Know ATS Score
CV/Résumé Score
  • Expertini Resume Scoring: Our Semantic Matching Algorithm evaluates your CV/Résumé before you apply for this job role: Cybersecurity Officer Application Security.
United States Jobs Expertini

Urgent! Cybersecurity Officer- Application Security Job Opening In New York – Now Hiring MTA

Cybersecurity Officer Application Security



Job description

Cybersecurity Officer- Application Security












Job ID: 12376

Business Unit: MTA Headquarters

Location: New York, NY, United States



Regular/Temporary: Regular

Department: IT CISO

Date Posted: Aug 6, 2025




Description



JOB TITLE: Cybersecurity Officer- Application Security
SALARY RANGE: $148,784.00 - $196,730.00
HAY POINTS: 805
DEPT/DIV: Information Technology / Cybersecurity
SUPERVISOR: Cybersecurity Director, Infrastructure and Application Security
LOCATION: Various/ 2 Broadway, New York, NY 10004
HOURS OF WORK: 9:00 am - 5:30 pm (7.5 hours or as required)



This position is eligible for telework, which is currently two days per week.

New hires are eligible to apply 30 days after their effective date of hire.





The Metropolitan Transportation Authority is North America's largest transportation network, serving a population of 15.3 million people across a 5,000-square-mile travel area surrounding New York City, Long Island, southeastern New York State, and Connecticut.

The MTA network comprises the nation’s largest bus fleet and more subway and commuter rail cars than all other U.S. transit systems combined.

MTA strives to provide a safe and reliable commute, excellent customer service, and rewarding opportunities.





Summary of Job

The purpose of this position is to provide technical leadership and management of MTA’s cybersecurity program in one or more technical domains.





This role deals with both internal and external threats to the MTA systems, which can affect the safety of employees and customers, system integrity, and operational availability.





As part of managing the program, the Cybersecurity Officer will need expertise in managing a complex program with highly skilled staff, contracts, and processes associated with risk management that are essential to maintaining electronic and physical safety for MTA’s business in all areas that utilize technology (Corporate, Customer Facing and Informational, Fare Payment/PCI, Operational Technologies, 3rd Party Managed, Vendors, etc.).





Responsibilities:

The Cybersecurity Officer will be responsible for managing and developing staff, technology, and processes to reduce risk with the evolving cyber threat landscape and changing technology portfolio.





This position works across multiple technology and cybersecurity domains to ensure cybersecurity is looked at holistically from user, data and component, and systems perspectives.





The position also considers all risk assessments, data-driven analytics, and actively seeks to develop and maintain standards, reference architectures, and reduce the risk of the MTA through emerging technologies and trends in the industry.





The position is expected to have a level of expertise in one or more domains of technology and effective management.

There is a long list of these specialized domains in the cybersecurity field, and this list is growing and ever-changing as the field evolves and as risks and circumstances change.





The Application Development Security Manager role is designed to oversee and enhance the security of our software applications from conception through deployment.

This position is crucial for ensuring our applications are resilient against cyber threats, comply with industry and regulatory standards, and support our business objectives by mitigating risk, reducing downtime, and safeguarding our reputation.

While Cyber threats are increasingly sophisticated and pervasive, securing our application development process is critical.

Data breaches, security vulnerabilities, and compliance failures can lead to significant financial losses, legal ramifications, and damage to our brand's trust and integrity.

MTA’s ability to innovate and deliver is also at stake if we cannot assure the security and reliability of our applications.

MTA utilizes in-house and outsourced development teams to create applications/products that deliver business value.

As a result, the teams require a dedicated program to ensure the products developed are coded securely and consistently.

These products enhance internal corporate and operational capability and provide external customers with the capability to leverage MTA’s various services.

This role will ensure the continuous maturity and implementation of the strategies developed for the application security program.

Specific expertise and skillset in the domain of Application Security are required to improve MTA Cybersecurity delivery in the domains of application code development, rapid application coding, DevSecOps, and accommodate the strategic change the Agile Product Management team is currently implementing.

