Senior Identity & Access Management Engineer (IT Security Specialist 3) - Provisional
GENERAL DUTIES
This position encompasses professional and responsible technical consultative and/or administrative work. Under administrative direction of a university IT manager, with broad latitude of independent action or decision, serves as subject matter expert on IT security, identity, and access infrastructure; provides IT security architectural guidance; designs security solutions; conducts IT risk assessments and recommended mitigating solutions.
There are three (3) Assignment Levels within this classification. All personnel perform related work. Assignment Levels 2 and 3 may supervise staff. This specification describes typical assignments; related duties may be assigned as needed.
To view the complete job description, go tohttp://www.cuny.edu/about/administration/offices/hr/classified-civil-service/ccsjobs/and view the Job Description for IT Security Specialist.
CONTRACT TITLE
IT Security Specialist
FLSA
Non-exempt
CAMPUS SPECIFIC INFORMATION
The Office of Computing and Information Services (CIS) at the City University of New York (CUNY) supports the IT and telecommunications needs of CUNY's 26 colleges. CIS supports enterprise IT and applications, identifies and develops new technologies that advance the University's core mission, operates and maintains the University's network, the enterprise Data Center, and the CUNY Service Desk. Additionally, CIS manages the processes that safeguard the University’s IT assets and maintains the security posture by operating the CUNY Security Operations Center (SOC), develops disaster recovery plans for business continuity, and supports the CUNYfirst Enterprise Resource Planning (ERP) solution that integrates student administration, financial management, and human resources operations across CUNY’s 26 colleges. Lastly, CIS provides strategic and operational IT leadership to all CUNY campuses.
Reporting to the Manager of Oracle Access Management (OAM), the Senior Identity Access Management (IAM) Engineer serves as the senior technical resource responsible for the design, implementation, administration, and security of enterprise Identity & Access Management (IAM) services supporting the University's authentication and authorization infrastructure. This position provides advanced support for Single Sign-On (SSO), Multi-Factor Authentication (MFA), federated identity services, directory services, RADIUS authentication, and identity lifecycle management. The Senior IAM Engineer develops automation solutions, operational reporting, and security controls to protect University systems while ensuring reliable and secure access to institutional resources.
In addition to the General Duties, other key duties include, but are limited to the following:
Administers and supports enterprise IAM platforms, authentication services, and access management solutions.
Designs, implements, and maintains Single Sign-On integrations utilizing SAML, OAuth, OpenID Connect, and related federation technologies.
Supports Multi-Factor Authentication (MFA), RADIUS, Eduroam, and related authentication infrastructure.
Develops Python automation and SQL-based reporting to improve operational efficiency, auditing, and security monitoring.
Manages LDAP directory services, identity synchronization, provisioning, and identity lifecycle processes.
Performs advanced troubleshooting of authentication, authorization, directory, network, and application integration issues.
Conducts security reviews of authentication configurations and access controls to ensure compliance with university security standards.
Participates in incident response, root cause analysis, and remediation activities involving identity and access management services.
Collaborates with Information Security, Infrastructure Services, Networking, Application Support, and campus stakeholders to implement secure authentication solutions.
Develops and maintains technical documentation, operational procedures, and security standards related to IAM services.
Provides technical leadership and guidance for IAM-related projects and initiatives.
NOTES:
MINIMUM QUALIFICATIONS
1. A baccalaureate degree in computer science, engineering or a related field from an accredited college or university and five (5) years of satisfactory full-time experience providing IT security architectural guidance, designing security solutions, and/or conducting IT risk assessments and recommended mitigating solutions; or
2. A baccalaureate degree from an accredited college or university and six (6) years of satisfactory full-time experience as described in “1” above; or
3. A high school diploma or its educational equivalent and ten (10) years of satisfactory full-time experience as described in “1” above; or
4. Education and/or experience which is equivalent to "1," "2" or "3" above. The following may substitute for some of the required experience required in "1," "2" or "3" above, as follows:
College education (undergraduate credits) may substitute for up to four (4) years of the required experience in "3" above on the following basis:
