Application Security Analyst (Hybrid)

The Application Security Analyst is responsible for system policies and architecture, application security, system implementation and security integration. The Application Security Analyst will respond to and document security incidents, maintain the highest level of competency in the security field through continued education.

Duties & Responsibilities:

Lead vulnerability assessments and provide recommendations for remediation

Review security elements in the Software Development Lifecycle (and off shelf software)

Routinely test applications for vulnerabilities

Recommend and perform penetration tests

Monitor the internet for NYCM's footprint and work to remove any data regarded as inappropriate

Build security architecture under supervision, translate security and risk framework into guidance and monitor adherence to architecture

Assist in the implementation of systems, ensuring that security best practices are applied to customer applications and IT operations management systems

Perform static/dynamic code testing, and manual code inspection and implement application security best practices

Responsible for incident management process, including preparedness, response, and investigation

Research emerging threats and make determinations as to corporate risk level

Participates in afterhours monitoring and make quick decisions regarding threats

Work with software developers to maintain application security, including development and implementation of application security training program

Monitor and update the Software Development Lifecycle documentation

Create and update incident management process

Contribute to the development of security policies and security standards

Meet project schedules and communicate project status on a regular basis for supervisor

Work with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept, and pilot installations

Attend meetings and seminars

Be available to work additional hours, as the business need dictates

Other duties as assigned

Requirements:

Associate degree in a technical field or certification program in cybersecurity

Commensurate experience equivalent to a bachelor's degree in cybersecurity, computer science, engineering, information security, networking, or related technical field

Qualifications/Skills:

Excellent technical skills

Excellent knowledge of application security

Experience with various penetration testing tools

Knowledge of Ethical Hacking processes

Pro-active attitude towards learning and applying security best practices with industry standard security certifications to be obtained

Problem solving and logical thinking skills

General knowledge of programming languages

Organizational and prioritization skills

Work independently or as a team member on assigned projects

Payband: 6N / Hours: 37.5 per week

Salary Range: $62,625 - $104,438

Accepting applications until: 5/23/2025