Job Details

Job Description
Justification : Cyber Command is in urgent need for software security assurance project managers. These resources will be essential to protect sensitive data, ensure essential service continuity, and maintain public trust by proactively mitigating cyber threats and vulnerabilities in the City's digital infrastructure. Work Location: Select one and provide required details: On Site
Work Location: Hybrid: Work location & Remote ( X days in office/ X days remote) X Remote: Monday through Friday; 9 am to 5 pm
Scheduled Work Hours: Normal business hours Monday-Friday 35 hours/week (not including mandatory unpaid meal break after 6 hours of work). Projected Assignment Start Date: December 1, 2025 Projected Assignment End Date: November 28, 2027 Note: Normal Business Hours, Monday through Friday (not including a mandatory unpaid meal break after 6 hours of work), 35 work hours per week. If the consultant works more than 35 hours per week, the consultant must request overtime in the Agency's timekeeping system and the project manager must approve those hours worked above the weekly maximum.
SCOPE OF SERVICES
Our client seeks a Software Security Assurance Project Manager to support the adoption of secure-by-design practices into NYC agencies' software development lifecycle through our Software Security Assurance Program (SSAP).

TASKS:

• Perform application security services including risk assessments, architecture reviews, and code review for internal and third-party applications
• Coordinate with developers, project teams, and third-party vendors to assess and guide secure software development and integration
• Provide consultative guidance during design, development, and deployment phase of new solutions
• Review threat models, validate security controls, and ensure alignment with security policies
• Review and interpret security testing reports and vulnerability findings, and assist with risk remediation strategies
• Contribute improvements in existing AppSec process, workflows, and documentation
• Participate in defining and expanding secure software development lifecycle practices across the organization
• Support the development and refinement of policy and governance documents related to software security
• Track and report on security metrics, status of findings, and overall risk trends
• Support management of tools, resources, and schedules for security testing

• At least 8 years of hands-on experience in application security, secure software development, or security consulting
• Experience conducting security reviews (code, design threat modeling, architecture) for modern applications (web, mobile, cloud-native)
• Strong knowledge of secure development practices, OWASP Top 10, and relevant standards
• Ability to communicate technical risks and recommendations clearly to technical and non-technical audiences
• Familiarity with tools used in code analysis, vulnerability scanning, and security testing
• Experience working cross-functionally with developers, engineers, and product teams

• Experience working within or alongside DevOps/CI-CD environments
• Familiarity with container security, API security, and cloud-native application architectures (AWS, Azure, GCP)
• Experience supporting security governance or policy development
• Experience with risk exception processes or helping define security risk tolerances
• Experience in large, complex organizations or government/public sector environments
• Experience with third-party risk assessments, vendor management, or SaaS reviews