHEN APPLYING AND INDICATE IN YOUR COVER LETTER YOUR PERMANENT CIVIL SERVICE TITLE.

The NYC Department of Finance (DOF) is responsible for administering the tax revenue laws of the city fairly, efficiently, and transparently to instill public confidence and encourage compliance while providing exceptional customer service.

The Finance Information Technology (FIT) Division designs, builds, and supports all facets of DOFs computer systems, including hardware, software, applications, infrastructure, telephone, and data security. FIT delivers and administers tax-related payment programs for the City of New York by providing the information technology solutions needed to achieve its mission of collecting revenue while ensuring an efficient and improved customer experience. FIT is also responsible for the systems and websites which enable citywide payments, land records, property assessment, parking adjudications, customer service, and the Sheriffs public safety work.

As a member of Finance Cyber Security Governance team, the selected candidate will work within a multi-disciplined team to provide expertise on application security and DevSecOps initiatives to guide the application development community to utilize the best security practices. The candidate will work to help further develop and refine the Finance Cyber Security program into SDLC as that process matures.

Duties and responsibilities will include, but are not limited to:

Provide engineering and development direction for application security designs that solve business problems.

Collaborate with other teams to help architect solutions that are inherently secure.

Conduct thorough assessment of applications to identify and analyze potential security vulnerabilities.

Coordinate and perform penetration testing, code reviews, and other security tests to ensure applications meet security standards.

Effectively use and manage security scanning tools to identify and mitigate security risks in applications.

Evaluate and prioritize security risks, providing recommendations for remediation to enhance the overall security posture of applications.

Develop, implement, and enforce security policies and best practices for application development and deployment.

Work closely with development and IT teams to integrate security measures into the software development life-cycle and address security issues promptly.

Actively participate in incident response activities, investigating and resolving security incidents related to applications.

Promote security awareness among development teams, fostering a culture of security-conscious application development.

Ensure applications comply with relevant security standards, regulations, and industry best practices.

Maintain accurate documentation of security processes, assessments, and remediation efforts.

Provide / partner to provide training sessions to educate development teams on secure coding practices and emerging security threats.

Stay abreast of the latest security trends, vulnerabilities, and technologies, incorporating new knowledge into security strategies.

Effectively communicate security risks and solutions to both technical and non-technical stakeholders, facilitating a clear understanding of potential threats.

Contribute to cross-functional security initiatives, ensuring a holistic and integrated approach to overall organizational security.

Knowledge of integrating software security into the software development cycle.

Understanding how to develop secure coding guidelines and train developers on those guidelines.

Ensure the number of software vulnerabilities are minimized by using static and dynamic analysis, including Fuzz testing, and penetration testing of applications.

Help develop integrity checks to ensure data is accurate. Knowledge on how to develop production security algorithms to help protect users and data.

Experience working with container security.

Provide DevOps security solution integration with various security test tools.

Working with application teams on security solution design and implementation. Be a security subject matter expert and respond to any internal security engineering questions/requests.

Accessing security solutions proof of value and conducting proof of concepts.

Educating other team members on application security standards and best practices.

Participating in enterprise technology and functional planning processes to develop standards and best practices.

Correctly balance security risk and product advancement.

Perform proactive research to detect new attack vectors.

Design and implement mitigations for common classes of bugs in a popular web framework before code is developed.

Qualifications

1. A master's degree in computer science from an accredited college or university and three (3) years of progressively more responsible, full-time, satisfactory experience in Information Technology (IT) including applications development, systems development, data communications and networking, database administration, data processing, or user services. At least eighteen (18) months of this experience must have been in an administrative, managerial or executive capacity in the areas of applications development, systems development, data communications and networking, database administration, data processing or in the supervision of staff performing these duties; or

2. A baccalaureate degree from an accredited college or university and four (4) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or

3. A four-year high school diploma or its educational equivalent, and six (6) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or

4. A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in "1" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in "1" above.

In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of the required experience in IT on the basis of 30 semester credits for six (6) months of the required experience. Graduate credits in computer science may be substituted for a maximum of one (1) year of the required experience in IT on the basis of 30 graduate semester credits in computer science for one (1) year of the required IT experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, executive, or supervisory capacity as described in "1" above.

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.