About New York City Cyber Command
Mission. NYC Cyber Command leads the City’s cyber defense efforts, working across more than 100 agencies and offices to prevent, detect, respond, and recover from cyber threats. NYC3 protects NYC infrastructure and critical systems from malicious attacks and safeguards the data, devices, and services of the City.
Culture. Foremost, we serve the people of the City of New York, so earning - and keeping - their trust is paramount. To deserve that trust, we relentlessly focus on facts, provide sound judgment, and maintain a healthy culture. We pride ourselves on having a respectful and inclusive workplace built on kindness, honest intellectual debate, and excellent work.
Job Description
Identity Security Engineers, working within the Data Protection Group, are responsible for making sure that data protection and identity security technologies are designed, integrated, tested, and configured to meet the objectives of NYC Cyber Command’s defensive efforts. Identity Security Engineers are responsible for the design and implementation data protection, identity assurance, privileged access management, and related technologies including host and network based data loss prevention, identity governance, privileged identity management, and related procedures and policies across City systems.
Identity Security Engineers work closely with private sector partners and City Agencies to ensure the efficacy of NYC Cyber Command defense technologies. They seek to bring together business owners, incident responders, and other members of the Security Sciences team to creatively solve complex challenges with engineering solutions. They are proficient in the use of automation tools, configuration management solutions, DevOps principles, and data.
Minimum Skills
● 6+ years experience in large enterprise environments
● Strong understanding of privileged account lifecycle management
● Strong understanding of RBAC
● Experience with Privileged Access Management solutions in large, distributed environments
● Experience working with Active Directory and the Microsoft Windows stack (DNS, WMI, DHCP, etc)
● Experience with MFA protocols and techniques
● In depth knowledge of authentication methods/protocols including LDAP, federation and SAML
Preferred Skills
● Knowledge of at least three of the following areas:
○ NIST framework as it related to Identity & Access Management
○ Cloud architecture
○ Linux experience in a complex enterprise environment with understanding of Kerberos and PAM authentication protocols
○ Linux experience with account and group management
○ Good understanding OAuth, Smartcards and MFA keys
○ Good understanding of how strong authentication integrates with applications residing on Windows, Linux, and Cloud platforms
● Ability to achieve goals with minimal supervision; self-starter; self-motivated and a capacity to get things done
● Dedication to continuous improvement
● Good oral and written communication skills
● Security and cloud certifications a plus (CISSP, CCSP, Google Compute Platform, AWS, Azure, etc.)
Qualification Requirements
1. A baccalaureate degree from an accredited college and four years of satisfactory full‐time experience related to projects and policies required by the particular position; or,
2. Education and/or experience which is equivalent to ʺ1ʺ above.