Senior Vulnerability Management Specialist

Job Description

The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit oti.nyc.gov to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

About New York City Cyber Command
The New York City Office of Technology and Innovation (OTI) Cyber Command is committed to protecting City systems and technology infrastructure that provide and enable vital services to New Yorkers from cyber threats, and helping residents become safer in their digital lives.

As the organization defending the largest municipality in the country, OTI Cyber Command is charged with directing citywide incident response, setting citywide cybersecurity policies and standards and working with city agencies to strengthen their cyber defenses.

Mission Statement
"To lead and execute an innovative, intelligence-driven, risk-informed cyber defense and response strategy -- with the support of key partners and allies -- that enables the city government to properly function and provide services to New Yorkers.

Vision Statement
"New York City the most cyber-resilient city in the world" OTI- Cyber Command's Vulnerability Management (VM) program defines, promotes, assures, and measures the security of connected infrastructure so vital to the City of New York that their incapacitation or destruction would have a debilitating effect on security, economic security, or public health or safety.

The Senior Vulnerability Management Specialist will work with NYC agencies that provide public safety and emergency response services to New Yorkers, private sector technology services providers, and teams within OTI to ensure the security and resiliency of systems that support these critical services. The Senior Vulnerability Management Specialist will perform assessments of systems and networks within the network environment or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. The Senior Vulnerability Management Specialist will measure effectiveness of defense-in-depth architecture against known vulnerabilities.

Responsibilities will include:
- Research, analyze and brief management and team members on relevant Risk, Vulnerabilities, CVE's, CVSS, Vector Strings, NVD, Mitre, TTP's, attack vectors and mitigations for various technologies;
- Design, architect and build vulnerability management scanning infrastructure and tools;
- Manage, configure and conduct vulnerability management scans across various infrastructure;
- Conduct vulnerability threat intel analysis through industry research, deep analysis, generating of reports and dashboards in vulnerability management scanner tools to accurately assess and prioritize risk;
- Evaluate security vulnerabilities, assess risk and impact, develop mitigation strategies, and implement remediation;
- Conduct vulnerability research for the purpose of threat exposure management and attack surface reduction;
- Conduct cybersecurity risk assessments;
- Work with City agencies to communicate risk and proper remediation;
- Present succinct technical briefings to team members and customers for intel research, risk assessment, CVE's, vendor hardware/software, industry trends;
- Create scripts utilizing Python, PowerShell and others to automate vulnerability management tasks;
- The ability to automate detection, reporting and tracking of vulnerabilities identified;
- Create deep analysis and reports around vulnerability management utilizing dashboards and reports;
- Develop security documentation and SOP's;
- Develop scripts for automation;
- Lead other Vulnerability Management Analysts in various tasks;
- Handle special projects and initiatives as assigned.

HOURS/SHIFT
Day - Due to the necessary technical duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings

WORK LOCATION
Brooklyn, NY

TO APPLY
* Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration

Please go to www.cityjobs/jobs/search and search for Job ID #769859

SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW
APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL

OTI participates in E-Verify

IT SECURITY SPECIALIST - 95622

Minimum Qualifications

A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or,

Education and/or experience which is equivalent to "1" above.

Preferred Skills

The successful candidate should possess the following: - 8+ years of experience in Cybersecurity, including vulnerability assessments, penetration testing, security assessments, strategy and program development, network architecture designs. - Strong knowledge of Vulnerabilities, CVE's, CVSS, Vector Strings, NVD, Mitre, TTP's, attack vectors and mitigations. - Experience with the design, architect and build of vulnerability management scanning infrastructure and tools specifically Rapid7 and Tenable conducting Rapid7 and Tenable vulnerability scans and analysis through reports and dashboards to accurately identify risk. - Experience conducting intel research around CVE's, vendor hardware/software vulnerabilities, and presenting succinct technical overviews to team members and customers. - Experience with cybersecurity standards and best practices and how to integrate them. - Ability to analyze cybersecurity documentation, including security policies, plans, and procedures. - Strong knowledge of security best practices across multiple platforms, such as Microsoft Windows, Linux, VPN, VMWare, Cisco IOS, and Mobile OS Android/Apple IOS. - Extensive experience with scripting such as Python and PowerShell to automate vulnerability management tasks. - Extensive experience with Excel, especially for performing data analysis. - Experience with leading other team members. - Excellent oral and written communication skills. - Excellent research and analytical skills. - Willingness to travel in the five boroughs of NYC. - Ability to work both independently and as part of a team.

Public Service Loan Forgiveness

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education's website at ;br>
Residency Requirement

New York City Residency is not required for this position

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.