Overview
Skills
Job Details
Join a high-profile team defending critical city systems and infrastructure. This is a unique opportunity to work at the forefront of cloud security, collaborating with both public and private sector partners in a dynamic, hybrid environment.
Location: Hybrid – 3 days onsite at 80 Maiden Lane, 16th Floor, New York, NY 10038; 2 days remote
Duration: 12 months (with potential for extension)
Work Week: 35 hours (overtime not anticipated)
Interview Requirement: In-person interviews in NYC within 5–10 business days of application due date. Local candidates only.
About the role
As a Cloud Security Engineer within the Cyber Command’s Cloud Security & Enterprise Cyber Defense team, you will design, integrate, and configure cutting-edge data protection and identity security technologies. You’ll play a key role in safeguarding citywide systems, driving cloud security hardening, privileged access management, and data loss prevention initiatives spanning both cloud and on-premises environments.
Key Responsibilities
Conduct comprehensive cloud security risk analysis and communicate findings to agency stakeholders
Develop, socialize, and implement cybersecurity strategies and plans
Track and report progress on security engagements and risk mitigation
Deploy and optimize CASB, Cloud DLP, and SSE solutions; liaise with vendors to resolve deployment issues
Translate compliance requirements into actionable security controls
Regularly report to management on cybersecurity posture and risk remediation progress
Create and monitor metrics to evaluate the effectiveness of security controls
Analyze vulnerabilities and collaborate with cross-functional teams for timely remediation
Guide teams to build “secure by default” infrastructure and recommend innovative security technologies
Ensure ongoing compliance with cybersecurity best practices, policies, and standards
Required Qualifications
Bachelor’s degree in Computer Science, Information Systems, or equivalent experience
12+ years in information security, with 8+ years in IT infrastructure, application architecture, and risk management
8+ years hands-on with networking, DNS, TLS/SSL, SAML, SSO, Kerberos, MFA, and identity management
4+ years securing cloud environments (Azure, AWS, Google Cloud Platform)
4+ years securing Internet-facing applications, with expertise in MS Entra AD, MS Defender for Office, Skyhigh CASB/Cloud, SSE solutions
4+ years architecting, deploying, and managing cloud security and/or EDR technology
Proficiency in scripting languages (Python, Bash, PowerShell)
Experience with Windows, Linux, or MacOS administration
Strong documentation skills and attention to detail
Experience deploying PAM solutions in large, distributed environments
Expertise in Data Loss Prevention (DLP) systems and vulnerability management tools
Deep understanding of CIS controls, networking protocols, and compensating controls
Familiarity with Syslog-NG, LogScale (Humio), SSO/IAM products (Entra ID), and cloud proxies (NetSkope, Zscaler, Prisma Access)
Experience with ZTNA/SSE, CASB/SASE, cloud-based EDR/XDR tools
Strong analytical, problem-solving, and decision-making abilities
Excellent communication and collaboration skills
Note: Only candidates residing in the NYC area will be considered due to in-person interview requirements. This is a contract position; overtime is not anticipated.