Overview
On Site
Full Time
Skills
Innovation
Broadband
Video
Social Media
Information Security
Pivotal
Reporting
Regulatory Compliance
Continuous Improvement
Training
Cyber Security
Mentorship
IT Security
Computer Science
Information Systems
Mobile Development
HTML
Relational Databases
Threat Modeling
Vulnerability Management
Testing
SCA
Management
Open Source
Software Development
Security QA
Continuous Integration and Development
Cloud Computing
Amazon Web Services
Microsoft Azure
Google Cloud Platform
Google Cloud
Cloud Security
Programming Languages
Java
Python
JavaScript
C#
DevSecOps
Continuous Integration
Continuous Delivery
Collaboration
OWASP
HIPAA
Firewall
WAF
Conflict Resolution
Problem Solving
Software Security
Certified Ethical Hacker
Web Applications
Recruiting
Job Details
Job Description
The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit oti.nyc.gov to learn more.
At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.
About New York City Cyber Command
Cyber Command is charged with protecting all City systems against cyber threats, including systems that deliver vital services to New Yorkers. Headed by the Chief Information Security Officer of the City of New York, we provide in-depth support to over 100 agencies and offices to protect, detect, identify, respond to, and recover from cyber threats.
The Senior Application Security Engineer at NYC Cyber Command plays a pivotal role in safeguarding the city's digital infrastructure by identifying and mitigating security risks in software applications. Reporting to the Application Security Director, this role involves conducting in-depth security assessments using methodologies like SAST, DAST, and IAST to uncover vulnerabilities in citywide applications. The engineer will oversee the Software Security Assurance Program (SSAP) to ensure compliance with security standards across all city agencies, including cloud-based applications. Responsibilities also include developing and enforcing secure coding practices, managing the use of Software Composition Analysis (SCA) tools, and collaborating with cross-functional teams to implement security requirements effectively. This position is critical in protecting sensitive data, guiding development teams on security principles, and staying ahead of emerging cybersecurity threats. The Senior Application Security Engineer will also mentor junior team members and contribute to the continuous improvement of the city's application security posture.
Responsibilities will include:
- Conduct and oversee security assessments, including SAST, DAST, and IAST, to identify vulnerabilities in citywide applications and software systems.
- Develop and enforce application security standards, guidelines, and best practices across all city agencies to ensure a secure development lifecycle.
- Evaluate security risks associated with software applications and prioritize remediation efforts to mitigate potential threats.
- Manage the Software Security Assurance Program (SSAP) to ensure that all software applications meet security standards before deployment.
- Oversee the use of Software Composition Analysis (SCA) tools to identify and manage vulnerabilities in open-source and third-party components used in city applications.
- Act as a liaison between cybersecurity teams, software developers, and other stakeholders to ensure security requirements are understood and implemented effectively.
- Perform security assessments of cloud vendors and services, ensuring that cloud-based applications meet NYC3's security requirements.
- Provide guidance and training to development teams on secure coding practices and application security principles.
- Contribute to the development and implementation of security policies, procedures, and standards to protect the city's digital infrastructure.
- Stay up to date with the latest cybersecurity threats, vulnerabilities, and technologies to enhance the security of the city's applications.
- Mentor junior security engineers and developers on security practices and tools to build a stronger, more knowledgeable team.
- Lead or participate in security-related projects, ensuring timely and effective delivery of security solutions.
- Ensure that application security practices comply with relevant regulations, standards, and guidelines (e.g., NIST, OWASP).
- Handle special projects and initiatives as assigned.
HOURS/SHIFT
Day - Due to the necessary technical duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings.
WORK LOCATION
Brooklyn, NY
TO APPLY
* Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration
Please go to and search for Job ID #732030
SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW
APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL
OTI participates in E-Verify
IT SECURITY SPECIALIST - 95622
Minimum Qualifications
A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or,
Education and/or experience which is equivalent to "1" above.
Preferred Skills
The preferred candidate should possess the following: - Bachelor's degrees in computer science or information systems or equivalent experience. - 8 years of experience in software development and security - Familiarity with programming technologies and logical structures used in web, non-web, native, and mobile software development, including languages like Java, C#, JavaScript, HTML, and others. - Knowledge of relational databases, web applications and services - Strong understanding of application security principles, including secure coding practices, threat modeling, and vulnerability management. - Experience with security testing methodologies such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST). - Knowledge of Software Composition Analysis (SCA) tools and practices to identify and manage open-source components and their associated risks. - Ability to evaluate security risks in software applications and prioritize remediation efforts based on potential impact. - Experience integrating security practices into the software development lifecycle, including code reviews, security testing, and continuous integration/continuous deployment (CI/CD) pipelines. - Understanding of securing applications in cloud environments (e.g., AWS, Azure, Google Cloud) and familiarity with cloud security best practices. - Proficiency in one or more programming languages (e.g., Java, Python, JavaScript, C#) to understand and review code from a security perspective. - Experience with DevSecOps practices, including automation of security tasks in CI/CD pipelines and collaboration with development teams. - Familiarity with relevant security standards and regulations (e.g., OWASP, NIST, HIPAA) and how they apply to application security. - Experience with a variety of security tools, such as vulnerability scanners, SAST/DAST tools, and application firewalls (WAF). - Strong problem-solving skills and the ability to think analytically when addressing security challenges. - Ability to clearly communicate security issues and risks to both technical and non-technical stakeholders. - A commitment to staying updated with the latest trends, vulnerabilities, and tools in the application security field. - Relevant certifications such as Certified Ethical Hacker (CEH), GIAC Web Application Penetration Tester (GWAPT) are a plus.
