IT Security Specialist - Lincoln, United States - City of New York

    City of New York
    City of New York Lincoln, United States

    1 month ago

    Default job background
    Description
    IT Security Specialist - Vulnerability Management & Remediation


    POLICE DEPARTMENT
    Full-time
    Location

    MANHATTAN
    Department
    INFO TECHNOLOGY BUREAU/CV

    Salary range:
    $75,000.00 – $180,000.00
    Job Description


    JOB DESCRIPTION:


    The mission of the New York City Police Department is to enhance the quality of life in New York City by working in partnership with the community to enforce the law, preserve peace, protect the people, reduce fear, and maintain order.

    The NYPD strives to foster a safe and fair city by incorporating Neighborhood Policing into all facets of Department operations, and solve the problems that create crime and disorder through an interdependent relationship between the people and its police, and by pioneering strategic innovation.


    The Information Security team within ITB is a highly specialized group of cyber security professionals tasked to oversee the defense and response of cyber security incidents within NYPD.

    This includes, but not limited to, user access and controls, vulnerability, scanning, cyber threat intelligence gathering, and incident response.

    The Information Security Office seeks an IT Security Specialist who will be responsible for:

    o Monitor for vulnerabilities within applications, endpoints, databases, networking, and mobile and cloud services.

    o Collaborate with IT and security operations to manage internal- and external-facing systems to identify, track and remediate system and application vulnerabilities.

    o Support IT operations' responsibility to remediate system and application vulnerabilities.
    o Conduct continuous discovery, vulnerability assessment and remediation status of enterprise-wide assets.
    o Prioritize vulnerability remediation based on criticality, exploit probability, rating and business risk exposure.
    o Document, prioritize, recommend, validate and report on the state of vulnerabilities.
    o Collaborate as a purple team with colleagues in offense, defense, operators, threat intelligence and risk management roles.
    o Recommend tactical options to reduce attack surface, containment alternatives and impede attackers.

    o Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization's security posture against them.

    o Remain current with emerging threats and share knowledge with colleagues to improve security posture.

    o Maintain active database comprising third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business.

    o Define key performance indicators and metrics to illustrate efficacy with vulnerability management.
    o Automate asset inventory and vulnerability discovery and reporting.
    o Liaise with the security engineering team to improve monitoring and response workflow.
    o Maintain documentation related to vulnerability policies and procedures.
    o Assist with host and application hardening and attack surface reduction across company-wide assets.
    o Serve as a point of contact for new and existing vulnerability-related issues.
    o Supervise testing and validation vulnerability remediation and controls.
    o Assist with change management operations to ensure vulnerabilities are not introduced.
    o Provide vulnerability education and guidance to stakeholders, developers, IT and business leaders as needed.
    o Willingness to work nonstandard business hours to respond to and mitigate threats.
    o Perform other duties as assigned.

    Work Location: 1 Police Plaza


    Work Schedule:
    Varies


    Additional Information:
    The Information Security (InfoSec) unit is a twenty-four hour, seven days a week operation.

    Qualified applicants will be assigned to a steady platoon with either Friday and Saturday, Saturday and Sunday, or Sunday and Monday as regular days off (RDOs).


    In compliance with Federal Law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.


    The City of New York offers a comprehensive benefits package including health insurance for the employee and his or her spouse or domestic partner and un-emancipated children under age 26, union benefits such as dental and vision coverage, paid annual leave and sick leave, paid holidays, a pension, and optional savings and pre-tax programs such as Deferred Compensation, IRA, and a flexible spending account.

    Minimum Qualifications
    A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or,

    Education and/or experience which is equivalent to "1" above.
    Preferred Skills


    JOB DESCRIPTION:


    The mission of the New York City Police Department is to enhance the quality of life in New York City by working in partnership with the community to enforce the law, preserve peace, protect the people, reduce fear, and maintain order.

    The NYPD strives to foster a safe and fair city by incorporating Neighborhood Policing into all facets of Department operations, and solve the problems that create crime and disorder through an interdependent relationship between the people and its police, and by pioneering strategic innovation.


    The Information Security team within ITB is a highly specialized group of cyber security professionals tasked to oversee the defense and response of cyber security incidents within NYPD.