This program will provide scale for the 100s of MTA applications managed by MTA IT and/or MTA Business that need constant oversight to enhance the MTA security posture while improving overall availability of the applications.





The candidate we are seeking needs to have up-to-date application security skills in securing data and applications, and a broad expertise and knowledge in various technologies and design principles, such as Zero-trust architecture, Low-Code application platforms, and the ability to mature and develop processes and governance.

The candidate will lead both in-house and vendor resources that provide development support and be responsible for managing the overall program related to developer security coaching, secure libraries and coding techniques, validation, and prioritization of application vulnerabilities, and improving overall developer/management skills in secure coding strategy, tools, and vendors.



Critical Skills :

+ Cybersecurity Expertise: A deep understanding of cybersecurity principles, best practices, and the latest threats is essential.

This includes knowledge of various attack vectors, security frameworks, and security controls.



+ Application Security Knowledge: Proficiency in understanding common vulnerabilities and weaknesses in software applications, such as OWASP Top Ten, and how to mitigate them is crucial.



+ Coding and Development Skills: Familiarity with various programming languages and development frameworks to identify and remediate security flaws in the codebase.



+ Security Architecture: The ability to design and implement secure software architectures, including threat modeling and risk assessment.



+ Secure Development Lifecycle (SDLC): Knowledge of integrating security practices into the SDLC, including requirements gathering, threat modeling, design, development, testing, and deployment.



+ Ability to perform manual code reviews, open-source software evaluations, tests, and other duties as needed.



+ Security Testing Tools: Proficiency in using security testing tools and techniques such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST).



+ Ability to track, resolve security events and incidents, and conduct security assessments using enterprise AppSec tools or risk mitigation methodologies to evaluate vulnerabilities.



+ Incident Response: A solid understanding of the incident response process to manage and mitigate security incidents effectively.



+ Security Policies and Procedures: Ability to create and enforce security policies and procedures within the development team and organization as a whole.



+ Knowledge of application security architecture, Zero-trust architecture, and application security governance.



+ Expertise with the selection, configuration, integration, and management of application security testing tools.



+ Understanding DevOps tools.




Responsibilities

Leadership

+ Provide leadership to a strong talent pool of technical professionals

+ Lead a team of multi-functional technical staff planning, building, and maintaining cybersecurity tools, configurations, and risk mitigation to support Information and Operational Technology applications and/or infrastructure products

+ Lead others, as appropriate, and when necessary, that will consist of one or more agile coaches, data analytics researchers, and other cybersecurity personnel

+ Provide leadership in the development of inter-team communication and cohesiveness; sustain culture and support assigned staff during organizational growth/changes.



+ Provide direction on evaluation, selection, implementation, and maintenance of cybersecurity tools, processes, and techniques for their assigned cyber domains and products, ensuring appropriate investment in strategic and operational systems.



+ Leads teams to complete projects when a project manager has not been assigned.



+ Attained significant achievements managing technical teams, contractors, and vendors.



Human Resource Management

+ Attract, develop, coach, and retain high-performance team members, empowering them to elevate their level of responsibility, span of control, and performance in conjunction with the Cybersecurity Management and IT Workforce Planning & Workload Management office.



+ Build staff expertise and competence to meet evolving demands within the Enterprise Product Management unit.



Financial Management

+ Demonstrate consistent understanding of funding, communications, and systems; recommend timelines and resources needed to achieve the program goals.



+ Collaborates with IT Business Management Services to identify procurement contracts to support program related activities.



Strategy & Planning

+ Assesses and makes recommendations on the improvement and re-engineering within the IT Department and works with the stakeholders to keep the total cost of ownership down.



+ Promote the use of employee self-service and mobile connectivity within products to reduce the reliance on paper.



+ Recommends and supports automation of business process creating in-line forms and approvals, reducing the reliance on manual approvals that could be untimely.



+ Uses judgment to form conclusions that may challenge conventional wisdom

Acquisition & Deployment

+ Coordinates and facilitates consultation with stakeholders to define business and systems requirements for new technology implementations, developing business cases and cost justifications for such initiatives.



+ Provides direction on evaluation, selection, implementation, and maintenance of information systems, ensuring appropriate investment in strategic and operational systems.



