Information Technology Specialist 4 (Information Security), ref 25RTA

New York State

  • New York City, NY
  • $96,336-121,413 per year
  • Permanent
  • Full-time
  • 13 days ago
Duties Description ITS provides operational support to state agencies on a 24x7x365 basis; some positions may be required to provide this critical service at any time.This position will be located in Latham, NY with the possibility of NYC or Rochester.Under the direction and support of senior team members within the Chief Information Security Office (CISO)/Integrated Cyber Command Center/Red Team, the Information Technology Specialist 4 (Information Security), SG-25 will be a member of the team that is responsible for advanced security testing of systems and applications, support and management of the secure lab environment, and the automation of processes within the Cyber Command Center. The incumbent will assist in security reviews, perform penetration testing using "offensive security" and other techniques that are often employed by an adversary. The incumbent will also participate in the automation of CyCom processes, the management and support of the CyCom secure lab environment, and the development of cyber security training materials.
The ideal candidate would have experience with cyber security, offensive security, penetration testing, computer networks, intrusion detection systems, routers, firewalls, operating systems, network vulnerabilities, and web application vulnerabilities. Other desirable skills include computer programming, scripting, databases, database queries, and reporting. Excellent written and verbal communication skills are essential. This position requires off-shift work on an ad-hoc basis and occasional travel. Additional information on shift and travel will be discussed at time of interview.
Specific duties include, but are not limited to:
  • Perform advanced computer security testing of systems and applications for ITS and its client agencies using specialize testing tools, techniques, and procedures.
  • Create technical reports with both deep technical details and executive summary information.
  • Participate in the development and improvement of CyCom automation activities.
  • Create training materials and standard operating procedures for the Red Team.
  • Manage and support the CyCom secure lab environment, including all hardware, software, and networking.
  • Assist the Cyber Incident Response Team with digital forensics and incident response activities, as needed.
  • Perform the full range of supervisory responsibilities and additional duties as assigned.
Minimum Qualifications Information Technology Specialist 4 (Information Security)Non-competitive: seven years of information technology, cybersecurity, or information assurance experience**, including one year at the supervisory level.**Substitutions:A bachelor's or higher-level degree in any field including or supplemented by 15 semester credit hours in computer science or related field substitutes for three years of required experience; any bachelor's substitutes for two years of required experience.An associate degree with 15 semester credit hours in computer science or related field may substitute for one year of required experience. Candidates in a bachelor's degree program with at least 15 semester credit hours in computer science or related field may substitute such credits for one year of required experience.A master's degree or higher in computer science or related field substitutes for one year of required experience.Preferred Qualifications:
  • Bachelor's Degree with a concentration or major in Information Security, Cyber Security, Digital Forensics, Information Assurance, or a related field
  • Applicable Information Security certificate(s), including but not limited to:
o Certificate in Computer Network Defense (e.g., GCIA, GCED, GDAT, GPPA, GCDA, GMON, GWEB, CND, ECIH, GCIH)
o Certificate in Cyber Threat Intelligence (e.g., CTIA, GCTI, CCIP, CSTIR)
o Certificate in Digital Forensics (e.g., ACE, GCFA, GCFE, GREM, GNFA)
o Certificate in Penetration Testing (e.g., GPEN, CEH, GAWN, GWAPT, LPT)
  • 3+ years' experience in technical writing
  • 2+ years' experience in the following areas:
o penetration testing and applying offensive security techniques.
o computer programming and web application development.
o developing scripts and code to exploit weakness in computer systems.
o IT systems administration.
o support and management of computer networks, intrusion detection systems, routers, firewalls, operating systems.
o conducting web application and network vulnerability assessments.
o applying and implementing network and/or system security.
o information security incident response.
o cyber digital forensics.
o log analysis (e.g., firewall logs, DNS logs, proxy logs, IPS/IDS logs)
o using SIEM technologies to support in-depth investigations
o using computer security investigation tools (e.g. FTK).
  • Working knowledge of:
o government security and privacy mandates/regulatory compliance (e.g., HIPAA, PCI, IRS Pub 1075, CJIS)
o Information Security (CIA triad, Information Classification, Risk Management, Incident Response, Vulnerability Management, Security Architecture & Engineering)
o Information Security Frameworks (NIST Cyber Security Framework, CIS Controls, ISO 2700 series)
  • Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding
  • Demonstrated critical thinking, problem solving and analytical skills
Additional Comments ITS will not offer permanent employment to any candidate unless the candidate provides documentation that they are authorized to accept work in the United States on a permanent basis. It is the policy of ITS not to hire F1 or H1 visa holders for permanent employment or to sponsor non-immigrant aliens for temporary work authorization visas or for permanent residence.Some positions may require fingerprinting.Some positions may require up to 25% travel and/or lifting up to 50 lbs. Some positions are pending Civil Service approval. Details of position(s) will be described further if you are selected for an interview.Positions located in New York City, will receive an additional $3,400 downstate adjustment location pay with regular annual salary. Positions located in the Mid-Hudson will receive an additional $1,650 adjustment location pay.Benefits of Working for NYS Generous benefits package, worth 65% of salary, including:
Holiday & Paid Time Off
  • Thirteen (13) paid holidays annually
  • Up to Thirteen (13) days of paid vacation leave annually
  • Up to Five (5) days of paid personal leave annually
  • Up to Thirteen (13) days of paid sick leave annually for PEF.
  • Up to three (3) days of professional leave annually to participate in professional development
Health Care Benefits
  • Eligible employees and dependents can pick from a variety of affordable health insurance programs
  • Family dental and vision benefits at no additional cost
Additional Benefits
  • New York State Employees' Retirement System (ERS) Membership
  • NYS Deferred Compensation
  • Access to NY 529 and NY ABLE College Savings Programs, as well as U.S. Savings Bonds
  • Public Service Loan Forgiveness (PSLF)
  • And many more.
The Office of Information Technology Services is an equal opportunity employer, and we recognize that diversity in our workforce is critical to fulfilling our mission. We encourage all individuals with disabilities to apply.
Some positions may require additional credentials or a background check to verify your identity.Some positions may require additional credentials or a background check to verify your identity.

New York State