Senior Application Security Engineer

Job Description

The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit oti.nyc.gov to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

About New York City Cyber Command
Cyber Command is charged with protecting all City systems against cyber threats, including systems that deliver vital services to New Yorkers. Headed by the Chief Information Security Officer of the City of New York, we provide in-depth support to over 100 agencies and offices to protect, detect, identify, respond to, and recover from cyber threats.

The Senior Application Security Engineer at NYC Cyber Command plays a pivotal role in safeguarding the city's digital infrastructure by identifying and mitigating security risks in software applications. Reporting to the Application Security Director, this role involves conducting in-depth security assessments using methodologies like SAST, DAST, and IAST to uncover vulnerabilities in citywide applications. The engineer will oversee the Software Security Assurance Program (SSAP) to ensure compliance with security standards across all city agencies, including cloud-based applications. Responsibilities also include developing and enforcing secure coding practices, managing the use of Software Composition Analysis (SCA) tools, and collaborating with cross-functional teams to implement security requirements effectively. This position is critical in protecting sensitive data, guiding development teams on security principles, and staying ahead of emerging cybersecurity threats. The Senior Application Security Engineer will also mentor junior team members and contribute to the continuous improvement of the city’s application security posture.

Responsibilities will include:
- Conduct and oversee security assessments, including SAST, DAST, and IAST, to identify vulnerabilities in citywide applications and software systems.
- Develop and enforce application security standards, guidelines, and best practices across all city agencies to ensure a secure development lifecycle.
- Evaluate security risks associated with software applications and prioritize remediation efforts to mitigate potential threats.
- Manage the Software Security Assurance Program (SSAP) to ensure that all software applications meet security standards before deployment.
- Oversee the use of Software Composition Analysis (SCA) tools to identify and manage vulnerabilities in open-source and third-party components used in city applications.
- Act as a liaison between cybersecurity teams, software developers, and other stakeholders to ensure security requirements are understood and implemented effectively.
- Perform security assessments of cloud vendors and services, ensuring that cloud-based applications meet NYC3’s security requirements.
- Provide guidance and training to development teams on secure coding practices and application security principles.
- Contribute to the development and implementation of security policies, procedures, and standards to protect the city’s digital infrastructure.
- Stay up to date with the latest cybersecurity threats, vulnerabilities, and technologies to enhance the security of the city’s applications.
- Mentor junior security engineers and developers on security practices and tools to build a stronger, more knowledgeable team.
- Lead or participate in security-related projects, ensuring timely and effective delivery of security solutions.
- Ensure that application security practices comply with relevant regulations, standards, and guidelines (e.g., NIST, OWASP).
- Handle special projects and initiatives as assigned.

HOURS/SHIFT
Day - Due to the necessary technical duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings.

WORK LOCATION
Brooklyn, NY

TO APPLY
* Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration

Please go to and search for Job ID #732030

SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW
APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL

OTI participates in E-Verify

IT SECURITY SPECIALIST - 95622

Qualifications

A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or,

Education and/or experience which is equivalent to "1" above.

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.