+ Advises MTA IT management, as information becomes available, on the changing trends and emerging technology and their potential use within the MTA.



+ Directs the development of the analysis required to determine if Information Technology projects should follow a “Build” (develop with in-house staff) or “Buy” (cloud or packaged solution) methodology.



+ Manages the development and implementation of new modules within assigned products.



+ Advises on the selection, prioritization, development, and implementation of products as they relate to the selection, acquisition, development, and installation of MTA IT and OT Security, applications, and infrastructure.



Management and Oversight

+ Participates in overall business planning, bringing current knowledge and future vision of technology and systems as related to the company’s goals.



+ Responsible for leading and reporting on various product progress and deliverables, ensuring that the IT/OT needs of the MTA are met on time and within budget, including identifying weekly, monthly, and annual performance targets to show progress on IT product work and OT objectives.



+ Ensure continuous delivery of product services through oversight of service level agreements with end users and monitoring of product performance.



+ Responsible for the recruitment, development, motivation, training, and retention of a diverse and high performing multi-level IT/OT team of professionals, conforming to budgetary objectives and Human Resources policy and programs in conjunction with the IT Workforce Planning & Workload Management office.



+ Develop business case justifications and cost/benefit analyses for IT spending and initiatives, keeping customizations to a minimum and total cost of ownership down.



Cybersecurity Officer-Specific Accountabilities

Planning

+ Manage and plan the future technical architecture, providing insight into the future of their area of technology to continually improve effectiveness and efficiency.



+ Manage and plan the development of roadmaps related to their area(s) of expertise to manage and meet identified technology needs.



+ Manage and plan the evaluation of new technologies relative to their domain(s) to determine applicability to and best meet the needs of MTA and constituent agencies.



+ Manage and ensure disaster recovery and contingency plans for their domain(s) to provide users with minimal interruptions in service.



Architecture

+ Oversees architectural direction for domains under management to meet senior management and cybersecurity goals.



+ Understand, review, and approve Cybersecurity Reference Architectures and Solutions for applying them.



+ Revalidates systems to the most recent reference architectures to determine gaps, develops and manages programs to align systems to the newest standards and reference architectures

Contracts/Vendor Management

+ Contribute and own technical elements of RFPs and RFIs, and negotiate with vendors on technical issues to ensure results are delivered in line with user and organization requirements.



+ Manages contracts and expenses to ensure SLAs and contract renewals are processed timely manner

+ manner

+ Provide contract management support to ensure vendor deliverables are met

+ Manage and lead major projects and assign service providers with technical expertise to address mission-critical issues, evaluate ongoing vendor service levels, and enforce SLAs and penalties.



Documentation

+ Ensure detailed and updated documentation is in place for cybersecurity systems and user processes.



+ Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.





Guidance, Communications, and Training Support

+ Provides timely and relevant updates to appropriate stakeholders and decision makers

+ Communicates investigation findings to relevant business units to help improve the information security posture

+ Provides technical guidance to project managers and senior leadership on cybersecurity and technology strategies

+ Ensure quality and review, and guidance on tests of new systems and manage cybersecurity risks, and remediation system testing, baseline, and best practices

+ Provide escalation support to project teams in their area of expertise to promote technical understanding and talent development

+ Provide guidance and take input from Analysts, Engineers, Architects, and Technology Subject Matter Experts on cybersecurity and technology best practices, current threat landscape, and a risk management approach for optimal alignment

+ Provides sound cybersecurity recommendations

Operations

+ Provide leadership and advisement when necessary during incident response, and provide continuous improvement updates to the threat model for risks to the business and systems

+ Ensure specific monitoring points are continually updated to assess the performance of technologies in their domain(s).

Identify and manage the necessary actions to ensure optimal performance and reliability.



Research & Analysis

+ Validates and maintains incident response plans and processes to address potential threats

+ Compiles and analyzes data for management reporting and metrics

+ Research emerging technologies and process improvements to stay current and plan for the evolving threat landscape to ensure strategy meetings current threats

+ Monitors relevant information sources to stay up to date on current attacks and trends

+ Ensure cybersecurity technology solutions meet strategy, meet security framework objectives, and business objectives.



