Job Information
CUNY Cybersecurity Engineer (IT Security Specialist 3) - Provisional in New York, New York
Cybersecurity Engineer (IT Security Specialist 3) - Provisional
GENERAL DUTIES
This position encompasses professional and responsible technical consultative and/or administrative work. Under administrative direction of a university IT manager, with broad latitude of independent action or decision, serves as subject matter expert on IT security, identity, and access infrastructure; provides IT security architectural guidance; designs security solutions; conducts IT risk assessments and recommended mitigating solutions.
There are three (3) Assignment Levels within this classification. All personnel perform related work. Assignment Levels 2 and 3 may supervise staff. This specification describes typical assignments; related duties may be assigned as needed.
To view the complete job description, go tohttp://www.cuny.edu/about/administration/offices/hr/classified-civil-service/ccsjobs/and view the Job Description for IT Security Specialist.
CONTRACT TITLE
IT Security Specialist
FLSA
Non-exempt
CAMPUS SPECIFIC INFORMATION
The Office of Computing and Information Services (CIS) at the City University of New York (CUNY) supports the IT and telecommunications needs of CUNY's 25 colleges. CIS supports enterprise IT and applications, develops new technologies that advance the University's core mission, builds, upgrades and maintains the University's network, and operates the University's Data Center and Service Desk. Additionally, CIS manages the processes of safeguarding the University’s IT assets and operates the SOC, develops disaster recovery plans for business continuity, maintains the security of the University’s IT assets, and maintains the CUNYfirst Enterprise Resource Planning (ERP) solution that integrates student administration, financial management, and human resources operations across CUNY’s 25 colleges. Lastly, CIS provides strategic and operational IT leadership with respect to the maintenance, enhancement, and expansion of the CUNY network spanning across all CUNY campuses.
The CUNY-CIS cybersecurity program entails managing processes to identify potential threats to the University's IT assets. This includes developing policies, assessments, tools, and procedures to fortify defenses and respond effectively, safeguarding CUNY's IT interests. Reporting to the Director of Cybersecurity Engineering, the Cybersecurity Engineer is responsible for continuously assessing, securely designing, and maintaining CUNY's systems to eliminate security vulnerabilities and ensure ongoing monitoring. This role also involves implementing security measures to address identified gaps and breaches, while leading strategic initiatives to modernize network infrastructure and protect CUNY's data against cybersecurity threats.
Key responsibilities include, but are not limited to the following:
Deploys, engineers, configures, and maintains next generation firewalls (NGFW) to secure enterprise-wide network traffic, aligning policies with evolving security frameworks and optimizing performance through continuous tuning and updates.
Harnesses artificial intelligence for IT operations (AIOps) and threat intelligence, by integrating AIOps into NGFW and other security platforms to drive predictive analytics, enhance anomaly detection, implement automated responses to mitigate risks and respond to security incidents proactively.
Architects comprehensive protection strategies to fortify web proxies and secure IoT devices to eliminate vulnerabilities, streamline access control, and ensure real-time monitoring of Internet traffic.
Designs and implements advanced DNS security measures and URL filtering protocols to thwart DNS-based attacks and enforce compliance with organizational access policies.
Leads threat detection and response initiatives, by strategically managing Intrusion Detection/Prevention Systems (IDS/IPS) for real-time threat identification, refining signatures and rules to minimize false positives and accelerate remediation.
Oversees the design and operational management of secure VPN infrastructures, ensuring alignment with industry-standard encryption and access control protocols.
Mitigates distributed denial-of-service (DDoS) attacks by deploying and administering sophisticated DDoS mitigation tools and frameworks to maintain network availability under volumetric attack scenarios.
Orchestrates advanced security audits and assessments by executing in-depth evaluations of the University’s IT landscape to uncover vulnerabilities, craft mitigation strategies, and enhance security compliance across systems.
Spearheads incident response efforts, including forensic analysis, to uncover root causes, restore system integrity, and reinforce preventative measures, including off-hours/on-call support (support systems beyond normal business hours) to investigate security incidents, contain threats, and restores normal operations and prevent future incidents.
Drive continuous learning and innovation keeping at the forefront of cybersecurity trends and emerging threats by evaluating and integrating innovative technologies to bolster CUNY’s defenses.
NOTES:
Until further notice, this position is eligible for a hybrid work schedule.
An appointment to this Competitive title/position in the Classified Civil Service Title Series will be made with a Provisional status. Employees in provisional status must pass a competitive civil service examination and be appointed from a civil service list to remain in the title/position.
MINIMUM QUALIFICATIONS
1. A baccalaureate degree in computer science, engineering or a related field from an accredited college or university and five (5) years of satisfactory full-time experience providing IT security architectural guidance, designing security solutions, and/or conducting IT risk assessments and recommended mitigating solutions; or
2. A baccalaureate degree from an accredited college or university and six (6) years of satisfactory full-time experience as described in “1” above; or
3. A high school diploma or its educational equivalent and ten (10) years of satisfactory full-time experience as described in “1” above; or
4. Education and/or experience which is equivalent to "1," "2" or "3" above. The following may substitute for some of the required experience required in "1," "2" or "3" above, as follows:
College education (undergraduate credits) may substitute for up to four (4) years of the required experience in "3" above on the following basis:
