Associate Developer

About TRS

Since 1917, the Teachers’ Retirement System of the City of New York (TRS) has been securing better futures for NYC educators. With a pension fund valued at approximately $120 billion, TRS serves over 215,000 members, providing them with retirement, disability, and death benefit services.

Position Summary

The Software Developer will be responsible for securing a custom enterprise application built with Low Code Application Platform (LCAP) tools such as Mendix. This role involves a range of tasks with varying levels of complexity and responsibility, including architecture analysis, software development, and data analysis. Key duties will also include triaging cyber event alerts, conducting investigations, and maintaining documentation; developing and reviewing cybersecurity policies; auditing systems; and managing risk. The position requires supporting efforts to identify and address potential security risks, ensuring adherence to security standards, and responding to vulnerabilities in the application code.

Key Responsibilities

- Develop cyber security related processes to mitigate and prevent any security risks.
- Monitor security alerts and vulnerabilities across Mendix applications and integrated systems.
- Perform initial triage of alerts to determine potential security risks and escalate as necessary.
- Support incident response activities, including documentation and root cause analysis.
- Conduct vulnerability scans on Mendix applications and environments using tools like Sigrid QSM.
- Identify and assess security weaknesses and help prioritize remediation efforts.
- Serve as a subject matter expert on characterizing and analyzing vulnerabilities of the enterprise application, identified using tools like Sigrid QSM.
- Assist in the development of security recommendations and best practices.
- Assist in ensuring applications adhere to compliance standards applicable to the organization.
- Support user access reviews and privilege management to prevent unauthorized access.
- Monitor and enforce secure application and data access policies.
- Provide support for internal cybersecurity training initiatives, helping educate developers on secure practices.
- Collaborate with development and production support teams to promote secure coding and testing practices within Mendix.
- Document security processes, findings, and incidents.
- Prepare reports on cybersecurity metrics, incidents, and security control effectiveness.

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.