Job added in hotlist
Applied job
Contract job
Recruiter job
Employer job
Expanded search
Apply online not available
View more jobs in Philadelphia, PA
View more jobs in Pennsylvania

Job Details

Application Security Risk Analyst

Company name
Federal Reserve Bank of New York

Philadelphia, PA

Apply for this job


Application Security Risk Analyst

Sub Sector:

Traditional Asset Manager

Job Summary:

Works hands-on with development teams to develop, roll-out and provide oversight for a comprehensive Secure Software Development Life Cycle (SSDLC) program, including secure coding guidelines, static code analysis, and dynamic testing. Contributes both on an individual application basis as well as a member of the Information Security Assurance team to raise the application security posture across the organization, by developing an application security framework, including SSDLC development, standards and guidelines for application developers, helping the development teams identify application security vulnerabilities through a combination of security assessment techniques, and disseminate specialist application security knowledge to the development communities.

Principal Duties and Responsibilities:

Works with various IT leaders and application development areas to develop and implement SSDLC Program according to the organization's unique information security risk management, governance, risk, and compliance processes.

Works directly with the business and application development team representatives to imbed application security processes, tools and techniques within the various SSDLC processes used.

Provides oversight / governance of the SSDLC Program and communicates progress and issues to the ISO, Information Security Manager, and IT Leadership and Application Development teams.

Serves as a consultant to disseminate specialist application security knowledge to the development communities.

Researches and evaluates solutions and recommends the most efficient and cost effective solutions for ensuring that security is built-in to all phases of the SSDLC.

Leads demonstrations of application security tools to business and application development teams.

Develops/implements continuous integration (CI) framework processes.

Responsible for maintenance & support of technology integrations with the application security tools.

Responsible for the development and maintenance of Static Code Analysis Tools scanning policies, user provisioning and security strategy documents, and any other related documentation.

Engages Client and/or other third-party suppliers of application security software on system defects, support issues.

Researches and investigates new and emerging vulnerabilities, to include 0 Day events, and participate in external security communities.

Keeps apprised of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks; Identify vulnerabilities or weaknesses in systems.

Develops an externally-focused view of the evolving threats facing the organization.

Reports to management on IT system vulnerability and protection against malware and hackers.

Promotes awareness of applicable regulatory standards, upstream risks and industry best practices across the organization.

Assists in all internal and external audits.

Assists in development and implementation of policies, procedures, standards.

Examines systems and procedures to identify potential adverse events, including but not limited to hardware and software crashes, physical disasters, malicious intruders, malware, denial of service attacks and employee misconduct.

Evaluates security policy, processes and procedures for completeness.

Monitors and advise on information security issues related to the systems to ensure the security controls are appropriate and operating as intended; Ensure that controls are adequate to protect sensitive information systems.

Develops and maintain security operating procedures and associated documentation.

Identifies inefficiencies and make suggestions for process improvements.

Tracks open audit issues to closure and reporting on status completion and progress.

Reviews access controls processes to identify vulnerabilities and the appropriate solutions to eliminate or minimize their potential effects.

Fulfills job duties and responsibilities in conformance with sound safety practices.

Performs other related duties as assigned.

S ubordinates:


Scope Measurements:



Bachelor's Degree from a four-year college or university in Computer Science, Management Information Systems, Information Security, or equivalent work experience.

5 years working in Information Technology and/or Information Security.

5 years working in Application Security

Desired Certifications:


Knowledge & Skills:

Programming/Scripting experience in C , C#/.Net, Java, Javascript, Ruby, Perl, Python.

Ability to work efficiently, making sound decisions while meeting time sensitive deadlines.

Superior organizational and time management skills.

Self-motivated and able to prioritize tasks based on business requirements.

Excellent interpersonal communication and listening skills is essential.

Strong analytical and problem solving skills.

Creative thinking and troubleshooting.

Excellent communication (oral and written), interpersonal, organizational, and presentation and listening skills.

Strong deductive reasoning, critical thinking, problem solving, and prioritization skills.

Ability to work in a fast-paced, support team environment.

Ability to follow detailed process and procedure documentation.

Ability to present complex solutions and methods to general community.

Strong team player who collaborates well with others to solve problems.

Solid understanding of networking concepts.

Solid understanding of operating system security concepts.

Understanding of malware, emerging threats, attacks, and vulnerability management.

Other Requirements:

Applicants must be able to provide work authorization to prove their eligibility to work in the United States.

Employment Type:

Full Time


Americas, United States






Post Date:


Featured jobs

Manager, Technology Risk Advice

Sydney CBD

Multifamily Risk Distribution and Credit Underwriting Analyst


Manager, Compliance


Featured employers

Advertise with us

Popular Countries:


| United States

| Other

| Austria

| Czech Republic

| Hungary

| Malta

| Japan

| South Africa

| Australia

Popular States:

New York

| Connecticut

| District Of Columbia

| Georgia

| Iowa

| Maryland

| Pennsylvania

| View Other Popular States

Popular Risk Types:

Risk Jobs

| Risk Management Jobs

| Market Jobs

| Operational Jobs

| Energy Jobs

| Regulatory/Compliance Jobs

| Academic Jobs

Resumes by Job Titles:

Compliance Analyst

| Risk Analyst

| Quantitative Analyst

| Risk Manager

| Risk Management Consultant

| Risk Officer

| View Other Resumes


About us

Job search

Employer area

Contact us

Terms & conditions

Privacy policy

Risk Recruiter

Copyright © 2017 Global Risk Jobs | Powered by JobMount Job Board Software

| Job Wrapping

Company info

Federal Reserve Bank of New York
Website :

Company Profile

Similar Jobs:
Quality Assurance Specialist
location Bristol, PA
Open & closing dates Opening and closing dates 03/16/2018 to 03/29/2018 Salary $66,110 to $85,946 per year Pay scale & grade GS 11 Work schedule Full-Time Appointment type Permanent Location 1 vacancy in the following location: Br...
Application Developer
location Philadelphia, PA
Day JobJob SensitivityTier II - No Credit Check The Supervision, Regulation and Credit (SRC) department of the Federal Reserve Bank of Philadelphia promotes a safe and sound, competitive banking system; provides collaborative over...
Application Developer
location Philadelphia, PA
Full-time \/ Part-time Full-time Employee Status Regular Overtime Status Exempt Job Type Experienced Travel Yes, 5 % of the Time Shift Day JobJob SensitivityTier II - No Credit Check The Supervision, Regulati...
By using Employment Crossing, I was able to find a job that I was qualified for and a place that I wanted to work at.
Madison Currin - Greenville, NC
  • All we do is research jobs.
  • Our team of researchers, programmers, and analysts find you jobs from over 1,000 career pages and other sources
  • Our members get more interviews and jobs than people who use "public job boards"
Shoot for the moon. Even if you miss it, you will land among the stars.
GovernmentCrossing - #1 Job Aggregation and Private Job-Opening Research Service — The Most Quality Jobs Anywhere
GovernmentCrossing is the first job consolidation service in the employment industry to seek to include every job that exists in the world.
Copyright © 2018 GovernmentCrossing - All rights reserved. 21