NYCHA IT Infrastructure and Operations (I&O) Unit serves as the backbone of the Information Technology Division. The unit ensures the Housing Authority has a strong, stable and secure technology environment that enables the business to deliver services to New Yorkers effectively and efficiently. I&O strives to use innovative ideas to optimize and manage its environment, implementing industry standard best practices and automated processes. Reporting to the IT Infrastructure Management Department within the I&O unit, the Identity and Access Management (IAM) team is responsible for the design and implementation of various IAM technologies including Microsoft Active Directory, Active Directory Federation Services, Entra ID and Privileged Access Management.

Under direction of the Senior Manager of IT Infrastructure Management, with broad latitude for independent action or decision, the IAM team seeks a highly motivated individual with the following specifications to lead the ongoing modernization of our critical IAM/PAM infrastructure.

Responsibilities will include, but are not limited to the following:

- Design and administer various Identity Access Management (IAM), Role Based Accesses Control (RBAC), and Privileged Access Managements (PAM) platforms including Active Directory, Entra ID, Centrify, CyberArk and Quest Active Roles Server.
- Design, troubleshoot and resolve Active Directory, Group Policy, Kerberos, Distributed File System, DHCP, DNS, Active Directory Federated Services, MS Azure, Centrify, Multi-Factor and other password authentication and authorization systems.
- Design and implement Microsoft Azure security tools including Defender for Identity, Cloud Application Security, and Microsoft Security and Compliance Center.
- Analyze, design, implement, document and monitor infrastructure to maximize performance and capacity; ensure security and availability of data.
- Perform regular audits and assessments of IAM resources and configurations to ensure compliance with security best practices and regulatory requirements.
- Plan, define and maintain standards and guidelines for efficiency, security, reuse, interoperability, availability, consistency and integration.
- Update Enterprise-level plan for recovery of Active Directory in the event of a disaster or system compromise.
- Define optimal performance level for infrastructure components and ensure that the level is met.
- Supervise technical IT staff, training employees on updated IT policy and overseeing performance reviews.
- Analyze, develop, and recommend plans and solutions to operational, management and business critical infrastructure services including hardware and software activities and associated problems, and utilize effective leadership skills to implement such plans and recommendations.
- Develop, document, and enforce standards, security procedures, and controls for access to ensure integrity of the Windows Systems, Active Directory, Azure AD Connect and related systems.
- Assist in the development and review of technical specifications for the procurement of relevant IT systems and services, including the evaluation of vendor submissions solicited via bids, requests for information and proposals.
- Create and update technical documentation including design documents, use cases and all aspects of a runbook.
- Maintain disaster recovery configurations for infrastructure, perform periodic disaster recovery test and maintain disaster recovery documentation and procedures in support of infrastructure.
- Provide detailed status reports of various IAM/PAM related projects to senior leadership.
- Learn new tools and resolve issues using all available resources.
- Provide after-hours support as needed.

NOTE: Due to the existence of a civil service list, candidates must have permanent civil service status in the title of Computer Specialist (Software) to be considered.

NOTE: This position is open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate in your cover letter that you would like to be considered for the position under the 55-a Program. For detailed information regarding the 55-a Program, please click on the link below:

https://bit.ly/55aProgram

Additional Information

1. INTERAGENCY TRANSFERS INTO NYCHA OF THOSE PERMANENT IN TITLE ARE NOT PERMITTED IN THE FACE OF AN ACTIVE AND VIABLE NYCHA PROMOTION LIST OR PREFERRED LIST FOR THE SAME TITLE.
2. NYCHA employees applying for promotional, title or level change opportunities must have served a period of one year at current location and in current title and level (if applicable).
3. NYCHA residents are encouraged to apply.

Please read this posting carefully to make certain you meet the qualification requirements before applying to this position.

(1) A baccalaureate degree from an accredited college, including or supplemented by twenty-four (24) semester credits in computer science or a related computer field and two (2) years of satisfactory full-time software experience in designing, programming, debugging, maintaining, implementing, and enhancing computer software applications, systems programming, systems analysis and design, data communication software, or database design and programming, including one year in a project leader capacity or as a major contributor on a complex project; or
(2) A four-year high school diploma or its educational equivalent and six (6) years of full-time satisfactory software experience as described in “1" above, including one year in a project leader capacity or as a major contributor on a complex project; or
(3) A satisfactory combination of education and experience that is equivalent to (1) or (2) above. College education may be substituted for up to two years of the required experience in (2) above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. A masters degree in computer science or a related computer field may be substituted for one year of the required experience in (1) or (2) above. However, all candidates must have a four year high school diploma or its educational equivalent, plus at least one (1) year of satisfactory full-time software experience in a project leader capacity or as a major contributor on a complex project.
NOTE: In order to have your experience accepted as Project Leader or Major Contributor experience, you must explain in detail how your experience qualifies you as a project leader or as a major contributor. Experience in computer operations, technical support, quality assurance (QA), hardware installation, help desk, or as an end user will not be accepted for meeting the minimum qualification
requirements.
Special Note
To be eligible for placement in Assignment Level IV, in addition to the Qualification Requirements stated above, individuals must have one year of satisfactory experience in a project leader capacity or as a major contributor on a complex project in data administration, database management systems, operating systems, data communications systems, capacity planning, and/or on-line applications programming.

- 10+ years of hand-on experience with Windows 2008/2012/2016/2019 server- Forest, Domain trust, AD, DFS, DNS, WINS, DHCP, Group Policy. - 5+ years of design and administration experience working in a Hybrid Multi-cloud, Active Directory, Entra ID, Azure, Office 365, AWS and OCI environment. - 5+ years of experience administering Azure Active Directory (AD) Connect, Entra ID Conditional Access, Security and Compliance, and Defender for Identity/Advanced Threat Analytics (ATA). - 2+ years of experience working with SAML, OAuth, Role Based Accesses Control (RBAC), Identity Access Management (IAM), Privileged Access Management (PAM), and Attribute Based Access Controls (ABAC). - Deep understanding of cloud architectures on Azure, AWS and/or OCI. - Strong knowledge and experience architecting complex large-scale systems incorporating packaged and custom applications. - Knowledge of common technology methodologies, including TOGAF and ITIL. - Strong knowledge and experience across business, security, application, information, integration, UX and infrastructure architecture domains. - Strong managerial and leadership capabilities. - Strong interpersonal skills and ability to work well in a team environment. - Understanding of DevOps concepts and tools. - Passionate and enthusiastic about modern technologies, industry trends and new opportunities. - Expert level knowledge of Microsoft Active Directory LDAP service, shell scripting, Certificate services (PKI), AD Site Topology - all under a multi-site Windows 2008/2012/2016/2019 environment. - Expert level design and administration experience on Windows 2012/2016 server- Forest, Domain trust, AD, DFS, DNS, WINS, DHCP, Group Policy, Distribution lists, Windows folder security, and IP filter. - Strong troubleshooting skills in a Windows 2012/2016/2019 environment - Event log analysis, installation and administration of Windows Server 2012/2016/2019, including user setup and defining roles, performance tuning, backup and restore, security monitoring, registry and AD scripting.

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.

NYCHA has no residency requirements.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.