Information Technology Specialist 3 (Information Security) Position Available In Albany, New York

Information Technology Specialist 3 (Information Security) Attorney General, Office of the – 3.3 Latham, NY Job Details Full-time $86,681 – $109,650 a year 12 hours ago Benefits Paid holidays Health insurance Dental insurance Vision insurance Loan forgiveness Qualifications System hardening Certified Information Systems Auditor Cloud infrastructure Vulnerability assessment Computer Science

GWAPT CISSP

Mid-level Information security

CEH CISM RBAC GPEN

Firewall Nessus Information Security Bachelor’s degree NIST standards OSCP Network protocols Splunk Computer networking Vulnerability management IT GIAC Certification SIEM 1 year Associate’s degree CompTIA Security+ GCIH Network security Information Technology Full Job Description The duties that the incumbent of the vacancy will be expected to perform. Duties Description Under the direction of the Manager of Information Technology Services (Information Security) 1 of the Security Operations Unit, the Information Technology Specialist 3 (Information Security) will serve as an Infrastructure Security Specialist, responsible for securing IT infrastructure, including firewalls, network security, and system hardening. This role requires expertise in both on-premises and cloud infrastructure, performing vulnerability assessments and responding to security incidents. This position will ensure that the OAG’s infrastructure remains resilient against cyber threats through the implementation of robust security policies and practices that safeguard critical systems and data. This role plays a crucial part in protecting the agency’s infrastructure from vulnerabilities, reducing risk and ensuring the security of sensitive data across the organization.

• Conduct network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls, and host-based security systems.
• Conduct log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources.
• Correlate activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity.
• Monitor and defend infrastructure environments, including physical data centers, virtualized environments, and cloud services.
• Conduct regular vulnerability assessments on infrastructure elements (servers, firewalls, network devices, etc.).
• Maintain and update infrastructure vulnerability management program to address newly discovered threats.
• Implement and enforce strict access control policies for infrastructure components; focused on RBAC, least-privileged, and zero trust architecture.
• Develop, implement, and enforce infrastructure security policies, procedures and standards that align with industry best practices (NIST, CIS).
• Participate in infrastructure design and reviews with various teams throughout the bureau to ensure new systems and services are designed and implemented with security.
• Participate in tabletop and actual exercises to validate the agency’s infrastructure security.
• Other duties as assigned.

The minimum qualifications required for this vacancy. Minimum Qualifications Bachelor’s degree with at least 15 credit hours in cyber security, information assurance, or information technology; and two years of information technology experience, at least one year of which is information security or information assurance experience.

OR A bachelor’s degree in any field with at least three years of information technology experience, at least one year of which is information security or information assurance experience.

ORAn associate’s degree in any field with five years of general information technology experience at least one of which is information security or information assurance experience. ORAt least seven years of information security or information assurance experience.

PREFERRED QUALIFICATIONS

• 2+ years of infrastructure security or security operations experience
• 5+ years of information technology administration experience or equivalent combination of work and educational experiences
• In-depth knowledge of network protocols, network security principles, and firewall management
• Knowledge of vulnerability management processes, including patching, remediation, and system hardening
• Proven knowledge of security (preferred – CISSP, CISA, CISM, GPEN, GWAPT, GCIH, other GIAC certifications, OSCP, CEH, Security+, etc.)
• Understanding of CIS Benchmarks and implementation procedures in order to bring infrastructure and systems into compliance through hardening
• Experience utilizing various vulnerability and SIEM tools such as CrowdStrike, Splunk, Arctic Wolf, Tenable (Nessus) Additional comments regarding the vacancy.

Additional Comments Careers with the State offer multiple benefits including paid vacation leave (13+ days per year), sick leave, paid State holidays off, health insurance including vision & dental, entry into the NYS retirement (pension) system, education and training, eligibility for public student loan forgiveness, and job stability with promotional opportunities. Workplace flexibilities include multiple options for employees including telecommuting (up to two days per week) and alternative work schedules.

Candidates from diverse backgrounds are encouraged to apply. The OAG is an equal opportunity employer and is committed to workplace diversity.

For new State employees appointed to graded positions, the annual salary is the hiring rate (beginning of the Salary Range) of the position. Promotion salaries are calculated by the NYS Office of the State Comptroller in accordance with NYS Civil Service Law, OSC Payroll rules and regulations and negotiated union contracts. Some positions may require additional credentials or a background check to verify your identity.