DevSecOps Engineer (IT Computer Systems Manager 4) - Provisional

About the position

CUNY-CIS is seeking a highly skilled and motivated DevSecOps Engineer to join the Office of the Chief Technology Officer, contributing directly to the University's Shared Services IT initiative. This essential role is focused on integrating security best practices into the development, deployment, and operations processes, ensuring that CUNY's applications and infrastructure meet the highest standards of security and compliance. As a DevSecOps Engineer, you will play a critical role in safeguarding sensitive data, planning and overseeing the implementation of Security Configuration Management (SCM) and File Integrity Monitoring (FIM) to maintain secure network infrastructure and systems. Reporting to the DevSecOps Director, the incumbent will contribute to high-impact projects such as Network Automation and Centralized Management, CUNY Private Cloud (Server Workload Consolidation), and Telephony Services Consolidation, by ensuring secure and compliant deployment of applications and infrastructure across the university's 26 campuses and Central Office. By automating security protocols and enabling faster, more secure delivery of services, this role will help increase CUNY's operational efficiency while protecting critical data and systems. The position requires a proactive engineer who can collaborate across teams to deliver secure, scalable, and compliant solutions that drive CUNY's mission forward.

Responsibilities

• Provides expertise and support to development, operations, and cloud engineering teams to integrate security seamlessly into the entire Software Development Lifecycle (SDLC) and Infrastructure as Code (IaC) processes.
• Plans, develops, and controls CI/CD pipelines and automation scripts for security testing, vulnerability scanning, and configuration management, leveraging tools such as Ansible, Terraform, and Jenkins to streamline security implementations.
• Supervises security assessments, which includes penetration testing, vulnerability scans, and threat modeling for applications, APIs, and infrastructure, and coordinates with teams to remediate identified risks.
• Evaluates, deploys, and manages advanced security tools and platforms, including static and dynamic code analysis tools, container security solutions (e.g., Docker, Kubernetes), and identity and access management (IAM) systems to enhance the security of applications and environments.
• Oversees the development and execution to improve incident response plans, which focuses on the detection, monitoring, and swift resolution of security incidents.
• Ensures compliance with security frameworks and regulations such as PCI DSS, HIPAA, FERPA, and GDPR by participating in security audits, risk assessments, and implementing necessary controls to address industry-specific requirements.
• Provides state of the art expertise and support to development and operations teams on secure coding practices, threat prevention, and compliance mandates; plans and develops training programs and supports the adoption of secure development methodologies.
• Stays current with the latest security trends, vulnerabilities, and emerging technologies, recommending and implementing continuous improvements to enhance the organization's security posture and ensures proactive protection against evolving threats.
• Organizes and controls real-time security monitoring, alerting, and reporting mechanisms to provide visibility into security incidents and ensure ongoing compliance with security standards.

Requirements

• Six (6) years of progressively responsible full-time paid information systems technology experience, at least eighteen (18) months of which shall have been in an administrative or managerial capacity in the areas of computer applications programming, systems programming, information systems development, data telecommunications, data base administration or a closely related area.
• Education at an accredited college or university may be substituted for the general information systems technology experience at the rate of one (1) year of college for six (6) months of experience up to a maximum of four (4) years of college for two (2) years of experience.
• A master's degree in computer science or a closely related field from an accredited college or university may be substituted for an additional year of the general information systems technology experience.

Nice-to-haves

• 6+ years of experience in DevOps, Security, or related roles, with demonstrated experience in integrating security practices into the development lifecycle.
• Proficiency with CI/CD tools such as Jenkins, GitLab CI, or Azure DevOps and expertise in automating security processes within these pipelines.
• Strong understanding and hands-on experience with cloud security in AWS, Azure, or Google Cloud Platform (GCP), including cloud-native security tools like AWS Security Hub, Azure Security Center, or Google Cloud Security Command Center.
• Expertise in Infrastructure as Code (IaC) using tools like Terraform, Ansible, or Chef, with a focus on securely automating and managing cloud environments.
• Experience with security tools such as static and dynamic code analysis, container security (e.g., Aqua, Twistlock), and vulnerability management platforms.
• Strong knowledge of threat modeling, vulnerability assessment, and penetration testing, with the ability to prioritize and remediate identified vulnerabilities.
• Familiarity with Identity and Access Management (IAM), Zero Trust security models, and multi-factor authentication technologies.
• Experience in compliance frameworks such as PCI DSS, HIPAA, GDPR, NIST, or ISO 27001, with practical knowledge of conducting security audits and risk assessments.
• Proficiency in scripting and automation languages like Python, Bash, or PowerShell for automating security tasks and enhancing operational efficiency.
• Experience with monitoring and log aggregation tools such as Splunk, ELK Stack, or SIEM solutions to ensure real-time security monitoring and incident detection.
• Knowledge of ITIL Methodology, cloud architecture, AWS, and Azure.
• Ability to work independently and in a team environment, with strong communication and problem-solving skills.

Benefits

• CUNY offers a comprehensive benefits package to employees and eligible dependents based on job title and classification.
• Employees are also offered pension and Tax-Deferred Savings Plans.
• Health benefits are extended to retirees who meet the eligibility criteria.