Senior Security Engineer

• This is a 100% OnSite position.
  
• Hours: THIS POSITION WILL ALLOW 35.00 HOURS PER WEEK. PLEASE DO NOT ASSUME THAT OVERTIME WILL BE ALLOWED.
  
• Duration: 12 Months
  

• MyCity is a single portal for all City services and benefits.
  
• The vision is a simple seamless and intuitive experience interacting with City government digitally.
  
• It is designed with New Yorkers at the center of the process to prioritize features by conducting user research.
  
• MyCity produces value for New Yorkers early and often through phased releases.
  
• There are several phases within the MyCity portal workstream (Child Care Business Portal Workforce Development Services and others).
  
• The clients Cyber Command is looking for additional support as the cyber threat landscape continues to evolve and Citywide cybersecurity solutions are deployed in large complex networked environments. The needed resource skill set is specialized in: providing guidance at various stages of planning and implementing security design processes and solutions testing and validation and pivot between numerous technical projects communicating status at various leadership levels.
  
• The resource will have significant interaction with NYC Cyber Command leadership its engineering architecture and application security teams incident response and other cyber security practitioners.
  

• Perform organization wide cybersecurity risk analysis and maintain updates on the identified risks
  
• Create socialize and obtain approval for cybersecurity strategy and plans to address generic and specific cybersecurity risks to the organization
  
• Create and follow a process to track progress against cybersecurity plans
  
• Lead the implementation of cybersecurity initiatives for MyCity Portal development project
  
• Create network architecture diagrams collect communication flow information and build high level and low level design documents
  
• Work on complex network problems interact with vendor support teams and drive the issue to resolution
  
• Translate compliance requirements into specific security controls and present compensating security controls
  
• Report to upper management on current cybersecurity posture and progress on mitigating identified risks
  
• Identify cybersecurity gaps and maintain a risk register
  
• Create metrics to measure cybersecurity controls efficacy
  
• Work with partners to create and maintain incident response plans
  
• Monitor and respond to alerts
  
• Review and optimize existing cybersecurity controls
  
• Ensure the organization compliance with cybersecurity best practices policies and standards
  
• Enforce endpoint security standards
  
• Analyze vulnerabilities and work with Application Development IT and Systems teams to ensure timely remediation and validation
  
• Perform threat simulations to detect possible risks and provide cybersecurity recommendations on topics like network perimeter identity management API security microservices design and /or application development
  
• Instruct and guide other teams to craft "secure by default" infrastructure; they may also investigate build and recommend innovative technologies or other methods that will improve the security of cloud based and onpremises environments
  

Requirements

• Bachelors degree in Computer Science Information Systems or equivalent work experience
  
• At least 12 years of experience in information security
  
• At least 8 years in IT infrastructure management application architecture risk management data architecture middleware technology and IT operations and project management
  
• At least 8 years of experience with networking loadbalancing DNS TLS/SSL digital certificates SAML and Single Signon technologies Kerberos MFA technologies and Identity management
  
• At least 4 years of experience working with tools and techniques for collecting and processing Network Security Telemetry and Security Event Data.
  
• At least 4 years of experience working in cloud environment (Azure AWS GCP)
  
• At least 4 years of experience working in securing Internetfacing applications utilizing WAF technologies (eg: Akamai CDN and WAF CloudFlare Azure CDN and WAF Azure FrontDoor AWS CloudFront and WAF and similar reverseproxy technologies)
  
• At least 4 years of experience architecting deploying and managing endpoint security and EDR technology
  
• At least 4 years of experience using scripting languages (Python Bash Powershell etc.)
  
• At least 4 years of experience with Windows Linux or MacOS administration
  
• At least 4 years of experience working with vulnerability management and scanning tools
  
• At least 4 years of experience working with application scanning tools
  

• Experience in implementing and operating Network Security Telemetry Collection Systems in multicloud and onprem environments
  
• Experience in implementing and operating Data Loss Prevention Systems
  
• Experience of information security principles and practices especially the implementation of practical technical controls to support organization policy
  
• Strong understanding of networking protocols firewalls and cybersecurity protection concepts including software development lifecycle and compensating controls
  
• Strong understanding of cloudbased services such as O365 AzureAD IAM Entra ID
  
• Strong understanding of CIS controls
  
• Experience with SyslogNG LogScale (Humio) or similar SIEM/log aggregation systems
  
• Experience with SSO products and services such as Entra ID PingFederate or Okta
  
• Experience with NetSkope Zscaler Palo Alto Networks Prisma Access or similar cloud proxies
  
• Familiarly with CASB/SASE products
  
• Experience with Cloudbased EDR/XDR tools
  
• Knowledge of endpoint security management configuration policies and procedures
  
• Experience with asset management and onprem/cloudbased vulnerability management tools
  
• Highly flexible/willing to learn new technologies
  
• Highly organized with excellent analytical problem solving and decisionmaking skills
  
• Excellent communication and collaboration skills