Review Vacancy
AgencyInformation Technology Services, Office of
TitleInformation Technology Specialist 3 (Information Security), 10131
Occupational CategoryI.T. Engineering, Sciences
Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)
Salary RangeFrom $86681 to $109650 Annually
Appointment Type Contingent Permanent
Duties Description The New York State Office of Information Technology Services (ITS) provides operational support 24 hours a day, 7 days a week, 365 days of the year, supporting more than 4,900 applications for 53 New York State Agencies.
Under the general direction of the Information Technology Specialist 4 (Information Security), the Information Technology Specialist 3 (Information Security) (ITS 3 (IS)) will function as manager of lower-level information security support staff within the NYS Office of IT Services (ITS), Dedicated Support, Department of Transportation (DOT), Information Security Unit.
The position plays a critical role in ensuring the security of agency application systems. It is responsible for designing, implementing, and maintaining security controls throughout the application development lifecycle. The role requires a deep understanding of application security principles, secure coding practices, vulnerability management, and incident response. The ITS 3 (IS) will collaborate with development, operations, and other stakeholders to integrate security into business processes and promote a strong security culture.
The position requires communicating orally and in writing with various individuals including management, users, vendors, and other IT staff. The incumbent will have to work with ITS teams and upper-level agency management to resolve technically complex and politically sensitive issues under pressure.
The position requires availability during off-shift hours to ensure appropriate response to security incidents or other critical activities that may impact sensitive information, critical systems, NYS agencies, or ITS.
The duties of this position include, but are not limited to:
• Assist with the implementation of information security and compliance programs, analyzing threats and compliance requirements, advising management, and developing plans for risk mitigation and compliant best practices.
• Design, implement, maintain, and operate security controls and countermeasures within application systems.
• Analyze and recommend security controls and procedures during the acquisition, development, and change management lifecycle of information systems, including secure coding practices, security testing, and vulnerability management.
• Integrate security into business processes related to application usage.
• Monitor applications for security incidents and vulnerabilities and develop monitoring capabilities.
• Aid in the management and resolution of security threats and vulnerabilities to agency information systems under the guidance of team leaders, responding to security incidents, including investigating attacks and breaches.
• Manage authentication and authorization mechanisms within applications.
• Serve as information security support and evaluate systems and contracts for alignment with agency and State information security policies, procedures, and standards.
• Monitor and stay aware of information security industry trends, tools, and techniques.
• Conduct security risk assessments on system design, system security, and privacy concerns.
• Develop and administer training programs to promote secure coding practices and security awareness among developers.
• Perform the full range of supervisory responsibilities, as applicable.
• Perform additional duties as required.
Minimum Qualifications Non-competitive: Five years of information technology, cybersecurity, or information
assurance experience*.
* EDUCATION/EXPERIENCE SUBSTITUTIONS
• A bachelor's or higher-level degree in any field including or supplemented by 15
semester credit hours in computer science or related field substitutes for three years of required experience; any bachelor’s substitutes for two years of required experience.
• An associate degree with 15 semester credit hours in computer science or related field may substitute for one year of required experience. Candidates in a bachelor’s degree program with at least 15 semester credit hours in computer science or related field may substitute such credits for one year of required experience.
• A master’s degree or higher in computer science or related field substitutes for one year of required experience.
PREFERRED QUALIFICATIONS
Certifications:
• Preference for candidates holding relevant Information Security, Information Technology, or Privacy industry certification, including but not limited to Security+, Network+, GIAC Security Essentials (GSEC), Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), and Certified Information Privacy Technologist (CIPT).
Knowledge and Experience:
Preference for candidates with demonstrated and significant experience:
• in application security engineering and incident response.
• applying and implementing network, system, or application security.
• with security policy, standard, and guideline development, implementation, or interpretation.
• conducting risk assessments and evaluating information technology systems for security & privacy controls (SSDLC).
• of a hands-on nature with cloud platforms (e.g., AWS or Azure).
• in production environments like Kubernetes.
• with container-based virtualization technology like Docker.
• with DevOps tools and techniques.
• implementing software engineering practices for SDLC.
• building and maintaining complex Linux cloud environments.
• with common authentication technologies, security controls, and standard application security tools.
• applying DevOps standards, industry cloud, and security standards and best practices.
• thinking critically, solving problems, developing and utilizing their analytical skills.
• communicating, both orally and in writing, with the ability to clearly articulate information technology and information security concepts, facilitating technical and non-technical stakeholder understanding.
*Please Note:
• Appointment to this position and continued employment with the agency is contingent upon obtaining and/or maintaining New York State residency within six months of hiring.
• Appointment to this position is not final until all agency approvals have been granted.
Additional Comments ITS will not offer permanent employment to any candidate unless the candidate provides documentation that they are authorized to accept work in the United States on a permanent basis. It is the policy of ITS not to hire F1 or H1 visa holders for permanent employment or to sponsor non-immigrant aliens for temporary work authorization visas or for permanent residence.
Fingerprinting and background check are required for employment with ITS.
Salary Commensurate with experience
Benefits of Working for NYS
Generous benefits package, worth 65% of salary, including:
Holiday & Paid Time Off
• Thirteen (13) paid holidays annually
• Up to Thirteen (13) days of paid vacation leave annually
• Up to Five (5) days of paid personal leave annually
• Up to Eight (8) days of paid sick leave annually
• Up to three (3) days of professional leave annually to participate in professional development
Health Care Benefits
• Eligible employees and dependents can pick from a variety of affordable health insurance programs
• Family dental and vision benefits at no additional cost
Additional Benefits
• New York State Employees’ Retirement System (ERS) Membership
• NYS Deferred Compensation
• Access to NY 529 and NY ABLE College Savings Programs, as well as U.S. Savings Bonds
• Public Service Loan Forgiveness (PSLF)
• And many more
The Office of Information Technology Services is an equal opportunity employer, and we recognize that diversity in our workforce is critical to fulfilling our mission. We encourage all individuals with disabilities to apply.
This position may require critical services to be performed outside of normal work schedule.
Some positions may require additional credentials or a background check to verify your identity.
Email Address PostingResponses@its.ny.gov
Address
Swan Street Building, Core 4, Floor 1
Notes on ApplyingTo apply, please submit a cover letter and resume. Please indicate that you are applying for the Information Technology Specialist 3 (Information Security), 10131 position and include the Vacancy ID number in the subject of your email.
Your Social Security Number may be required to confirm your eligibility.