+ Hypothesizes new threats and indicators of compromise.



+ Performs other duties and tasks as assigned.



+ Observing the work performed by the contractor.



+ Reviewing invoices and approving them if the work meets contractual standards.



+ Addressing performance issues with the contractor when possible.



+ Escalating issues to other parties as needed.



+ Oversee rigorous quality assurance processes to deliver reliability, performance, and safety objectives

+ Oversees staff workload and quality of work, addressing performance issues when needed.



Qualifications:


Experience

+ Bachelor’s degree required, preferably in Computer Science or related fields.

An equivalent combination of education and experience may be considered in lieu of a degree.

A minimum of 5 plus years of relevant experience.

Leadership ability​

+ CISSP, CISM, or other advanced security-related certification preferred

+ Certifications in technology subdomains preferred (i.e., Cloud, Applications, Infrastructure, Security Technology, etc.).



+ Requires prior experience with installing, maintaining, and troubleshooting technology systems.



+ Experience in Project Management Principles (Waterfall and Agile) preferred.



Competencies

+ Must possess a deep understanding of technology and cybersecurity domain principles.



+ Proven ability to manage projects and initiatives.



+ Proven ability to manage people.



+ Proven ability to add value to a team.



+ Understanding of Operating Systems, Cloud, Mobile, and Applications.



+ Understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7).



+ Some Scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.



+ Knowledge of programming languages, frameworks, databases, and software engineering is a must.



+ Proficient in Productivity Tools (i.e., Office 365, Gsuite).



+ Experience with Spreadsheets and Data Analysis.



+ Successful track record in design of software systems to meet the current and future needs of a complex organization, OR successful track record in design and implementation of IT Infrastructure and related hardware and software technologies to meet the current and future needs of a complex transportation organization.



+ Strong Verbal/written communication skills.



+ Financial/budgeting planning and management experience is a plus.



+ Ability to fit in with the constantly shifting needs and demands of the business Department.






Core Competency

Proficiency Level

Competency Definition


Collaborates

Expert

Building partnerships and working collaboratively with others to meet shared objectives


Cultivates Innovation

Expert

Creating new and better ways for the organization to be successful


Customer Focus

Expert

Building strong customer relationships and delivering customer-centric solutions


Communicates Effectively

Expert

Developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences


Tech Savvy

N/A

Anticipating and adopting innovations in business-building digital

and technology applications


Technical Skills

N/A

Specialized knowledge and expertise on tools, programs, domains, platforms, and products used for specific tasks


Values Diversity

Expert

Recognizing the value that different perspectives and cultures bring to an organization




GENERAL:



+ May need to work outside of normal work hours (i.e., evenings and weekends)

+ Travel may be required to other MTA locations or other external sites



Pursuant to the New York State Public Officers Law & the MTA Code of Ethics, all employees who hold a policymaking position must file an Annual Statement of Financial Disclosure (FDS) with the NYS Commission on Ethics and Lobbying in Government (the “Commission”).

MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.



The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.









Required Skill Profession

Other General



Your Complete Job Search Toolkit

✨ Smart • Intelligent • Private • Secure

Start Using Our Tools

Join thousands of professionals who've advanced their careers with our platform

Rate or Report This Job
If you feel this job is inaccurate or spam kindly report to us using below form.
Please Note: This is NOT a job application form.


    Unlock Your Cybersecurity Officer Potential: Insight & Career Growth Guide


  • Real-time Cybersecurity Officer Jobs Trends in New York, United States (Graphical Representation)

    Explore profound insights with Expertini's real-time, in-depth analysis, showcased through the graph below. This graph displays the job market trends for Cybersecurity Officer in New York, United States using a bar chart to represent the number of jobs available and a trend line to illustrate the trend over time. Specifically, the graph shows 23053 jobs in United States and 796 jobs in New York. This comprehensive analysis highlights market share and opportunities for professionals in Cybersecurity Officer roles. These dynamic trends provide a better understanding of the job market landscape in these regions.

