IMPORTANT NOTE:
ONLY CANDIDATES WHO HAVE A PERMANENT CERTIFIED IT ADMINISTRATOR (LAN / WAN) OR COMPARABLE CIVIL SERVICE TITLE WILL BE CONSIDERED FOR AN INTERVIEW. PLEASE INCLUDE YOUR EMPLOYEE IDENTIFICATION NUMBER (EIN) WHEN APPLYING AND INDICATE IN YOUR COVER LETTER IF YOU ARE A PERMANENT CERTIFIED IT ADMINISTRATOR (LAN / WAN).

NYC Department of Finance (DOF) is responsible for administering the tax revenue laws of the city fairly, efficiently, and transparently to instill public confidence and encourage compliance while providing exceptional customer service.

The Finance Information Technology (FIT) Division designs, builds, and supports all facets of DOF’s computer systems, including hardware, software, applications, infrastructure, telephone, and data security. FIT delivers and administers tax-related payment programs for the City of New York by providing the information technology solutions needed to achieve its mission of collecting revenue while ensuring an efficient and improved customer experience. FIT is also responsible for the systems and websites which enable citywide payments, land records, property assessment, parking adjudications, customer service, and the Sheriff’s public safety work.

Reporting directly to the Chief Information Security Officer (CISO), the selected candidate must have a strong work ethic and exceptional organizational skills. The Department of Finance has recruited top cyber professions to form one of the largest cyber security teams in municipal government and through this team's efforts has implemented high-impact security protocols grounded in the NIST Cyber Security framework. The selected candidate would need to have the ability to build on this strong base to propel the agency to even higher levels of maturity. To that end, a proven track record of securing classified data as well as the ability to maintain the resiliency of applications generating revenues of 35 billion dollars annually is expected.

The selected candidate’s responsibilities will included but not be limited to the following:

- Manage the day-to-day operations of the Security Operations Center (SOC). Serve as an escalation point.
- Experience in conducting investigations related to insider threats, counterintelligence, and
counterespionage.
- Develop, execute, and maintain standard operating procedures (SOPs) for the insider threat program.
- Experience and knowledge working with an SIEM, performing triage, gathering information, and
analyzing a variety of enterprise-level networks and security appliances such as Firewalls, NIDS,
HIDS, and Sys Logs.
- Document all activities during an incident, provide leadership with status updates, and create a final
incident report detailing the timeline of events and actions taken during the incident.
- Collaborate with law enforcement agencies to investigate Cyber threats directed at the organization.
- Lead internal assessments of security controls for IT system adequacy of access control measures.
- Develop, implement, and administer technical security standards and tools to address and mitigate
security risks and Cyber security issues.
- Create reports and dashboard metrics for SOC operations and present them to senior management.
- Coordinate with stakeholders, build and maintain positive working relationships with key stakeholders,
ensure compliance with SLA agreements and process adherence to achieve operational objectives to
manage threats.
- Provide information regarding intrusion events, security incidents, and other threat indications and
warning information to US government agencies.
- Collaborate with OTI Cyber to update the DOF Incident Response Plan to align with the standards of
OTI Cyber Agency Incident Response Readiness (AIRR) program.
- Act as Subject Matter Expert on network security assessments, vulnerabilities, mitigation, and risk
- management for FIT audits.
- Research and develop innovative approaches to Cyber security technology and explore their relevance to the needs of our DOF business units, as well as their impact on our DOF Cyber Security strategies.
- Collaborate with members of the FBI's NYC Financial Cyber Crimes Task Force, including FBI agents and NYPD detectives, to investigate Cyber threats directed at the Department of Finance.
- Review and respond to alerts related to the OTI Cyber Security Operations Center (SOC) Credential Leak, Phishing, Suspicious Activity Detected, and User(s) Clicked Phishing Link. Direct FIT AD Operations to reset passwords and instruct FIT Field Desktop Technicians to scan infected workstations.
- Team lead designing policy per IRS Safeguard Computer Security Evaluation Matrix (SCSEM) and identify vulnerabilities. Track risks and escalate new risks and obstacles to the leadership team.
- Collaborate with Legal to maintain and improve Vulnerability Management process and polices.
- Develop the Cyber security risk management concepts, Cybersecurity frameworks, control standards, secure coding principles, and security technologies. Hands on experience with scripting languages such as PowerShell, VbScript, Perl.
- Review security features of newly implemented systems, ensuring they meet existing security requirements and policies, review proposed changes to existing policy as conditions warrant.

Professional/vendor certification(s) in local area network administration that is required for the position to be filled. In addition, all candidates must have the following:

1. A baccalaureate degree from an accredited college, and two years of satisfactory full-time (not classroom based) experience in local area network and/or wide area network planning, design, configuration, installation, implementation, troubleshooting, integration, performance monitoring, maintenance, enhancement, and security management; or

2. A four-year high school diploma or its educational equivalent and six years of satisfactory full-time (not classroom based) information technology experience of which at least 2 years must have been as described in "1" or

3. A satisfactory equivalent of education and/or experience equivalent to "1" or "2" above. Education may be substituted for experience on the basis that 30 undergraduate semester credits from an accredited college is equivalent to 6 months of experience. A master’s degree in computer science or a related field from an accredited college may be substitute for one year of experience. However, all candidates must have at least one year of satisfactory (not classroom based) full-time information technology experience as described in "1" above.

Note: In addition to meeting the minimum Qualification Requirements: Incumbents may be required to update existing and/or obtain additional professional industry-standard certification(s) for current and future technical environments(s) in which they may be assigned to work, as determined by the employing agency.

- Experience with network intrusion methods, network containment, segregation techniques, and technologies such as Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS). - Experience with SIEM technologies, log management tools, security analytics platforms, and forensic offerings. - Experience in malware analysis, virus exploitation, and mitigation techniques is required. - Additionally, a strong understanding of incident response and crisis management is necessary. - Reporting and metrics on security monitoring should be provided through the creation of dashboards for asset owners and management to easily understand. Utilizing existing technologies within the organization can help expand the scope of coverage for the security monitoring service. - Advanced expert-level knowledge and understanding of information security architecture, technologies, tools, practices, and controls is also expected. - Strong understanding of various information security technologies, such as firewalls, encryption, and intrusion detection systems. In addition, well-versed in networking protocols, such as TCP/IP and DNS, and have experience designing and implementing network infrastructure for large organizations. - Knowledge of common cyber threats such as Trojan horses, worms, and viruses. - Extensive experience in defending against malware, including successfully mitigating a recent ransom-ware attack on a company's network. - Well-versed in mitigating social engineering attacks such as phishing and spear phishing. - Experience in Cyber forensics and highly complex threat analysis. - Knowledgeable about common information security management frameworks, such as ISO 2700x, Pub1075, PCI, HIPAA, NIST, Cloud Security, and other data security standards. - Possess in-depth knowledge of complex network architecture, Internet connectivity, and DMZ hosting strategies. Familiar with data privacy regulations and compliance issues. - Demonstrated exceptional communication skills by effectively explaining and communicating complex information technology security concepts, such as encryption and firewalls, to both technical and non-technical staff at all levels, including executives, managers, and front-line employees, within and outside the County.

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.

New York City Residency is not required for this position.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.