Application Security Analyst
Share
Job Location:
Brooklyn, NY - USA
Monthly Salary:
Not Disclosed
Posted on:
8 days ago
Vacancies:
1 Vacancy
Job Summary
For more details please connect with Kajal Verma at or call at .
Client: NYC Department of Social Services
Job Title: Application Security Analyst
Duration: Long Term Contract (Up to 36 Months Possible 2-Year Extension)
Location: Brooklyn New York (Onsite at DSS Data Center 505 Clermont Ave Brooklyn NY)
Position Type: Contract
Hours Per Week: 35
Interview Type: Both Web Cam and In Person Interview
Onsite/Remote/Hybrid: Onsite
Ceipal ID: NYCSEC325KV
Job Code:
Job Title: Application Security Analyst
Duration: Long Term Contract (Up to 36 Months Possible 2-Year Extension)
Location: Brooklyn New York (Onsite at DSS Data Center 505 Clermont Ave Brooklyn NY)
Position Type: Contract
Hours Per Week: 35
Interview Type: Both Web Cam and In Person Interview
Onsite/Remote/Hybrid: Onsite
Ceipal ID: NYCSEC325KV
Job Code:
Requirement ID: BID-DSS-ITS-C--24
Project: Data Center Co-location and Migration Project
Project Overview:
NYC DSS is ensuring security compliance and risk mitigation during its infrastructure modernization and migration initiative.
Job Description / Responsibilities:
The Application Security Analyst will ensure application security compliance and audit readiness.
Key Responsibilities:
Audit and analyze and accredit HRA/DSS/DHS Applications being moved as part of the Data Center Migration Project.
Scope/Tasks Breakdown:
- Evaluate Application vulnerability scan reports
- Document application vulnerabilities found in scan reports and define vulnerabilities mitigation SLAs
- Assess if the application vulnerabilities found in scan reports are within the Agency Risk Appetite
- Communicate and report application vulnerability findings to Business Owner(s) and IT Heads
- Develop application vulnerability mitigation strategy and mitigation controls to make the applications secure within the agency infrastructure environment
- Evaluate mitigated application vulnerabilities with development teams to perform security accreditation for production deployment
- Enforce Risk Acceptance Letter for applications seeking production deployment with unmitigated application vulnerabilities requiring approval from Business Owner(s) IT Head and CISO
Required Skills
- 8 years of experience in Application Security & Industry Standards (OWASP NIST)
- 8 years of experience in Secured Software Development Life Cycle (SSDLC)
- 8 years of experience in Threat Modelling & Risk Assessments
- 5 years of experience in Application Scanning for Vulnerabilities (SAST DAST)
- 8 years of experience in Integration of Security in CI/CD Pipeline DevOps Dev SecOps (Azure Jenkins)
- 8 years of experience in API Security & Access Controls (OAuth SAML SSO)
- 8 years of experience in Cloud Security
- 8 years of experience in Security Frameworks (NIST ISO 27001 PCI-DSS SOC 2 HIPAA GDPR FedRAMP HITRUST)
- 8 years of experience in Vulnerability Management & Penetration Testing
- 8 years of experience in Incident Response & Security Operations
- 8 years of experience in Security Training & Awareness
- 8 years of experience in Agile Environment Collaboration
- 8 years of experience in Project Management
- 8 years of experience in Cross-Functional Team Collaboration
- 8 years of experience in Client Engagement & Communication
- 8 years of experience with Operating Systems: Windows Server Apache Microsoft IIS Windows Linux VMware Citrix
- 8 years of experience with Technology Stack: Visual Visual Basic Cold Fusion JavaScript HTML C C# MS PowerApps Python Powershell Shell Scripting Selenium
- 8 years of experience with Security Tools - Must Have: VERACODE IBM Appscan SD Elements Burp Suite
- 8 years of experience with Security Tools - Plus to Have: CHEKMARX Fortify Prowler SonarQube SNYK Wireshark OWASP ZAP Rapid7 STRIDE
Nice to Have:
- Government/public sector experience
- Security certifications (CISSP CEH etc.)
- Experience in cloud or hybrid environments
V Group Inc. is a NJ-based IT Services and Products Company with its business strategically categorized in various Business Units including Public Sector Enterprise Solutions Professional Services Ecommerce Projects and Products. Within Public Sector business unit we cater IT Professional Services to Federal State and Local. We have multiple awards/ contracts with 30 states including but not limited to NY CA FL GA MD MI NC OH OR CO CT TN PA TX VA NM VT and WA.
If you are considering applying for a position with V Group or in partnering with us on a position please feel free to contact me for any questions you may have regarding our services and the advantages we can offer you as a consultant.
Please share my contact information with others working in Information Technology.
