Job Information
UNIVERSAL Technologies, LLC MYCITY Senior Application Security Engineer in New York, New York
UNIVERSAL Technologies is seeking a MYCITY Senior Application Security Engineer for an onsite position in New York, New York. Candidates with an active LinkedIn account are preferred.
WHO WE ARE:
UNIVERSAL Technologies, LLC is a Women-Owned (M/WBE) IT solutions and consulting company focused on delivering enterprise systems that significantly improve our clients' IT performance. We work across the IT spectrum, including Development, Business/Systems/Data Analysis, Project Management, Cyber Security, Network Engineering, and High-Level System Architecture.
The pride in the services we provide and the accessibility and flexibility we offer to employees are what make UNIVERSAL Technologies stand out! We aim to propel your IT career to the next level and excite our employees with new and challenging projects.
WHAT WE OFFER:
Our W2 employees can expect the following benefits:
Competitive pay
Health/Dental Insurance
Group Life Insurance
401K
HSA/FSA
Pre-Tax Transportation Program
Generous Paid Time Off/Holiday Policy
SCOPE OF SERVICES:
The MYCITY Senior Application Security Engineer will play a crucial role in securing Citywide cybersecurity solutions deployed in large, complex networked environments. The ideal candidate will provide expertise at various stages of planning and implementing security design, processes, and solutions while ensuring effective communication with NYC Cyber Command leadership, engineering, architecture, and application security teams.
TASKS:
Perform comprehensive cybersecurity risk analysis, identifying and prioritizing risks specifically related to application security.
Develop, socialize, and implement security strategies to address vulnerabilities in web applications, microservices, APIs, and mobile applications.
Track and manage progress against security plans, ensuring timely remediation of identified vulnerabilities.
Lead security implementation in application development projects, ensuring "secure by design" practices.
Create and maintain architecture diagrams, outlining secure communication flows, and develop security design documents.
Troubleshoot and resolve application security issues in collaboration with internal teams and external vendors.
Translate application compliance requirements into specific security controls, recommending compensating measures where appropriate.
Regularly report on the organization’s security posture, focusing on application vulnerabilities, to senior management.
Perform/coordinate application vulnerability assessments and ensure timely remediation in collaboration with Development, IT, and Systems teams.
Implement secure coding practices, perform static and dynamic application security testing (SAST/DAST), and support developers with secure code reviews.
Monitor security incidents and respond to application-level threats, ensuring quick resolution of potential vulnerabilities.
Establish and enforce secure configurations for applications and their underlying infrastructure, such as databases and APIs.
Perform threat simulations to detect risks and recommend improvements for securing application designs, API security, identity management, and access control measures.
Collaborate with teams to ensure continuous integration and continuous deployment (CI/CD) pipelines incorporate security controls.
MANDATORY SKILLS/EXPERIENCE:
Note: Candidates who do not have the mandatory skills will not be considered.
Minimum of 12 years of experience in application security, including vulnerability assessments, penetration testing, and secure code reviews.
Extensive experience in secure application development, including security frameworks like OWASP Top 10, and guiding development teams in implementing secure coding practices.
Proficiency in Software Composition Analysis (SCA) tools (e.g., Veracode, AppSec) for identifying and managing vulnerabilities in open-source libraries and third-party components.
Advanced knowledge of Static and Dynamic Application Security Testing (SAST/DAST) tools (e.g., Veracode, AppSec, Burp Suite) and integrating these tools into CI/CD pipelines for automated security checks.
Strong cloud security expertise, including securing applications and workloads on AWS, Azure, or GCP, and experience with Web Application Firewalls (WAF) and cloud-native security services.
PREFERRED SKILLS/EXPERIENCE:
Advanced cloud security experience: Securing cloud environments (AWS, Azure, GCP) using WAFs and implementing IAM, encryption, and monitoring tools.
Experience with scripting and automation: Using Python, Bash, or PowerShell to automate security tasks and integrate security testing tools.
Strong communication skills: Ability to explain complex security concepts to both technical teams and non-technical stakeholders.
Leadership and mentoring skills: Experience leading security teams, mentoring junior engineers, and fostering a security-aware culture.
Collaboration and cross-functional teamwork: Ability to integrate security across development, DevOps, and IT teams to align security with business objectives.
Highly flexible and willing to learn new technologies.
Highly organized with excellent analytical, problem-solving, and decision-making skills.
ADDITIONAL QUALIFICATIONS:
Certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP), or GIAC Web Application Penetration Tester (GWAPT) are highly preferred.
Knowledge of compliance standards like NIST, PCI-DSS, and GDPR and how they apply to application security.
UNIVERSAL Technologies is an Equal Opportunity Employer.