City of New York logo

Application Security Analyst

City of New York
Full-time
On-site
New York City, New York, United States

Job Description

APPLICANTS MUST BE PERMANENT IN THE COMPUTER SPECIALIST (SOFTWARE) CIVIL SERVICE TITLE. OR IN A COMPARABLE TITLE ELIGIBLE FOR 6.1.9. OR MUST BE REACHABLE ON THE LIST FOR THE COMPUTER SPECIALIST (SOFTWARE) EXAMINATION 1139.

The Department of Social Services Accountability Office (DSS-AO) is responsible for supporting the integrity of social services programs administered by the New York City Human Resources Administration (HRA), Department of Social Services (DSS) and Department of Homeless Services (DHS). DSS-AO maintains the operation of the Office of Audit and Quality Assurance, Special Investigations Division (SID), Office of Accountability Strategies (OAS), Compliance and Contract Monitoring (CCM), Investigation, Revenue and Enforcement Administration (IREA), Office of Data Security Management (ODSM), Accountability Initiative and Change Monitoring (AICM) and Business Process Innovation (BPI).

Within DSS-AO, the Office of Data Security Management (ODSM) is responsible for the implementation and management of the Agency’s cyber security program. ODSM works closely with NYC Cyber Command and is tasked with continuously improving the Agency’s risk posture by ensuring appropriate security controls are in place to protect the confidentiality, integrity and availability of Agency information resources.

The Office of Data Security Management is recruiting for (1) Computer Specialist Software II to function as a Application Security Specialist who will:

- Primarily responsible for application security assessments and code review as part of the software development lifecycle (SDLC). Scan for, analyze, and disposition of vulnerabilities.

- Provide regular status reports on the security of the software within the organization. Implement and govern automated secure coding tools and processes (SAST, DAST) to review code as it is written, promoted through the development lifecycle, and into production.

- Detect, analyze, and eliminate viruses and malicious code. Work with information security analysts to refine web application penetration testing methods and breadth of security services. Collect, analyze, triage, and disposition information from all threat sources.

- Develop processes to monitor active system users and their system usage for appropriateness, including but not limited to developing inappropriate access and usage scenarios, performing data matches and big data manipulation, and using appropriate tools.

- Assist with periodic security risk assessments, IT security audits, and management reporting. Help Build, maintain, and enforce application security development policies, procedures& standards.

- Maintain liaison with technical staff in federal agencies such as the Department of Homeland Security (DHS), state agencies such as the NYS Office of Temporary Disability and Assistance (OTDA), representatives of other networks and technical representatives of vendors of security software.

- Assist in official investigations by generating PC and application log data as well as internet activity history reports for the users in question, and scan computers for any unauthorized software or processes. Organize and develop responses to security audits requested by various internal and external entities.

Hours/Schedule: 9 am to 5 pm

Qualifications

(1) A baccalaureate degree from an accredited college, including or supplemented by twenty-four (24) semester credits in computer science or a related computer field and two (2) years of satisfactory full-time software experience in designing, programming, debugging, maintaining, implementing, and enhancing computer software applications, systems programming, systems analysis and design, data communication software, or database design and programming, including one year in a project leader capacity or as a major contributor on a complex project; or
(2) A four-year high school diploma or its educational equivalent and six (6) years of full-time satisfactory software experience as described in β€œ1" above, including one year in a project leader capacity or as a major contributor on a complex project; or
(3) A satisfactory combination of education and experience that is equivalent to (1) or (2) above. College education may be substituted for up to two years of the required experience in (2) above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. A masters degree in computer science or a related computer field may be substituted for one year of the required experience in (1) or (2) above. However, all candidates must have a four year high school diploma or its educational equivalent, plus at least one (1) year of satisfactory full-time software experience in a project leader capacity or as a major contributor on a complex project.
NOTE: In order to have your experience accepted as Project Leader or Major Contributor experience, you must explain in detail how your experience qualifies you as a project leader or as a major contributor. Experience in computer operations, technical support, quality assurance (QA), hardware installation, help desk, or as an end user will not be accepted for meeting the minimum qualification
requirements.
Special Note
To be eligible for placement in Assignment Level IV, in addition to the Qualification Requirements stated above, individuals must have one year of satisfactory experience in a project leader capacity or as a major contributor on a complex project in data administration, database management systems, operating systems, data communications systems, capacity planning, and/or on-line applications programming.

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.