THE ACTUAL SALARY RANGE FOR THIS POSITION IS $125,000 to $145,000.

NYCHA IT Infrastructure and Operations (I&O) Unit serves as the backbone of the Information Technology Division. The unit ensures the Housing Authority has a strong, stable and secure technology environment that enables the business to deliver services to New Yorkers effectively and efficiently. I&O strives to use innovative ideas to optimize and manage its environment, implementing industry standard best practices and automated processes. Reporting to the IT Infrastructure Management Department within the I&O unit, the Identity and Access Management (IAM) team is responsible for the design and implementation of various IAM technologies including Microsoft Active Directory, Active Directory Federation Services, Entra ID and Privileged Access Management.

Under direction of the Senior Manager of IT Infrastructure Management, with broad latitude for independent action or decision, the IAM team seeks a highly motivated individual with the following specifications to lead the ongoing modernization of our critical IAM/PAM infrastructure.

Responsibilities will include, but are not limited to the following:

- Design and administer various Identity Access Management (IAM), Role Based Accesses Control (RBAC), and Privileged Access Managements (PAM) platforms including Active Directory, Entra ID, Centrify, CyberArk and Quest Active Roles Server.
- Design, troubleshoot and resolve Active Directory, Group Policy, Kerberos, Distributed File System, DHCP, DNS, Active Directory Federated Services, MS Azure, Centrify, Multi-Factor and other password authentication and authorization systems.
- Design and implement Microsoft Azure security tools including Defender for Identity, Cloud Application Security, and Microsoft Security and Compliance Center.
- Analyze, design, implement, document and monitor infrastructure to maximize performance and capacity; ensure security and availability of data.
- Perform regular audits and assessments of IAM resources and configurations to ensure compliance with security best practices and regulatory requirements.
- Plan, define and maintain standards and guidelines for efficiency, security, reuse, interoperability, availability, consistency and integration.
- Update Enterprise-level plan for recovery of Active Directory in the event of a disaster or system compromise.
- Define optimal performance level for infrastructure components and ensure that the level is met.
- Supervise technical IT staff, training employees on updated IT policy and overseeing performance reviews.
- Analyze, develop, and recommend plans and solutions to operational, management and business critical infrastructure services including hardware and software activities and associated problems, and utilize effective leadership skills to implement such plans and recommendations.
- Develop, document, and enforce standards, security procedures, and controls for access to ensure integrity of the Windows Systems, Active Directory, Azure AD Connect and related systems.
- Assist in the development and review of technical specifications for the procurement of relevant IT systems and services, including the evaluation of vendor submissions solicited via bids, requests for information and proposals.
- Create and update technical documentation including design documents, use cases and all aspects of a runbook.
- Maintain disaster recovery configurations for infrastructure, perform periodic disaster recovery test and maintain disaster recovery documentation and procedures in support of infrastructure.
- Provide detailed status reports of various IAM/PAM related projects to senior leadership.
- Learn new tools and resolve issues using all available resources.
- Provide after-hours support as needed.

Additional Information

1. NYCHA employees applying for transfer, promotional, title or level change opportunities must have served a period of one year at current location and in current title and level (if applicable).
2. NYCHA residents are encouraged to apply.

Please read this posting carefully to make certain you meet the qualification requirements before applying to this position.

1. A baccalaureate degree from an accredited college in computer science, engineering or a related field and four years of satisfactory full-time experience related to datacenter engineering and operations, cloud engineering and operations, complex IT infrastructure engineering; or,

2. A baccalaureate degree from an accredited college and eight years of satisfactory full-time experience related to datacenter engineering and operations, cloud engineering and operations, complex IT infrastructure engineering; or,

3. Education and/or experience which is equivalent to "1" or "2" above.

- 10+ years of hand-on experience with Windows 2008/2012/2016/2019 server- Forest, Domain trust, AD, DFS, DNS, WINS, DHCP, Group Policy. - 5+ years of design and administration experience working in a Hybrid Multi-cloud, Active Directory, Entra ID, Azure, Office 365, AWS and OCI environment. - 5+ years of experience administering Azure Active Directory (AD) Connect, Entra ID Conditional Access, Security and Compliance, and Defender for Identity/Advanced Threat Analytics (ATA). - 2+ years of experience working with SAML, OAuth, Role Based Accesses Control (RBAC), Identity Access Management (IAM), Privileged Access Management (PAM), and Attribute Based Access Controls (ABAC). - Deep understanding of cloud architectures on Azure, AWS and/or OCI. - Strong knowledge and experience architecting complex large-scale systems incorporating packaged and custom applications. - Knowledge of common technology methodologies, including TOGAF and ITIL. - Strong knowledge and experience across business, security, application, information, integration, UX and infrastructure architecture domains. - Strong managerial and leadership capabilities. - Strong interpersonal skills and ability to work well in a team environment. - Understanding of DevOps concepts and tools. - Passionate and enthusiastic about modern technologies, industry trends and new opportunities. - Expert level knowledge of Microsoft Active Directory LDAP service, shell scripting, Certificate services (PKI), AD Site Topology - all under a multi-site Windows 2008/2012/2016/2019 environment. - Expert level design and administration experience on Windows 2012/2016 server- Forest, Domain trust, AD, DFS, DNS, WINS, DHCP, Group Policy, Distribution lists, Windows folder security, and IP filter. - Strong troubleshooting skills in a Windows 2012/2016/2019 environment - Event log analysis, installation and administration of Windows Server 2012/2016/2019, including user setup and defining roles, performance tuning, backup and restore, security monitoring, registry and AD scripting.

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.

NYCHA has no residency requirements.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.