    This includes, but not limited to, user access and controls, vulnerability, scanning, cyber threat intelligence gathering, and incident response.

    The Information Security Office seeks an IT Security Specialist who will be responsible for:

    o Monitor for vulnerabilities within applications, endpoints, databases, networking, and mobile and cloud services.

    o Collaborate with IT and security operations to manage internal- and external-facing systems to identify, track and remediate system and application vulnerabilities.

    o Support IT operations' responsibility to remediate system and application vulnerabilities.
    o Conduct continuous discovery, vulnerability assessment and remediation status of enterprise-wide assets.
    o Prioritize vulnerability remediation based on criticality, exploit probability, rating and business risk exposure.
    o Document, prioritize, recommend, validate and report on the state of vulnerabilities.
    o Collaborate as a purple team with colleagues in offense, defense, operators, threat intelligence and risk management roles.
    o Recommend tactical options to reduce attack surface, containment alternatives and impede attackers.

    o Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization's security posture against them.

    o Remain current with emerging threats and share knowledge with colleagues to improve security posture.

    o Maintain active database comprising third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business.

    o Define key performance indicators and metrics to illustrate efficacy with vulnerability management.
    o Automate asset inventory and vulnerability discovery and reporting.
    o Liaise with the security engineering team to improve monitoring and response workflow.
    o Maintain documentation related to vulnerability policies and procedures.
    o Assist with host and application hardening and attack surface reduction across company-wide assets.
    o Serve as a point of contact for new and existing vulnerability-related issues.
    o Supervise testing and validation vulnerability remediation and controls.
    o Assist with change management operations to ensure vulnerabilities are not introduced.
    o Provide vulnerability education and guidance to stakeholders, developers, IT and business leaders as needed.
    o Willingness to work nonstandard business hours to respond to and mitigate threats.
    o Perform other duties as assigned.

    Work Location: 1 Police Plaza


    Work Schedule:
    Varies


    Additional Information:
    The Information Security (InfoSec) unit is a twenty-four hour, seven days a week operation.

    Qualified applicants will be assigned to a steady platoon with either Friday and Saturday, Saturday and Sunday, or Sunday and Monday as regular days off (RDOs).


    In compliance with Federal Law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.


    The City of New York offers a comprehensive benefits package including health insurance for the employee and his or her spouse or domestic partner and un-emancipated children under age 26, union benefits such as dental and vision coverage, paid annual leave and sick leave, paid holidays, a pension, and optional savings and pre-tax programs such as Deferred Compensation, IRA, and a flexible spending account.

    Minimum Qualifications
    A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or,

    Education and/or experience which is equivalent to "1" above.

    Preferred Skills

    • Applicants should have several years of cyber security experience with a specialization in vulnerability management, and an applicable knowledge of CVEs, CVSS, MITRE ATT&CK framework, and profieciecy with commercial and open source vulnerability management tools.
    • Applicants should also possess strong administrative, verbal and written communication skills.Bachelor's or Master's degree and CISSP, GCIH, GEVA certifications are preferred (certificates should be valid and current).
    • Familiarity with administering directory services, Windows and Azure AD, SSO, MFA and rolebased access control (RBAC).
    • Experience administering IAM systems, access controls, security and risk management, and security governance fundamentals.
    • Ideally familiar with one or more regulatory requirements and laws such as, but not limited to, PCI, Federal Financial Institutions Examination Council (FFIEC), Sarbanes-Oxley (SOX), HIPAA, GDPR and GLBA.
    Additionally, experience in one or more of the following preferred:
    ISO 17799, ITIL and NIST.
    • Preferable experience with one or more scripting languages (e.g., Python, PowerShell, Bash).
    • Track record acting with integrity, taking pride in work, seeking to excel, and being curious and flexible.
    • Strong written and oral communication skills across varying levels of the organization.
    Residency Requirement
    New York City Residency is not required for this position
    Additional Information

    The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.

    IT Security Specialist - Vulnerability Management & Remediation
    05/30/2024

    Experience level:
    Experienced (non-manager)

    #J-18808-Ljbffr