Principal Consultant - Security
: Job Details :

About Us:

NYSTEC is a nonprofit technology consulting company, advising agencies, organizations, institutions, and businesses since 1996. We're independent and vendor-neutral, so we have our clients' best interests at heart. At NYSTEC, we know that we succeed when individuals and teams flourish personally and professionally, so our benefits and perks support that mindset.

About the Role:

As a principal security consultant in the Cybersecurity and Data Privacy Practice Area, you will collaborate with team members to conceptualize, deliver, and support our clients through today's ever-changing cybersecurity landscape. NYSTEC is considered a trusted advisor, partner of choice, and employer of choice. We believe that every interaction is an opportunity to deliver exceptional service that empowers client success.

Serving as a principal security consultant, your day-to-day role will include assisting the NYSTEC client with the assessment and enhancement of their application security program.

This role will be performed onsite in NYC.

Key Responsibilities

• Establish application security policies and a secure software development life cycle (SDLC) process.
• Educate the client's staff regarding secure coding practices.
• Lead Cloud security initiatives.
• Configure and monitor web application firewalls (WAFs) and load balancers.
• Perform dynamic application security testing (DAST), static application security testing (SAST), and software composition analysis (SCA) scans for all application types, including web, mobile, and operating system (OS) specific builds.
• Design and implement security test plans to improve the security posture of applications.
• Assist various internal teams in reproducing, triaging, and fixing application security vulnerabilities.
• Monitor and design application programming interface (API) security controls.
• Work with tools like Zimperium, Burp Suite, Veracode, Prisma, etc.
• Help integrate security tools, standards, and processes into the software development continuous integration and continuous deployment (CI/CD) pipeline.
• Help improve the client's security posture, especially internet facing systems.
• Organize project work into client presentations outlining findings and recommendations.
• Participate in internal, public (conferences), and client-facing meetings.
• Prepare reports and presentations.
• Assume full responsibility and accountability, when necessary, for executing projects or programs, including defining project roles and responsibilities, conducting project planning and tracking activities, and communicating project status internally and to client project managers.
• Proactively share information that will make colleagues and clients more successful.
• Provide feedback to management on team member performance.
• Mentor and lead colleagues.
• Champion the NYSTEC behaviors.

About you:Required Qualifications

• Experience in secure application development with Java, Python, .Net, and scripting languages.
• Experience in development, security, and operations (DevSecOps); secure configurations and benchmarking; automation; software testing; vulnerability management; malware defenses; networks; reverse engineering; and log analysis.
• Expertise in defining secure configurations for Windows and Linux/Android operating systems.
• Hands on experience with the open web application security project (OWASP) Top 10.
• Experience with the OWASP API Security Top 10.
• Excellent understanding of mobile and web application architecture.
• Seasoned professional who is fully qualified on all aspects of cybersecurity.
• Extensive knowledge of current security standards, practices, procedures, and methods.
• Experience applying national institute of standards and technology (NIST) 800-53 and 800-171 security controls to hardware and software products.
• In-depth knowledge of DAST, SAST, and SCA tools.
• Working knowledge of Oracle Cloud, Rapid 7, GitHub, or Jenkins.
• Working knowledge of Veracode, Burp Suite Professional, Burp Suite Enterprise, and Zimperium Mobile Threat Defense (MTD).
• Prior software development experience.
• Strong analytical skills, excellent problem solver, and self-starter.

Preferred/Desired Qualifications

• Experience with Cloud-native architecture, microservices architecture, containerization, Cloud and software as a service (SaaS) platforms, and Microsoft (MS) Azure.
• Knowledge of Core Java, Java 2 Platform, Enterprise Edition (J2EE), Tomcat, Spring Boot, representational state transfer (REST) services, JavaScript Object Notation (JSON), and Web services.
• Knowledge of Hypertext Markup Language 5 (HTML5), cascading style sheets (CSS), JavaScript, AngularJS, .Net, and Drupal.
• Knowledge of Prisma.
• Knowledge of health insurance portability and accountability act (HIPAA) regulations.
• Knowledge of ArcGIS or other online geographic information system services.
• Familiarity with computer-aided dispatch (CAD) systems.
• Experience working in an emergency medical service environment.

Education and Experience

* A bachelor's degree in cybersecurity or a related field of study and eight or more years of experience. An equivalent combination of advanced education, training, and experience will be considered.

It is NYSTEC's policy to provide equal employment opportunity (EEO) to all individuals, regardless of actual or perceived race, color, creed, religion, sex, or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), age, national origin, ancestry, citizenship status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, military service and veteran status, sexual orientation, marital status, or any other characteristic protected by local, state, or federal laws and ordinances. NYSTEC is strongly committed to this policy and believes in the concept and spirit of the law.

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact ...@nystec.com if you require a reasonable accommodation to apply for or to perform this job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

Applicants must be authorized to work in the United States without the need for visa sponsorship now or in the future.

Learn more about NYSTEC by visiting www.nystec.com.