Maintain security solutions including proper operation, patch upgrades and vendor management- Provides engineering oversight and direction for specific security technology- Review existing toolsets, identify operational gaps, and recommends security enhancements- Assist in achieving security architecture compliance on requirements based on recommended industry standards- Serves as information security subject matter expert on security solutions; provide advisory and consulting services as needed- Ensures integration of application development with information security policies- Identifies, evaluates, conducts, schedules and leads individual technical analyses functions to ensure all applicable IS security requirements are met- Monitors infrastructure design so that security toolsets are operating effectively- Provides technical lead on individual security projects across multiple technologies including infrastructure, secure electronic data transfer, network security, platform security and application security- Provides expert opinion on business solutions and software prior to purchase- Initiates creation and maintenance the agency’s security design- Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits and enhancements- Experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices and threat modelling- Investigate opportunities to update security system capabilities to sustain and enhance network and system security integrity-Certification in highly technical information security disciplines such as: CISM, CISSP, CCSP, CCNP, CCDE, CCIE Security, and GIAC
Minimum Qual Requirements
Professional/vendor certification(s) in local area network administration that is required for the position to be filled. In addition, all candidates must have the following:
1. A baccalaureate degree from an accredited college, and two years of satisfactory full-time (not classroom based) experience in local area network and/or wide area network planning, design, configuration, installation, implementation, troubleshooting, integration, performance monitoring, maintenance, enhancement, and security management; or
2. A four-year high school diploma or its educational equivalent and six years of satisfactory full-time (not classroom based) information technology experience of which at least 2 years must have been as described in “1” or
3. A satisfactory equivalent of education and/or experience equivalent to “1” or “2” above. Education may be substituted for experience on the basis that 30 undergraduate semester credits from an accredited college is equivalent to 6 months of experience. A master’s degree in computer science or a related field from an accredited college may be substitute for one year of experience. However, all candidates must have at least one year of satisfactory (not classroom based) full-time information technology experience as described in “1” above.
Note: In addition to meeting the minimum Qualification Requirements: Incumbents may be required to update existing and/or obtain additional professional industry-standard certification(s) for current and future technical environments(s) in which they may be assigned to work, as determined by the employing agency.
In-depth IT security principles and technology including access/control, authorization, Identification and authentication, public key infrastructure, network, and end point protection- Demonstrated experience applying security risk assessment methodology in support of system development, application development, vulnerability assessments, and resulting security risk analysis- Demonstrated proven track record of communicating and working proactively and professionally with internal and external auditors and other groups responsible for ensuring that the company is properly protecting the interests of its customers, shareholders, and employees- Familiarity with application security practices such as secure coding and secure development lifecycle management- Understanding of network protocols, data flow analysis, and network design and troubleshooting.Business needs with the ability to establish and maintain a high-level of customer trust and confidence in the security team- Project management skills- Application systems, network architecture, multiple platforms and new technologies from a security perspective to include, but not limited to, Firewalls; Intrusion Detection/Protection Systems; Operating Systems (Linux, Windows); Networking (switches, routers, protocols, etc.); Network Services and Security Vulnerabilities; Network Architecture; Remote Access; Multi-factor Authentication; Platform Security (Application, Database, OS); Antivirus; Federated Identity Management; Cryptography; Active Directory; and high-level programming languages- System and network exploitation, attack pathologies and intrusion techniques (such as denial of service, sync attacks, malicious code, password cracking, etc)Engineering, securing, implementing, and managing security solutions,etc
Applicants must file for and take the upcoming Certified IT Administrator exam. The filing period is tentatively scheduled for 5/4/16 – 5/24/16.
All resumes are to be submitted electronically.
Current City Employees:
Please log into Employee Self Service (ESS) at https://hrb.nycaps.nycnet, follow the Careers link and search for Job ID number 236930.
All other applicants:
Please go to www.nyc.gov/careers/search and search for Job ID Number 236930.
If you do not have access to a personal computer:
Please visit your local public library. Most public libraries have computers available for use.
No phone calls, faxes or personal inquiries permitted.
Only those applicants under consideration will be contacted.
For more information about DOT, visit us at: www.nyc.gov/dot.
55 Water St Ny Ny
New York City Residency is not required for this position