Vulnerability Manager

  • $69,940.00 - $165,000.00/year
  • About New York City Cyber Command
    NYC Cyber Command was created in 2017 by Executive Order to lead the City’s cyber defense efforts, working across more than 100 agencies and offices to prevent, detect, respond, and recover from cyber threats. NYC Cyber Command is committed to protecting NYC infrastructure and critical systems from malicious attacks through the use of the latest technologies, public-private partnerships, and regular training and exercises for City employees.

    Job Description
    Leading and managing a team of vulnerability specialists, New York City Cyber Command’s Urban Technology (UT) division is seeking a Vulnerability Manager to formulate policy and oversee projects including: vulnerability management, penetration testing, cloud security, WiFi security, LTE/4G networking, secure and resilient network design, Internet of Things (IoT), industrial control system (ICS)/SCADA cybersecurity and related UT initiatives. The Vulnerability Manager will guide Vulnerability Specialists in the performance assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. The Vulnerability Manager will evaluate measurements of effectiveness of defense-in-depth architecture against known vulnerabilities by the vulnerability specialist teams.

    Some of the responsibilities will be to: 
    • Formulate policies with scanning, remediation tracking, notifications, and severity ratings.
    • Assign work based on the expertise of individuals within the vulnerability team.
    • Analyze and remediate findings discovered during scheduled internal and 3rd party vulnerability scans and penetration tests
    • Manage the review and triage of vulnerability alerts into manageable reports, provide relevant analysis, suggest mitigations, track remediation, manage scheduled scans, identify gaps and expand scan coverage, and escalate as appropriate.
    • Review reports of Cybersecurity risk assessments and offer strategies of mitigation.
    • Manage the development of security documentation
    • Work both remotely and onsite at various city facilities. 
    • Manage and perform onsite activities, including implementing Cybersecurity solutions or performing security assessment activities, including technical configuration reviews. 
    • Work with a variety of NYC agencies.
    • Manage and perform other related duties as required.

    The position’s responsibilities include commitment to and compliance with the City’s EEO policy.

    Minimum Qual Requirements
    1. Six (6) years of progressively responsible full-time paid experience supervising or administering computer operations involving a large-scale third generation computer at least 18 months of which shall have been in a managerial capacity.
    2. Education at an accredited college or university may be substituted for the general experience described above (but not for the 18 months of managerial experience described above) at the rate of one year of college for 6 months of experience up to a maximum of 4 years college for 2 years or experience. In addition a Master of Business Administration, Master of Public Administration or any other Master's Degree in Management of Administration may be substituted for an additional year of general work experience. However, all candidates must possess the 18 months of administrative or managerial experience or managerial experience described above.

    Preferred Skills
    The preferred candidate should possess the following:
    • At least 10 years of experience and 18 months supervisory experience in Cybersecurity, including vulnerability assessments, penetration testing, security assessments, strategy and program development, network architecture designs, or monitoring solutions. A bachelors can substitute for 2 years of experience, but 18 months supervision is mandatory;
    • Experience with Cybersecurity standards and best practices and how to integrate them;
    • Strong background with next generation firewall products, intrusion detection systems, DMZ, IPSec, DNS, SMTP, HTTP proxies, etc;
    • Knowledge of security best practices across multiple platforms, such as Microsoft Windows, VMWare, Cisco IOS, and Mobile OS Android/Apple IOS;
    • Ability to transfer knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques;
    • Ability to transfer knowledge of security best practices: NIST, CIS, Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, Microsoft, Unix/Linux, etc;
    • Experience with evaluating security vulnerabilities, developing mitigation strategies, and implementing remediation;
    • Experience with at least two of the following vulnerability management tools: Rapid7, Tenable, Qualys, OpenVAS;
    • Ability to analyze Cybersecurity documentation, including security policies, plans, and procedures;
    • Extensive experience with Windows and Linux Servers;
    • 4+ years supervision of vulnerability teams and processes;
    • Hands-on experience with Application Security, specifically WAF technologies, DAST and SAST tools;
    • Extensive experience with network reconnaissance;
    • Extensive experience with OWASP;
    • Extensive experience with firewall, router, and switch security;
    • Masters degree in Cyber Security, Computer Science, Computer Engineering, Business Administration, Public Administration, or equivalent;
    • Certifications such as Certified Information Systems Security Professional (CISSP) Certification, Security Essentials Certification (GSEC);
    • Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), Certified Penetration Tester (CWAPT).
    • Highly motivated self-starter demonstrating integrity, initiative and innovation qualities.
    • Strong organizational skills; will require tracking of outstanding issues and multiple projects;
    • Willingness to travel in the five boroughs of NYC;
    • Exceptional written and oral communication skills;
    • Exceptional organizational and analytical skills;
    • Ability to train and lead staff;
    • Excellent research and analytical skills;
    • Excellent oral and written communication skills.
     |
     | To Apply
    | Special Note: Taking and passing civil service exams are necessary to maintain employment with the City of New York. Please check the Department of Citywide Administrative Services (DCAS) website (http://www.nyc.gov/html/dcas/html/work/exam_monthly.shtml) for important exam filing information. Please ensure that you are either a permanent employee in the civil service title listed on this posting, or, that you file for the examination when there is an open filing period. For more information regarding the civil service process, please visit the DCAS website at: http://www.nyc.gov/html/dcas/html/work/work.shtml

    * Interested applicants with similar permanent titles who meet the preferred requirements should also submit a resume for consideration

    SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW.
    APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL.

    New York City Cyber Command and the City of New York are equal opportunity employers.

    NYC3 participates in E-Verify

    Hours/Shift
    Day - Due to the necessary technical management duties of this position in a 24/7 operation, candidate may be required to be on call and/or work various shifts such as weekends and/or nights/evenings.

    Residency Requirement
    New York City Residency is not required for this position

    Want to apply later?

    Type your email address below to receive a reminder

    Apply to Job

    ErrorRequired field
    ErrorRequired field
    ErrorRequired field
    Error
    Error
    insert_drive_file
    insert_drive_file