System Security Engineer

The New York City Department of Investigation (DOI) is one of the oldest law enforcement agencies in the country; its mission is to combat municipal corruption. DOI serves the people of New York City by acting as an independent and nonpartisan watchdog for New York City government, City agencies, and City employees, vendors with City contracts, individuals and entities that receive City funds.

The Information Technology Unit of the NYC Department of Investigation is currently seeking a highly skilled, motivated and hands-on System Security Engineer to manage and secure our environment, including Active Directory, Windows Servers, Exchange (on-prem and Online), Microsoft 365, AirWatch MDM, and file shares. This role supports system stability and cybersecurity readiness, emphasizing automation, practical risk management, prioritization, and collaboration, ensuring our core systems remain secure, efficient, and compliant within a small but capable IT team.

Key Responsibilities
-Active Directory Administration: Manage user accounts, permissions, and Group Policy Objects (GPOs); secure and monitor domain controllers.
-Exchange Management: Administer Exchange on-premises and Exchange Online hybrid environments, managing mail flow, mailbox provisioning, spam filtering, and secure mail routing.
-Security & Compliance: Apply Microsoft and CIS hardening baselines; enforce consistent GPO and Exchange security configurations; monitor logs for anomalies.
-Patch & Configuration Management: Implement and manage regular patching schedules for Windows Servers, Exchange systems, and related components.
-Monitoring & Response: Leverage Proofpoint, Varonis, Adaudit, SIEM, Endpoint Manager, and AirWatch MDM to monitor user activity, device compliance, system configurations, and mail flow. Investigate alerts and anomalies related to AD, Exchange, and endpoints to detect and respond promptly to potential security incidents.
-File Share Management: Maintain secure access controls and auditing for on-prem file shares; monitor for data access anomalies using Varonis.
-Certificates & PKI: Manage digital certificates, renewals, and certificate authorities (CAs) for servers, internal services, and authentication.
-Backup & Recovery: Ensure reliable backups for AD, Exchange, file shares, and critical servers; test restoration procedures regularly.
-Automation & Documentation: Develop PowerShell scripts to automate patching, mailbox management, and security reporting; maintain accurate operational documentation.
-Collaboration: Work cross-functionally with IT support and network teams to maintain a secure, resilient infrastructure.

If selected, the candidate will be fingerprinted and undergo a background investigation. In addition, because the position has a law enforcement and/or investigative function, the candidate's consumer credit history will be reviewed during the background investigation, as permitted by NYC Administrative Code 8-107(24)(b)(2)(A).

SPECIAL INVESTIGATOR - 31130

(1) A baccalaureate degree from an accredited college, including or supplemented by twenty-four (24) semester credits in computer science or a related computer field and two (2) years of satisfactory full-time software experience in designing, programming, debugging, maintaining, implementing, and enhancing computer software applications, systems programming, systems analysis and design, data communication software, or database design and programming, including one year in a project leader capacity or as a major contributor on a complex project; or

(2) A four-year high school diploma or its educational equivalent and six (6) years of full-time satisfactory software experience as described in "1" above, including one year in a project leader capacity or as a major contributor on a complex project; or

(3) A satisfactory combination of education and experience that is equivalent to (1) or (2) above. College education may be substituted for up to two years of the required experience in (2) above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. A master's degree in computer science or a related computer field may be substituted for one year of the required experience in (1) or (2) above. However, all candidates must have a four year high school diploma or its educational equivalent, plus at least one (1) year of satisfactory full-time software experience in a project leader capacity or as a major contributor on a complex project.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.