Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Executive Director, Application Security and Vulnerability Management
Company NYC Cyber Command
Location New York City
Preferred GIAC Certifications GSTRT, GCPM, GCIA, GCIH
Travel 10%
Salary 180k
URL https://a127-jobs.nyc.gov/psc/nycjobs/EMPLOYEE/HRMS/c/HRS_HRAM_FL.HRS_CG_SEARCH_FL.GBL?Page=HRS_APP_JBPST_FL&Action=U&FOCUS=Applicant&SiteId=1&JobOpeningId=445561&PostingSeq=1
Contact Name Apply through Website
Contact Email none/at/none.com
Expires 2021-05-18

Job Description

Business Title
Executive Director, Application Security and Vulnerability Management
Civil Service TitleIT SECURITY SPECIALIST
Title ClassificationNon-Competitive
Job CategoryTechnology, Data & Innovation
Career LevelExperienced (non-manager)
Work Location80 Maiden Lane
Division/Work Unit
# of Positions1
Title Code No95622 Level00
Proposed Salary Range$180,000.00 (Annual)
Email this Job
Job Description
About New York City Cyber Command
New York City Cyber Command (NYC3) is committed to protecting City systems that provide vital services to New Yorkers from cyber threats, and helping residents become safer in their digital lives.

As the organization defending the largest municipality in the country, NYC3 is charged with directing citywide incident response, setting citywide cybersecurity policies and standards and working with city agencies to strengthen their cyber defenses.

Job Description
- Lead and further develop the application security and vulnerability management teams;
- Lead and/or support penetration testing on enterprise network assets;
- Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing of web applications and operating systems;
- Lead the technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications);
- Make recommendations regarding the selection of security controls to mitigate risk (e.g., protection of information, systems and processes);
- Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions;
- Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.
Minimum Qual Requirements
A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or,

Education and/or experience which is equivalent to "1" above.
Preferred Skills
The preferred candidate should possess the following:
- 10+ years of experience in application security or vulnerability management (both a plus); of which 4+ years in large, complex enterprise environments;
- Excellent written and verbal communication skills;
- Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture;
- Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation);
- Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
To Apply
* Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration

For City employees, please go to Employee Self Service (ESS), click on Recruiting Activities > Careers, and search for Job ID #445561
For all other applicants, please go to www.nyc.gov/jobs/search and search for Job ID #445561

SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW
APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL

Department of Information Technology & Telecommunications and the City of New York are equal opportunity employers.

DoITT participates in E-Verify
Hours/Shift
Day - Due to the necessary technical support duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings.
Work Location
New York, NY
Residency Requirement
New York City Residency is not required for this position
POSTING DATE01/28/2021