A. 30 to 59.9 semester credits substitute for 1 year of experience; or
B. 60 to 89.9 semester credits substitute for 2 years of experience; or
C. 90 to 119.9 semester credits substitute for 3 years of experience; or
D. 120 or more semester credits substitute for 4 years of experience.
Graduate credits in information technology, computer science or a related field may substitute for up to two (2) years of experience in "1" or "2" above on the following basis:
A. 15 to 29.9 graduate credits substitute for 1 year of required experience; or
B. 30 or more graduate credits substitute for 2 years of required experience.
Each of the following certifications may substitute for one (1) year of the required experience in "1," "2" or "3" above:
A. Certified Information Systems Security Professional (CISSP) issued by ISC2; and/or
B. Certified Ethical Hacker (CEH) issued by EC-Council; and/or
C. CompTIA Security+ issued by CompTIA; and/or
D. Certified Information Security Manager (CISM) issued by ISACA; and/or
E. Certified Information Security Auditor (CISA) issued by ISACA; and/or
F. GIAC Security Essentials (GSEC) issued by GIAC; and/or
G. Certified Cloud Security Professional (CCSP) issued by ISC2.
However, all candidates must have a high school diploma or its educational equivalent and at least three (3) years of experience as described in “1” above.
Assignment Level II or III :
Level II: After meeting the Qualification Requirements above, an additional two (2) years of satisfactory full-time experience providing IT security architectural guidance, designing security solutions, and/or conducting IT risk assessments and recommended mitigating solutions is required for Level II.
Level III: After meeting the Qualification Requirements above and the Level II requirements, an additional two (2) years of satisfactory full-time experience providing IT security architectural guidance, designing security solutions, and/or conducting IT risk assessments and recommended mitigating solutions is required for Level III (for a total of 4 years of experience above the Qualification Requirements).
English Language Proficiency : Demonstrated English language proficiency, including ability to speak, read, write, and understand English well enough to meet minimally acceptable performance standards set for job duties.
Motor Vehicle Driver License : A Motor Vehicle Driver license, valid in New York State, may be required for some, but not all positions.
Note: CUNY considers full-time work to be at least 35 hours per week. Part-time experience of at least 20 hours per week may be prorated by half and credited instead of,but not in addition to, full-time experience during the same period (e.g., two months of related work experience at 20-34 hours per week equates to one month of full-time related work experience.) Part-time experience of fewer than 20 hours per week cannot be credited at all.
OTHER QUALIFICATIONS
Preferred:
Experience with:
Oracle Access Management (OAM) or Oracle IAM products.
MFA platforms and identity governance solutions.
Familiarity with higher education identity management environments.
Experience supporting:
Eduroam and enterprise RADIUS services.
Production infrastructure, monitoring platforms, and incident response processes.
Security certifications such as CISSP, Security+, GIAC, or identity-related certifications.
Exceptional stakeholder engagement, executive presence, and communication skills.
COMPENSATION
Level 3 Incumbent Minimum: $124,471
BENEFITS
CUNY offers a comprehensive benefits package to employees and eligible dependents based on job title and classification. Employees are also offered pension and Tax-Deferred Savings Plans. Part-time employees must meet a weekly or semester work hour criteria to be eligible for health benefits. Health benefits are also extended to retirees who meet the eligibility criteria.
HOW TO APPLY
For full consideration, submit a cover letter and resume online via CUNY's web-based job system, addressing how your experience and credentials meet the responsibilities and qualifications outlined.
The direct link to the job opening from external sources is:
https://hrsa.cunyfirst.cuny.edu/psc/erecruit/EMPLOYEE/HRMSCG/c/HRS_HRAM_FL.HRS_CG_SEARCH_FL.GBL?Page=HRS_APP_JBPST_FL&Action=U&FOCUS=Applicant&SiteId=1&JobOpeningId=32468&PostingSeq=1
Current CUNY employees must apply through CUNYfirst Employee Self Service using their login credentials. After you login, click the Careers tile on the Employee Self Service Menu page to view job openings
CLOSING DATE
Open until filled.
JOB SEARCH CATEGORY
CUNY Job Posting: Information Technology/Technical
EQUAL EMPLOYMENT OPPORTUNITY
CUNY encourages people with disabilities, minorities, veterans and women to apply. At CUNY, Italian Americans are also included among our protected groups. Applicants and employees will not be discriminated against on the basis of any legally protected category, including sexual orientation or gender identity. EEO/AA/Vet/Disability Employer.
Job ID: 32468
Location: Central Office
Job Type: Full-Time