Cyber Command Software Security Assurance Project Manager

Cyber Command Software Security Assurance Project Manager

Posted 6 days ago by 1754465951

Apply
Negotiable
Outside
Remote
USA
Apply
Application Programming Interface (API) Application Security Cloud-Native Applications Cloud Computing Cloud Technology Code Review Container Security Google Cloud Google Cloud Platform (GCP) Management Microsoft Azure Mobile Devices Open Web Application Security Project (OWASP) Project Assurance Project Management Security Testing Software as a Service (SaaS) Software Development Software Security Stakeholder Management Threat Modeling Vulnerability Vulnerability Scanning Workflows

Summary: The Cyber Command Software Security Assurance Project Manager will lead the integration of secure software development practices within NYC agencies through the Software Security Assurance Program. This role involves conducting application security services, coordinating with various stakeholders, and enhancing existing security processes. The position requires extensive experience in application security and the ability to communicate technical risks effectively. The role is remote and classified as outside IR35.

Key Responsibilities:

  • Perform application security services including risk assessments, architecture reviews, and code review for internal and third-party applications
  • Coordinate with developers, project teams, and third-party vendors to assess and guide secure software development and integration
  • Provide consultative guidance during design, development, and deployment phase of new solutions
  • Review threat models, validate security controls, and ensure alignment with security policies
  • Review and interpret security testing reports and vulnerability findings, and assist with risk remediation strategies
  • Contribute improvements in existing AppSec process, workflows, and documentation
  • Participate in defining and expanding secure software development lifecycle practices across the organization
  • Support the development and refinement of policy and governance documents related to software security
  • Track and report on security metrics, status of findings, and overall risk trends
  • Support management of tools, resources, and schedules for security testing

Key Skills:

  • At least 12 years of hands-on experience in application security, secure software development, or security consulting
  • Experience conducting security reviews (code, design threat modeling, architecture) for modern applications (web, mobile, cloud-native)
  • Strong knowledge of secure development practices, OWASP Top 10, and relevant standards
  • Ability to communicate technical risks and recommendations clearly to technical and non-technical audiences
  • Familiarity with tools used in code analysis, vulnerability scanning, and security testing
  • Experience working cross-functionally with developers, engineers, and product teams

Salary (Rate): undetermined

City: undetermined

Country: USA

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Role: Cyber Command Software Security Assurance Project Manager
Duration: 24 Months Contract

Scope Of Services
New York City Cyber Command within the Office of Technology and Innovation seeks a Software Security Assurance Project Manager to support the adoption of secure-by-design practices into NYC agencies software development lifecycle through our Software Security Assurance Program (SSAP).

Tasks:

  • Perform application security services including risk assessments, architecture reviews, and code review for internal and third-party applications
  • Coordinate with developers, project teams, and third-party vendors to assess and guide secure software development and integration
  • Provide consultative guidance during design, development, and deployment phase of new solutions
  • Review threat models, validate security controls, and ensure alignment with security policies
  • Review and interpret security testing reports and vulnerability findings, and assist with risk remediation strategies
  • Contribute improvements in existing AppSec process, workflows, and documentation
  • Participate in defining and expanding secure software development lifecycle practices across the organization
  • Support the development and refinement of policy and governance documents related to software security
  • Track and report on security metrics, status of findings, and overall risk trends
  • Support management of tools, resources, and schedules for security testing

Mandatory Skills/Experience
  • At least 12 years of hands-on experience in application security, secure software development, or security consulting
  • Experience conducting security reviews (code, design threat modeling, architecture) for modern applications (web, mobile, cloud-native)
  • Strong knowledge of secure development practices, OWASP Top 10, and relevant standards
  • Ability to communicate technical risks and recommendations clearly to technical and non-technical audiences
  • Familiarity with tools used in code analysis, vulnerability scanning, and security testing
  • Experience working cross-functionally with developers, engineers, and product teams

Desirable skills/experience:
  • Experience working within or alongside DevOps/CI-CD environments
  • Familiarity with container security, API security, and cloud-native application architectures (AWS, Azure, Google Cloud Platform)
  • Experience supporting security governance or policy development
  • Experience with risk exception processes or helping define security risk tolerances
  • Experience in large, complex organizations or government/public sector environments
  • Experience with third-party risk assessments, vendor management, or SaaS reviews
Apply
Similar Jobs
Loading data...