DCAS's mission is to make city government work for all New Yorkers. From managing New York City’s most iconic courthouses and municipal buildings, to purchasing over $1 billion annually in goods and services for more than 80 City agencies what we do ensures that all agencies can deliver on their mission. Our reach touches every facet of city government and is instrumental to the successful day-to-day operations of the City of New York.

Our commitment to equity, effectiveness, and sustainability guides our work providing City agencies with the critical resources and support needed to succeed, including:

- Recruiting, hiring, and training City employees.
- Managing 56 public buildings.
- Acquiring, selling, and leasing City property.
- Purchasing over $1 billion in goods and services for City agencies.
- Overseeing the greenest municipal vehicle fleet in the country.
- Leading the City's efforts to reduce carbon emissions from government operations.

When you work at DCAS, you're not just working for one agency, but in service of them all. It's an opportunity to provide impactful support, quality customer service, and help protect the future of New York City for generations to come. Visit our website at nyc.gov/dcas to learn more about the work we do.

The Infrastructure Engineer reports directly to the agency Chief Information Security Officer (CISO), responsible for protecting, monitoring, and enhancing the infrastructure and security posture of NYC Department of Citywide Administrative Services information systems, applications, networks, and cloud environments. The position combines advanced incident response, digital forensics, threat detection, vulnerability management, cybersecurity analytics, governance, risk and compliance (GRC), and security operations functions. The role serves as a technical escalation point for cybersecurity incidents, supports enterprise security initiatives, conducts cybersecurity assessments and audits, develops policies and procedures, and collaborates with City agencies, vendors, and stakeholders to improve cyber resilience and operational security.

Key Responsibilities

- Lead and coordinate cybersecurity incident response, digital forensics, malware analysis, threat hunting, containment, eradication, recovery, and post-incident activities.
- Monitor and analyze security events, alerts, logs, and threat intelligence using SIEM, endpoint protection, cloud security, and monitoring platforms.
- Perform vulnerability assessments, risk analyses, remediation tracking, validation testing, and reporting across infrastructure, applications, cloud environments, and endpoints.
- Conduct cybersecurity audits, control assessments, risk reviews, and compliance evaluations aligned with NIST CSF, NIST SP 800-53, CIS Controls, Zero Trust principles, and Citywide cybersecurity policies.
- Develop and maintain cybersecurity policies, standards, procedures, playbooks, incident response plans, and operational documentation.
- Support Identity and Access Management (IAM) operations, including SSO, MFA, RBAC, access reviews, provisioning, deprovisioning, and privileged access governance.
- Analyze cybersecurity metrics, trends, vulnerabilities, incidents, and operational performance indicators; develop executive-level reports and recommendations.
- Partner with internal technology teams, application owners, vendors, City agencies, and external partners to improve cybersecurity capabilities and remediation outcomes.
- Support cloud security reviews, application security assessments, secure application onboarding, and software security initiatives.
- Provide technical leadership, mentoring, and guidance to junior cybersecurity staff and cross-functional stakeholders.
- Assist with audit readiness, evidence collection, regulatory compliance activities, and cybersecurity governance initiatives.
- Research emerging threats, technologies, attack techniques, and industry best practices to strengthen defensive capabilities.
r reports directly to the agency Chief Information Security Officer (CISO), responsible for protecting, monitoring, and enhancing the infrastructure and security posture of NYC Department of Citywide Administrative Services information systems, applications, networks, and cloud environments. The position combines advanced incident response, digital forensics, threat detection, vulnerability management, cybersecurity analytics, governance, risk and compliance (GRC), and security operations functions. The role serves as a technical escalation point for cybersecurity incidents, supports enterprise security initiatives, conducts cybersecurity assessments and audits, develops policies and procedures, and collaborates with City agencies, vendors, and stakeholders to improve cyber resilience and operational security.

To Apply:

Please go to www.nyc.gov/careers or www.nyc.gov/ess for current NYC employees and search for Job ID # 784250.

No phone calls, faxes or personal inquiries permitted. Only those candidates under consideration will be contacted.

IT INFRASTRUCTURE ENGINEER - 95714

1. A baccalaureate degree from an accredited college in computer science, engineering or a related field and four years of satisfactory full-time experience related to datacenter engineering and operations, cloud engineering and operations, complex IT infrastructure engineering; or,

2. A baccalaureate degree from an accredited college and eight years of satisfactory full-time experience related to datacenter engineering and operations, cloud engineering and operations, complex IT infrastructure engineering; or,

3. Education and/or experience which is equivalent to "1" or "2" above.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.