Cybersecurity Project Manager – Application Security

Job Title: MWBE Cyber Command Software Security Assurance Project Manager
Location: Remote (Monday–Friday, 9:00 a.m. – 5:00 p.m.)
Employment Type: Contract (W2 Only – No C2C, No Sponsorships)
Project Duration: December 1, 2025 – November 28, 2027
Hours: Full-time, 35 hours/week (excluding mandatory unpaid meal break)

Job Description:

The New York City Office of Technology and Innovation (OTI) Cyber Command is seeking a highly skilled Software Security Assurance Project Manager to lead and enhance the City’s Software Security Assurance Program (SSAP). This role is responsible for integrating secure-by-design principles into the software development lifecycle across NYC agencies, ensuring that critical applications are protected against cyber threats and vulnerabilities.

This position plays a pivotal role in improving the City’s application security posture, fostering secure coding practices, and guiding cross-functional teams to align with industry-leading standards.

Key Responsibilities:

• Perform application security services including risk assessments, architecture reviews, and code reviews for internal and third-party applications.
• Coordinate with developers, engineering teams, and third-party vendors to ensure secure software design, development, and integration.
• Provide consultative guidance on secure software architecture throughout the project lifecycle.
• Review threat models, validate security controls, and ensure compliance with security policies and frameworks.
• Analyze and interpret security testing reports and vulnerability findings; assist in developing remediation strategies.
• Contribute to enhancements in AppSec processes, workflows, and governance documentation.
• Promote secure software development lifecycle (SDLC) practices across city agencies.
• Track and report security metrics, issue status, and overall application risk trends.
• Support management of tools, resources, and testing schedules to strengthen software assurance operations.

Required Qualifications:

• 8+ years of experience in application security, secure software development, or security consulting.
• Strong background conducting security reviews (code, design, threat modeling, architecture) for modern web, mobile, or cloud-native applications.
• Deep understanding of secure coding practices, OWASP Top 10, and security standards.
• Ability to communicate technical risks and recommendations to both technical and non-technical audiences.
• Experience with code analysis, vulnerability scanning, and security testing tools.
• Proven success working cross-functionally with developers, engineers, and product teams.

Preferred Qualifications:

• Experience with DevOps/CI-CD environments and secure pipeline integration.
• Knowledge of container security, API security, and cloud-native architectures (AWS, Azure, GCP).
• Experience developing or supporting security governance, risk tolerance, or policy frameworks.
• Background in third-party risk management, vendor security assessments, or SaaS reviews.
• Prior work in large-scale government or public sector environments is highly desirable.

Application Process:

To apply, please email the following to hr@paramint.digital:
✔ Resume highlighting relevant experience in application and software security
✔ Two professional references (name, title, email, phone)
✔ Confirmation of remote availability and W2 contract eligibility

Job Types: Full-time, Contract

Pay: $65.00 - $75.00 per hour

Expected hours: 35 per week

Work Location: Remote