  • Are You Looking for Cybersecurity Officer Application Security Job?

    Great news! is currently hiring and seeking a Cybersecurity Officer Application Security to join their team. Feel free to download the job details.

    Wait no longer! Are you also interested in exploring similar jobs? Search now: .

  • The Work Culture

    An organization's rules and standards set how people should be treated in the office and how different situations should be handled. The work culture at MTA adheres to the cultural norms as outlined by Expertini.

    The fundamental ethical values are:
    • 1. Independence
    • 2. Loyalty
    • 3. Impartiality
    • 4. Integrity
    • 5. Accountability
    • 6. Respect for human rights
    • 7. Obeying United States laws and regulations
  • What Is the Average Salary Range for Cybersecurity Officer Application Security Positions?

    The average salary range for a varies, but the pay scale is rated "Standard" in New York. Salary levels may vary depending on your industry, experience, and skills. It's essential to research and negotiate effectively. We advise reading the full job specification before proceeding with the application to understand the salary package.

  • What Are the Key Qualifications for Cybersecurity Officer Application Security?

    Key qualifications for Cybersecurity Officer Application Security typically include Other General and a list of qualifications and expertise as mentioned in the job specification. Be sure to check the specific job listing for detailed requirements and qualifications.

  • How Can I Improve My Chances of Getting Hired for Cybersecurity Officer Application Security?

    To improve your chances of getting hired for Cybersecurity Officer Application Security, consider enhancing your skills. Check your CV/Résumé Score with our free Tool. We have an in-built Resume Scoring tool that gives you the matching score for each job based on your CV/Résumé once it is uploaded. This can help you align your CV/Résumé according to the job requirements and enhance your skills if needed.

  • Interview Tips for Cybersecurity Officer Application Security Job Success
    MTA interview tips for Cybersecurity Officer  Application Security

    Here are some tips to help you prepare for and ace your job interview:

    Before the Interview:
    • Research: Learn about the MTA's mission, values, products, and the specific job requirements and get further information about
    • Other Openings
    • Practice: Prepare answers to common interview questions and rehearse using the STAR method (Situation, Task, Action, Result) to showcase your skills and experiences.
    • Dress Professionally: Choose attire appropriate for the company culture.
    • Prepare Questions: Show your interest by having thoughtful questions for the interviewer.
    • Plan Your Commute: Allow ample time to arrive on time and avoid feeling rushed.
    During the Interview:
    • Be Punctual: Arrive on time to demonstrate professionalism and respect.
    • Make a Great First Impression: Greet the interviewer with a handshake, smile, and eye contact.
    • Confidence and Enthusiasm: Project a positive attitude and show your genuine interest in the opportunity.
    • Answer Thoughtfully: Listen carefully, take a moment to formulate clear and concise responses. Highlight relevant skills and experiences using the STAR method.
    • Ask Prepared Questions: Demonstrate curiosity and engagement with the role and company.
    • Follow Up: Send a thank-you email to the interviewer within 24 hours.
    Additional Tips:
    • Be Yourself: Let your personality shine through while maintaining professionalism.
    • Be Honest: Don't exaggerate your skills or experience.
    • Be Positive: Focus on your strengths and accomplishments.
    • Body Language: Maintain good posture, avoid fidgeting, and make eye contact.
    • Turn Off Phone: Avoid distractions during the interview.
    Final Thought:

    To prepare for your Cybersecurity Officer Application Security interview at MTA, research the company, understand the job requirements, and practice common interview questions.

    Highlight your leadership skills, achievements, and strategic thinking abilities. Be prepared to discuss your experience with HR, including your approach to meeting targets as a team player. Additionally, review the MTA's products or services and be prepared to discuss how you can contribute to their success.

    By following these tips, you can increase your chances of making a positive impression and landing the job!

  • How to Set Up Job Alerts for Cybersecurity Officer Application Security Positions

    Setting up job alerts for Cybersecurity Officer Application Security is easy with United States Jobs Expertini. Simply visit our job alerts page here, enter your preferred job title and location, and choose how often you want to receive notifications. You'll get the latest job openings sent directly to your email for FREE!