DEPT OF INFO TECH & TELECOMM
About New York City Cyber Command New York City Cyber Command (NYC3) is committed to protecting City systems that provide vital services to New Yorkers from cyber threats, and helping residents become safer in their digital lives. As the organization defending the largest municipality in the country, NYC3 is charged with directing citywide incident response, setting citywide cybersecurity policies and standards and working with city agencies to strengthen their cyber defenses. Job Description – Lead and further develop the application security and vulnerability management teams; – Lead and/or support penetration testing on enterprise network assets; – Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing of web applications and operating systems; – Lead the technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications); – Make recommendations regarding the selection of security controls to mitigate risk (e.g., protection of information, systems and processes); – Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions; – Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.
Minimum Qual Requirements:
A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or, Education and/or experience which is equivalent to 1 above.
The preferred candidate should possess the following: – 10+ years of experience in application security or vulnerability management (both a plus); of which 4+ years in large, complex enterprise environments; – Excellent written and verbal communication skills; – Ability to share meaningful insights about the context of an organizationâs threat environment that improve its risk management posture; – Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation); – Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
* Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration For City employees, please go to Employee Self Service (ESS), click on Recruiting Activities > Careers, and search for Job ID #445561 For all other applicants, please go to www.nyc.gov/jobs/search and search for Job ID #445561 SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL Department of Information Technology & Telecommunications and the City of New York are equal opportunity employers. DoITT participates in E-Verify
Day – Due to the necessary technical support duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings.
Work Location 1:
New York, NY
New York City Residency is not required for this position
To apply for this job please visit a127-jobs.nyc.gov.