The Financial Information Services Agency and the Office of Payroll Administration (FISA-OPA) has a vacancy for an Application Framework and Security Architect, for the Financial Management System (FMS), an Enterprise Resource Planning (ERP) System for the City of New York. The FMS Application Framework and Security Architect will report to the Asst. Exec Director of Financial Technical Systems. The Architect position is a role in the Application Framework Standards and Security Services team that works closely with the Technical Systems IT and Vendor IT teams to assure that the application framework meets industry and business standards as well as integrate security throughout the software development lifecycle. The architect is responsible for assuring the design, implementation and operation of products and technologies adheres to applicable business, application framework and security standards and practices. The Architect will also be responsible for FMS application software security assurance by working with governance entities within the organization to assure continuous improvement and adherence to Policies, Standards, Requirements and Guidelines.
The primary role / tasks of the Application Framework and Security Architect include, but are not necessarily limited to, the following:
• Develop new components and enhancements to the financial management systems framework and the FMS suite of applications - adhering to FISA and New York City development standards
• Author technical designs that capture all functional and non-functional requirements and present them at a level of detail by which a developer could: write application code, construct reports or compile configuration bundles.
• Ensure that the FMS application software and solutions deliverables, as designed and developed by FISA and by FISA's vendors, meets the City's functional, nonfunctional (technical, performance, operability, maintainability) and security requirements by conducting reviews and formal evaluations of the vendor's solutions and development work for~, completeness, and adherence to industry standards for Web-based secure systems;
• Serve as an escalation point for the resolution of production application issues when application issues are encountered in the software during: 1) the online day by users and support staff and 2) in the evening during the execution of the batch cycle. The candidate will similarly support software test tracks in non-production
• Design and Execute technical tests as necessary to ensure that vendor and FISA software deliveries address the business, technical and security problems in a manner consistent with FISA standards for quality and completeness.
• Review and provide feedback on functional designs in terms of technical feasibility and impact on performance, operability, security and maintainability;
• Gather production operational and security requirements and incorporate the requirements into the code / scripts products authored by the FISA development team
and Vendors. Coordinate with the Financial Systems Production Operations Units to implement new software processes into the staging and production environments.
• Serve as a primary application security contact for the FMS project during the planning, analysis, and design phases of projects.
• Monitor ongoing projects to verify that security components are built and deployed as originally designed and align with FISA and industry standards.
• Improve the security position of FMS applications by planning, designing and integrating security based application improvements.
• Evaluating and resolving security issues and non-compliance situations at the application level and beyond.
• Working with appropriate teams to assure that the FMS application is integrated with FISA and industry security standards, protocols and requirements from the application (Java, JEE), application servers (WebSphere), messaging servers (WebSphereMQ), servers (mid-range, mainframe, virtual, appliance, etc.), OS (AIX, Linux etc.), network (firewalls, etc.), data store (LDAP, Oracle).
• Assure that the FMS application adheres to standards for authentication mechanisms, authorization procedures, auditing/logging, and user administration and access control.
Minimum Qual Requirements
1. A baccalaureate degree from an accredited college in computer science, information systems, engineering, mathematics or related field and six years of satisfactory full-time experience related to enterprise architecture, solutions architecture, network architecture and/or IT infrastructure systems; or
2. A baccalaureate degree from an accredited college and ten years of satisfactory full-time experience related to enterprise architecture, solutions architecture, network architecture and/or IT infrastructure systems; or
3. Education and/or experience which is equivalent to "1" or "2" above.
• Years of experience in developing large, multi-tiered applications as an application developer and security architect utilizing state of the art development architecture and tools.
• At least (2) full SDLC implementations of a multi-tiered application as an application and security architect with responsibility for application technical design and development.
• Hands on experience in developing secure Web and distributed architectures using Java/Unix based technologies.
• Solid hands-on experience in Java, Enterprise Java & Object Oriented concepts like JEE, JMS and EJBs.
• Extensive IT experience with n-tier, database and client server design/development.
• Experience with Web technologies including Servlets, JSP, and XML;
• Strong web and distributed systems design knowledge including JEE Design Patterns, Integration services with messaging servers and / or server components supporting web based JEE applications.
• Excellent skills in Oracle RDBMS. Should be proficient in SQL, able to author/analyze complex SQL for troubleshooting purposes.
• Hands-on proficiency in client side technologies like HTML, Java Script.
• Experience with integration technologies and good understanding of Relational Database Management Systems including architecting and designing for performance and scalability and working with Object to Relational Mapping schemes for distributed data access.
• Experience with best practices and methods of IT strategy, enterprise architecture and security architecture.
• Strong knowledge of software & web application security best practices.
• Working knowledge of application level vulnerabilities and penetration/vulnerability testing of applications.
• Deep knowledge and experience with the Java Security (java.security) package, Password Hashing, Digital Signatures, Secure Random, Signature Verification,
(Symmetric) Encryption and Decryption.
• Knowledge of Java Cryptographic extensions and encryption protocols such as SSL and TLS and the Java and 3rd Party based implementation libraries and extensions (javax.crypto, IBMJCEFIPS etc.) to support them in large scale JEE applications.
• Strong knowledge of IAM architectures, products and tools and practical experience with implementing and integrating Identity and Access management into applications.
• Strong understanding of integration w/LDAP server for authentication.
• Proficiency in using and navigating in UNIX, preferably AIX.
• Strong ability to write new and modify existing shell scripts (KORN shell preferred).
• Experience with SCCS tools (Rational ClearCase .
• Understanding of standard SDLC methodologies (at minimum a knowledge of Rational Unified Process or Waterfall).
• Basic understanding of accounting and budgeting functions or financial management packages.
• Strong analytical skills.
• Excellent English communication (oral and written), interpersonal, and organizational skills.
• Strong business acumen, professional style/presence.
• Experience with any of the following is a PLUS:
- Strong background in accounting and/or budgeting packages
- IBM Rational Application Developer IDE
- MQSeries, DB2, Oracle PL/SQL
- Rational Clearquest/Clearcase, BMC Remedy
- Exposure to third party auditing and risk assessment methodologies
- Knowledge of the latest security threats, techniques and exploits targeting vulnerabilities
- Expertise in static and dynamic security testing
- Exposure to IBM Tivoli Identity Manager, ITDI and WebSphere Portal.
External applicants please visit https://a127-jobs.nyc.gov/ to apply to Job ID #385747. Current NYC employees may apply via Employee Self Service (ESS). While all complete applications will be given consideration, only candidates selected for an interview will be contacted by FISA-OPA.