About New York City Cyber Command
NYC Cyber Command was created in 2017 by Executive Order to lead the City’s cyber defense efforts, working across more than 100 agencies and offices to prevent, detect, respond, and recover from cyber threats. NYC Cyber Command is committed to protecting NYC infrastructure and critical systems from malicious attacks through the use of the latest technologies, public-private partnerships, and regular training and exercises for City employees.
Job Description
Under the guidance of Senior Vulnerability Specialists and the supervision of the Vulnerability Manager, New York City Cyber Command’s Urban Technology (UT) division is seeking Vulnerability Specialists to serve to solve several problems on projects including: vulnerability management, penetration testing, cloud security, WiFi security, LTE/4G networking, secure and resilient network design, Internet of Things (IoT), industrial control system (ICS)/SCADA cybersecurity and related UT initiatives. The Vulnerability Specialist will perform assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. The vulnerability specialist will measure effectiveness of defense-in-depth architecture against known vulnerabilities.
Some of the responsibilities will be to:
- Assist in the Analysis and remediation of findings discovered during scheduled internal and 3rd party vulnerability scans and penetration tests
- Review and triage vulnerability alerts into manageable reports for the Senior Vulnerability Specialists and Vulnerability Manager to review.
- Provide relevant analysis, suggest mitigations, track remediation, manage scheduled scans, identify gaps and expand scan coverage, and escalate as appropriate.
- Conduct Cybersecurity risk assessments
- Develop security documentation under the guidance of the Senior Vulnerability Specialists and Vulnerability Managers.
- Work both remotely and onsite at various city facilities.
- Perform onsite activities, including implementing Cybersecurity solutions or performing security assessment activities, including technical configuration reviews.
- Work with a variety of NYC agencies.
- Highly motivated self-starter demonstrating integrity, initiative and innovation qualities.
- Perform other related duties as required.
Minimum Qual Requirements
1. A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or
2. Education and/or experience which is equivalent to "1" above.
Preferred Skills
The preferred candidate should possess the following:
- At least 2 years of experience in Cybersecurity, including vulnerability assessments, penetration testing, security assessments, strategy and program development, network architecture designs, or monitoring solutions;
- Experience with Cybersecurity standards and best practices and how to integrate them;
- Strong background with next generation firewall products, intrusion detection systems, DMZ, IPSec, DNS, SMTP, HTTP proxies, etc;
- Knowledge of security best practices across multiple platforms, such as Microsoft Windows, VMWare, Cisco IOS, and Mobile OS Android/Apple IOS;
- Knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques;
- Knowledge of security best practices: NIST, CIS, Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, Microsoft, Unix/Linux, etc;
- Experience with evaluating security vulnerabilities, developing mitigation strategies, and implementing remediation;
- Experience with at least two of the following vulnerability management tools: Rapid7, Tenable, Qualys, OpenVAS;
- Ability to analyze Cybersecurity documentation, including security policies, plans, and procedures;
- Extensive experience with Windows and Linux Servers;
- Strong organizational skills; will require tracking of outstanding issues and multiple projects;
- Willingness to travel in the five boroughs of NYC;
- Exceptional written and oral communication skills;
- Exceptional organizational and analytical skills;
- Ability to work both independently and as part of a team;
- Hands-on experience with Application Security, specifically WAF technologies, DAST and SAST tools;
- Experience with network reconnaissance;
- Experience with OWASP;
- Experience with firewall, router, and switch security;
- Possession of excellent research and analytical skills;
- Possession of excellent oral and written communication skills;
- BA or BS degree;
- Certifications such as Certified Information Systems Security Professional (CISSP) Certification, Security Essentials;
- Certification (GSEC), Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), Certified Penetration Tester (CWAPT).
To Apply
* Interested applicants with similar permanent titles who meet the preferred requirements should also submit a resume for consideration
SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW.
APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL.
New York City Cyber Command and the City of New York are equal opportunity employers.
NYC3 participates in E-Verify
Hours/Shift
Day - Due to the necessary technical support duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings.
Residency Requirement
New York City Residency is not required for this position