Enable job alerts via email!

Senior Application Security Engineer

Gov Services Hub

New York (NY)

On-site

USD 90,000 - 150,000

Full time

30+ days ago

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

An established industry player is seeking a Senior Application Security Engineer to enhance cybersecurity across complex environments. This pivotal role involves conducting risk assessments, developing security strategies for applications, and collaborating with various teams to ensure security is embedded throughout the development lifecycle. The ideal candidate will possess extensive experience in application security, vulnerability assessments, and secure coding practices. Join a forward-thinking organization committed to delivering secure and user-friendly digital experiences while making a significant impact on the city's cybersecurity posture.

Qualifications

12+ years in application security with a focus on vulnerability assessments.
Expertise in secure application development and OWASP Top 10 practices.

Responsibilities

Conduct comprehensive cybersecurity risk analysis and prioritize security risks.
Develop and implement security strategies for web applications and APIs.

Skills

Application Security

Vulnerability Assessments

Penetration Testing

Secure Application Development

Software Composition Analysis

SAST/DAST Tools

Cloud Security

Scripting

Leadership

Communication Skills

Education

Bachelor's Degree in Computer Science or related field

Certifications (CISSP, CEH, CCSP, GWAPT)

Tools

Veracode

Burp Suite

AWS

Azure

GCP

New York, United States | Posted on 02/25/2025

Candidates must submit a government-issued ID (Driver’s License or Passport).
Candidates must provide three professional references (including names, official emails, and phone numbers).
State experience is required.

Job Description:

The My City portal is a single platform designed to simplify interactions with City services. This initiative focuses on delivering secure, seamless, and user-friendly digital experiences. Several key projects are underway, including Childcare, Business Portal, and Workforce Development Services.

The NYC Cyber Command is seeking a Senior Application Security Engineer to enhance security across large, complex networked environments. The ideal candidate will provide security guidance, risk assessments, and technical leadership throughout the application development lifecycle.

This role requires close collaboration with NYC Cyber Command leadership, engineering teams, incident response teams, and application security practitioners to strengthen the City's cybersecurity posture.

Responsibilities:

Conduct comprehensive cybersecurity risk analysis and prioritize security risks in applications.
Develop and implement security strategies for web applications, microservices, APIs, and mobile applications.
Track and manage remediation efforts against security vulnerabilities.
Enforce “secure by design” principles in application development.
Maintain architecture diagrams and create security design documents.
Troubleshoot and resolve application security issues in coordination with internal teams and vendors.
Translate compliance requirements into specific security controls.
Perform vulnerability assessments, penetration testing, and secure code reviews.
Integrate SAST/DAST tools into CI/CD pipelines for automated security checks.
Monitor and respond to application-level security threats.
Implement secure configurations for applications, databases, and APIs.
Conduct threat simulations and recommend security improvements for API security, identity management, and access control.
Collaborate with teams to ensure security is embedded within CI/CD pipelines.

Mandatory Skills/Experience:

12+ years in application security, conducting vulnerability assessments, penetration testing, and secure code reviews.
Expertise in secure application development, implementing OWASP Top 10 security practices.
Proficiency in Software Composition Analysis (SCA) tools (e.g., Veracode, AppSec).
Hands-on experience with SAST/DAST tools (e.g., Veracode, AppSec, Burp Suite) and CI/CD security integration.
Strong cloud security expertise with AWS, Azure, or GCP, including WAFs and cloud-native security services.
Advanced cloud security expertise (AWS, Azure, GCP) including IAM, encryption, monitoring tools, and Web Application Firewalls (WAF).
Scripting and automation experience using Python, Bash, or PowerShell.
Strong communication skills for explaining security concepts to both technical and non-technical teams.
Leadership experience in mentoring security teams and fostering security awareness.
Ability to collaborate cross-functionally with DevOps, IT, and development teams.
Highly adaptable and willing to learn new security technologies.
Strong analytical, problem-solving, and decision-making skills.

Additional Qualifications:

Preferred certifications:
- CISSP (Certified Information Systems Security Professional)
- CEH (Certified Ethical Hacker)
- CCSP (Certified Cloud Security Professional)
- GWAPT (GIAC Web Application Penetration Tester)
Knowledge of compliance frameworks such as NIST, PCI-DSS, and GDPR.

Skill Matrix:

Skill

Years of Experience

Application Security
Required
12+ Years

Vulnerability Assessments & Pen Testing
Required
10+ Years

Secure Application Development (OWASP)
Required
8+ Years

Software Composition Analysis (SCA)
Required
5+ Years

SAST/DAST Tools (Veracode, Burp Suite)
Required
5+ Years

Cloud Security (AWS, Azure, GCP)
Required
5+ Years

CI/CD Security Integration
Required
5+ Years

Web Application Firewalls (WAF)
Preferred
3+ Years

Scripting (Python, Bash, PowerShell)
Preferred
3+ Years

Compliance (NIST, PCI-DSS, GDPR)
Preferred
3+ Years

Leadership & Team Mentorship
Preferred
3+ Years

Certifications (CISSP, CEH, CCSP, GWAPT)
Preferred
N/A

Get your free, confidential resume review.

or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.

Similar jobs

Sr. Application Security Engineer

Alteryx, Inc

Remote

USD 129.000 - 161.000

4 days ago

Be an early applicant