A. 30 to 59.9 semester credits substitute for 1 year of experience; or
B. 60 to 89.9 semester credits substitute for 2 years of experience; or
C. 90 to 119.9 semester credits substitute for 3 years of experience; or
D. 120 or more semester credits substitute for 4 years of experience.
Graduate credits in information technology, computer science or a related field may substitute for up to two (2) years of experience in "1" or "2" above on the following basis:
A. 15 to 29.9 graduate credits substitute for 1 year of required experience; or
B. 30 or more graduate credits substitute for 2 years of required experience.
Each of the following certifications may substitute for one (1) year of the required experience in "1," "2" or "3" above:
A. Certified Information Systems Security Professional (CISSP) issued by ISC2; and/or
B. Certified Ethical Hacker (CEH) issued by EC-Council; and/or
C. CompTIA Security+ issued by CompTIA; and/or
D. Certified Information Security Manager (CISM) issued by ISACA; and/or
E. Certified Information Security Auditor (CISA) issued by ISACA; and/or
F. GIAC Security Essentials (GSEC) issued by GIAC; and/or
G. Certified Cloud Security Professional (CCSP) issued by ISC2.
However, all candidates must have a high school diploma or its educational equivalent and at least three (3) years of experience as described in “1” above.
Assignment Level II or III :
Level II: After meeting the Qualification Requirements above, an additional two (2) years of satisfactory full-time experience providing IT security architectural guidance, designing security solutions, and/or conducting IT risk assessments and recommended mitigating solutions is required for Level II.
Level III: After meeting the Qualification Requirements above and the Level II requirements, an additional two (2) years of satisfactory full-time experience providing IT security architectural guidance, designing security solutions, and/or conducting IT risk assessments and recommended mitigating solutions is required for Level III (for a total of 4 years of experience above the Qualification Requirements).
English Language Proficiency : Demonstrated English language proficiency, including ability to speak, read, write, and understand English well enough to meet minimally acceptable performance standards set for job duties.
Motor Vehicle Driver License : A Motor Vehicle Driver license, valid in New York State, may be required for some, but not all positions.
Note: CUNY considers full-time work to be at least 35 hours per week. Part-time experience of at least 20 hours per week may be prorated by half and credited instead of,but not in addition to, full-time experience during the same period (e.g., two months of related work experience at 20-34 hours per week equates to one month of full-time related work experience.) Part-time experience of fewer than 20 hours per week cannot be credited at all.
OTHER QUALIFICATIONS
Preferred:
• 5+ years of experience in Network Security, with a focus on Next Gen Firewall technologies.
• Industry certifications such as Cisco CCNP Security, Palo Alto Networks Certified Network Security Engineer (PCNSE), or equivalent.
• Strong proficiency in network troubleshooting using tools such as Wireshark, tcpdump, and NetFlow analyzers.
• Experience with scripting languages (e.g., Python, PowerShell) for task automation and customization of security tools.
• In-depth knowledge of network protocols, TCP/IP stack, and network architecture principles.
• Excellent analytical and problem-solving skills, with the ability to prioritize and manage multiple tasks in a dynamic environment.
• Expertise with Network scanning/management tools and event log management systems; Strong log analysis and SIEM experience.
• Familiarity with web and application server platforms (e.g., Apache, NGINX, IIS, Tomcat, WebSphere, etc.).
• Experience with Microsoft Azure AD or supporting applications in UNIX/Linux and Microsoft Windows environments.
• Experience implementing/working with Enterprise SSO, Federation, and MFA.
COMPENSATION
The salary is $124,471 .
CUNY's benefits contribute significantly to total compensation, supporting health and wellness, financial well-being, and professional development. We offer a range of health plans, competitive retirement/pension benefits and savings plans, tuition waivers for CUNY graduate study and generous paid time off. Our staff also benefits from the extensive academic, arts, and athletic programs on our campuses and the opportunity to participate in a lively, diverse academic community in one of the greatest cities in the world.
BENEFITS
CUNY offers a comprehensive benefits package to employees and eligible dependents based on job title and classification. Employees are also offered pension and Tax-Deferred Savings Plans. Part-time employees must meet a weekly or semester work hour criteria to be eligible for health benefits. Health benefits are also extended to retirees who meet the eligibility criteria.
HOW TO APPLY
For full consideration, submit a cover letter and resume online via CUNY's web-based job system, addressing how your experience and credentials meet the responsibilities and qualifications outlined.
The direct link to the job opening from external sources is:
https://hrsa.cunyfirst.cuny.edu/psc/erecruit/EMPLOYEE/HRMSCG/c/HRS_HRAM_FL.HRS_CG_SEARCH_FL.GBL?Page=HRS_APP_JBPST_FL&Action=U&FOCUS=Applicant&SiteId=1&JobOpeningId=29456&PostingSeq=1
Current CUNY employees must apply through CUNYfirst Employee Self Service using their login credentials. After you login, click the Careers tile on the Employee Self Service Menu page to view job openings
CLOSING DATE
Open until filled.
JOB SEARCH CATEGORY
CUNY Job Posting: Information Technology/Technical
EQUAL EMPLOYMENT OPPORTUNITY
CUNY encourages people with disabilities, minorities, veterans and women to apply. At CUNY, Italian Americans are also included among our protected groups. Applicants and employees will not be discriminated against on the basis of any legally protected category, including sexual orientation or gender identity. EEO/AA/Vet/Disability Employer.
Job ID
29456
Location
Central Office
CUNY
- CUNY Jobs