Campus Pride Jobs

Job Description

SPECIAL NOTE: CANDIDATES WITH A PERMANENT CYBER SECURITY ANALYST OR COMPARABLE CIVIL SERVICE TITLE WITH SIMILAR DUTIES/RESPONSIBILITES ARE ENCOURAGED TO APPLY. PLEASE INCLUDE YOUR EMPLOYEE IDENTIFICATION NUMBER (EIN) WHEN APPLYING AND INDICATE IN YOUR COVER LETTER YOUR PERMANENT CIVIL SERVICE TITLE.

The NYC Department of Finance (DOF) is responsible for administering the tax revenue laws of the city fairly, efficiently, and transparently to instill public confidence and encourage compliance while providing exceptional customer service.

The Finance Information Technology (FIT) Division designs, builds, and supports all facets of DOF’s computer systems, including hardware, software, applications, infrastructure, telephone, and data security. FIT delivers and administers tax-related payment programs for the City of New York by providing the information technology solutions needed to achieve its mission of collecting revenue while ensuring an efficient and improved customer experience. FIT is also responsible for the systems and websites which enable citywide payments, land records, property assessment, parking adjudications, customer service, and the Sheriff’s public safety work.

As a member of Finance Cyber Security Governance team, the selected candidate will work within a multi-disciplined team to provide expertise on application security and DevSecOps initiatives to guide the application development community to utilize the best security practices. The candidate will work to help further develop and refine the Finance Cyber Security program into SDLC as that process matures.

Duties and responsibilities will include, but are not limited to:

• Conduct thorough assessment of applications to identify and analyze potential security vulnerabilities.

• Coordinate and perform penetration testing, code reviews, and other security tests to ensure applications meet security standards.

• Provide engineering and development direction for application security designs that solve business problems.

• Effectively use and manage security scanning tools to identify and mitigate security risks in applications.

• Evaluate and prioritize security risks, providing recommendations for remediation to enhance the overall security posture of applications.

• Develop, implement, and enforce security policies and best practices for application development and deployment.

• Work closely with development and IT teams to integrate security measures into the software development life-cycle and address security issues promptly.

• Actively participate in incident response activities, investigating and resolving security incidents related to applications.

• Collaborate with other teams to help architect solutions that are inherently secure.

• Promote security awareness among development teams, fostering a culture of security-conscious application development.

• Ensure applications comply with relevant security standards, regulations, and industry best practices.

• Maintain accurate documentation of security processes, assessments, and remediation efforts.

• Provide / partner to provide training sessions to educate development teams on secure coding practices and emerging security threats.

• Stay abreast of the latest security trends, vulnerabilities, and technologies, incorporating new knowledge into security strategies.

• Effectively communicate security risks and solutions to both technical and non-technical stakeholders, facilitating a clear understanding of potential threats.

• Contribute to cross-functional security initiatives, ensuring a holistic and integrated approach to overall organizational security.

• Knowledge of integrating software security into the software development cycle.

• Understanding how to develop secure coding guidelines and train developers on those guidelines.

• Ensure the number of software vulnerabilities are minimized by using static and dynamic analysis. Including Fuzz testing, and penetration testing of applications.

• Help develop integrity checks to ensure data is accurate. Knowledge on how to develop production security algorithms to help protect users and data.

• Experience working with container security.

• Provide DevOps security solution integration with various security test tools.

• Working with application teams on security solution design and implementation. Be a security subject matter expert and respond to any internal security engineering questions/request.

• Accessing security solutions proof of value and conducting proof of concepts.

• Educating other team members on application security standards and best practices.

• Participating in enterprise technology and functional planning processes to develop standards and best practices.

• Correctly balance security risk and product advancement.

• Perform proactive research to detect new attack vectors.

• Design and implement mitigations for common classes of bugs in a popular web framework before code is developed.

Qualifications

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.