Cyber Command Project Manager

Title: Cyber Command Project Manager

Client: NYC Agency

Location: New York (Remote)

Duration: 24 Months

Working Hours: 35 Hours per Week

Description:

• Perform application security services including risk assessments, architecture reviews, and code review for internal and third-party applications

• Coordinate with developers, project teams, and third-party vendors to assess and guide secure software development and integration

• Provide consultative guidance during design, development, and deployment phase of new solutions

• Review threat models, validate security controls, and ensure alignment with security policies

• Review and interpret security testing reports and vulnerability findings, and assist with risk remediation strategies

• Contribute improvements in existing AppSec process, workflows, and documentation

• Participate in defining and expanding secure software development lifecycle practices across the organization

• Support the development and refinement of policy and governance documents related to software security

• Track and report on security metrics, status of findings, and overall risk trends

• Support management of tools, resources, and schedules for security testing

Requirements:

• At least 8 years of hands-on experience in application security, secure software development, or security consulting

• Experience conducting security reviews (code, design threat modeling, architecture) for modern applications (web, mobile, cloud-native)

• Strong knowledge of secure development practices, OWASP Top 10, and relevant standards

• Ability to communicate technical risks and recommendations clearly to technical and non-technical audiences

• Familiarity with tools used in code analysis, vulnerability scanning, and security testing

• Experience working cross-functionally with developers, engineers, and product teams

Desirable skills:

• Experience working within or alongside DevOps/CI-CD environments

• Familiarity with container security, API security, and cloud-native application architectures (AWS, Azure, Google Cloud Platform)

• Experience supporting security governance or policy development

• Experience with risk exception processes or helping define security risk tolerances

• Experience in large, complex organizations or government/public sector environment

• Experience with third-party risk assessments, vendor management, or SaaS reviews