Public Service Loan Forgiveness
As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education's website at ;br>
Residency Requirement
New York City Residency is not required for this position
Additional Information
The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.
The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit oti.nyc.gov to learn more.
At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.
About New York City Cyber Command
Cyber Command is charged with protecting all City systems against cyber threats, including systems that deliver vital services to New Yorkers. Headed by the Chief Information Security Officer of the City of New York, we provide in-depth support to over 100 agencies and offices to protect, detect, identify, respond to, and recover from cyber threats.
The Senior Application Security Engineer at NYC Cyber Command plays a pivotal role in safeguarding the city's digital infrastructure by identifying and mitigating security risks in software applications. Reporting to the Application Security Director, this role involves conducting in-depth security assessments using methodologies like SAST, DAST, and IAST to uncover vulnerabilities in citywide applications. The engineer will oversee the Software Security Assurance Program (SSAP) to ensure compliance with security standards across all city agencies, including cloud-based applications. Responsibilities also include developing and enforcing secure coding practices, managing the use of Software Composition Analysis (SCA) tools, and collaborating with cross-functional teams to implement security requirements effectively. This position is critical in protecting sensitive data, guiding development teams on security principles, and staying ahead of emerging cybersecurity threats. The Senior Application Security Engineer will also mentor junior team members and contribute to the continuous improvement of the city's application security posture.
Responsibilities will include:
- Conduct and oversee security assessments, including SAST, DAST, and IAST, to identify vulnerabilities in citywide applications and software systems.
- Develop and enforce application security standards, guidelines, and best practices across all city agencies to ensure a secure development lifecycle.
- Evaluate security risks associated with software applications and prioritize remediation efforts to mitigate potential threats.
- Manage the Software Security Assurance Program (SSAP) to ensure that all software applications meet security standards before deployment.
- Oversee the use of Software Composition Analysis (SCA) tools to identify and manage vulnerabilities in open-source and third-party components used in city applications.
- Act as a liaison between cybersecurity teams, software developers, and other stakeholders to ensure security requirements are understood and implemented effectively.
- Perform security assessments of cloud vendors and services, ensuring that cloud-based applications meet NYC3's security requirements.
- Provide guidance and training to development teams on secure coding practices and application security principles.
- Contribute to the development and implementation of security policies, procedures, and standards to protect the city's digital infrastructure.
- Stay up to date with the latest cybersecurity threats, vulnerabilities, and technologies to enhance the security of the city's applications.
- Mentor junior security engineers and developers on security practices and tools to build a stronger, more knowledgeable team.
- Lead or participate in security-related projects, ensuring timely and effective delivery of security solutions.
- Ensure that application security practices comply with relevant regulations, standards, and guidelines (e.g., NIST, OWASP).
- Handle special projects and initiatives as assigned.
HOURS/SHIFT
Day - Due to the necessary technical duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings.
WORK LOCATION
Brooklyn, NY
TO APPLY
* Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration
Please go to and search for Job ID #732030
SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW
APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL
OTI participates in E-Verify
IT SECURITY SPECIALIST - 95622
Minimum Qualifications
A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or,
Education and/or experience which is equivalent to "1" above.
Preferred Skills
The preferred candidate should possess the following: - Bachelor's degrees in computer science or information systems or equivalent experience. - 8 years of experience in software development and security - Familiarity with programming technologies and logical structures used in web, non-web, native, and mobile software development, including languages like Java, C#, JavaScript, HTML, and others. - Knowledge of relational databases, web applications and services - Strong understanding of application security principles, including secure coding practices, threat modeling, and vulnerability management. - Experience with security testing methodologies such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST). - Knowledge of Software Composition Analysis (SCA) tools and practices to identify and manage open-source components and their associated risks. - Ability to evaluate security risks in software applications and prioritize remediation efforts based on potential impact. - Experience integrating security practices into the software development lifecycle, including code reviews, security testing, and continuous integration/continuous deployment (CI/CD) pipelines. - Understanding of securing applications in cloud environments (e.g., AWS, Azure, Google Cloud) and familiarity with cloud security best practices. - Proficiency in one or more programming languages (e.g., Java, Python, JavaScript, C#) to understand and review code from a security perspective. - Experience with DevSecOps practices, including automation of security tasks in CI/CD pipelines and collaboration with development teams. - Familiarity with relevant security standards and regulations (e.g., OWASP, NIST, HIPAA) and how they apply to application security. - Experience with a variety of security tools, such as vulnerability scanners, SAST/DAST tools, and application firewalls (WAF). - Strong problem-solving skills and the ability to think analytically when addressing security challenges. - Ability to clearly communicate security issues and risks to both technical and non-technical stakeholders. - A commitment to staying updated with the latest trends, vulnerabilities, and tools in the application security field. - Relevant certifications such as Certified Ethical Hacker (CEH), GIAC Web Application Penetration Tester (GWAPT) are a plus.
Public Service Loan Forgiveness
As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education's website at ;br>
Residency Requirement
New York City Residency is not required for this position
Additional Information
The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.