G

Senior Security Engineer

GovServicesHub
Contract
On-site
New York, New York, United States
Cyber Security Engineer

Job Location:  Available to work On-Site, New York, NY.

 

Note: 12+ years of experience in Information Security.

 

Job Description:

 

The resource’s function is essential to securing the City of New York’s systems for the MyCity Portal development project. This requires strong security controls over cloud identities and endpoint devices. The hardening of cloud ecosystems through well-designed frameworks is critical in protecting the City of New York systems and data from various cyber attacks

  

Tasks:

  • Perform organization wide cybersecurity risk analysis and maintain updates on the identified risks
  • Create, socialize and obtain approval for cybersecurity strategy and plans to address generic and specific cybersecurity risks to the organization
  • Create and follow a process to track progress against cybersecurity plans
  • Lead the implementation of cybersecurity initiatives for MyCity Portal development project
  • Create network architecture diagrams, collect communication flow information, and build high level and low level design documents
  • Work on complex network problems, interact with vendor support teams, and drive the issue to resolution
  • Translate compliance requirements into specific security controls and present compensating security controls
  • Report to upper management on current cybersecurity posture and progress on mitigating identified risks
  • Identify cybersecurity gaps and maintain a risk register
  • Create metrics to measure cybersecurity controls efficacy
  • Work with partners to create and maintain incident response plans
  • Monitor and respond to alerts
  • Review and optimize existing cybersecurity controls
  • Ensure the organization compliance with cybersecurity best practices, policies and standards
  • Enforce endpoint security standards
  • Analyze vulnerabilities and work with Application Development, IT and Systems teams to ensure timely remediation and validation
  • Perform threat simulations to detect possible risks and provide cybersecurity recommendations on topics like network perimeter, identity management, API security, microservices design and /or application development
  • Instruct and guide other teams to craft "secure by default" infrastructure; they may also investigate, build, and recommend innovative technologies or other methods that will improve the security of cloud-based and on-premises environments

Requirements

Skills Set:

 

Skill

Required /Desired

Experience

experience in information security


12+ years

IT infrastructure management, application architecture, risk management, data architecture, middleware technology, and IT operations and project management


8+ years

experience with networking, load-balancing, DNS, TLS/SSL digital certificates, SAML and Single Sign-on technologies, Kerberos, MFA technologies, and Identity management


8+ years

experience working in cloud environment (Azure, AWS, GCP)


4+ years

experience working in securing Internet-facing applications, utilizing WAF technologies (eg: Akamai CDN and WAF, CloudFlare, Azure CDN and WAF, Azure FrontDoor, AWS CloudFront and WAF, and similar reverse-proxy technologies


4+ years

experience working with tools and techniques for collecting and processing Network Security Telemetry and Security Event Data


4+ years

experience architecting, deploying, and managing endpoint security and EDR technology


4+ years

experience using scripting languages (Python, Bash, Powershell, etc.)


4+ years

experience with Windows, Linux, or MacOS administration


4+ years

experience working with vulnerability management and scanning tools


4+ years

experience working with application scanning tools


4+ years

Bachelor's degree in Computer Science, Information Systems or equivalent work experience


-



Apply now
Share this job
Twitter Facebook Linkedin Email