DevSecOps Engineer (IT Computer Systems Manager 4) - Provisional **GENERAL DUTIES** I.T. Computer Systems Managers manage and direct an Information Technology area at a College or University level. They set policies and procedures, direct technical staff, and maintain responsibility for administrative as well as technical issues within their assigned area(s) of responsibility. They may manage major and/or large, complex information systems activities and/or manage a unit or group. This job is in CUNY's Classified Managerial Service. The full specification is available on our web site at http://www.cuny.edu/about/administration/offices/ohrm/hros/classification/ccsjobs.html **CONTRACT TITLE** Computer Systems Manager **FLSA** Exempt **CAMPUS SPECIFIC INFORMATION** The Office of Computing and Information Services (CIS) at the City University of New York (CUNY) supports the IT and telecommunications needs of CUNY's 26 colleges. CIS supports enterprise IT and applications, develops new technologies that advance the University's core mission, builds, upgrades, and maintains the University's network, and operates the University's Data Center and Service Desk. Additionally, CIS manages the processes of safeguarding the University’s IT assets and operates the SOC, develops disaster recovery plans for business continuity, maintains the security of the University’s IT assets, and maintains the CUNYfirst Enterprise Resource Planning (ERP) solution that integrates student administration, financial management, and human resources operations across CUNY’s 26 colleges. Lastly, CIS provides strategic and operational IT leadership with respect to the maintenance, enhancement, and expansion of the CUNY network spanning across all CUNY campuses. CUNY-CIS is seeking a highly skilled and motivated DevSecOps Engineer to join the Office of the Chief Technology Officer, contributing directly to the University’s Shared Services IT initiative. This essential role is focused on integrating security best practices into the development, deployment, and operations processes, ensuring that CUNY’s applications and infrastructure meet the highest standards of security and compliance. As a DevSecOps Engineer, you will play a critical role in safeguarding sensitive data, planning and overseeing the implementation of Security Configuration Management (SCM) and File Integrity Monitoring (FIM) to maintain secure network infrastructure and systems. Reporting to the DevSecOps Director, the incumbent will contribute to high-impact projects such as Network Automation and Centralized Management, CUNY Private Cloud (Server Workload Consolidation), and Telephony Services Consolidation, by ensuring secure and compliant deployment of applications and infrastructure across the university’s 26 campuses and Central Office. By automating security protocols and enabling faster, more secure delivery of services, this role will help increase CUNY’s operational efficiency while protecting critical data and systems. The position requires a proactive engineer who can collaborate across teams to deliver secure, scalable, and compliant solutions that drive CUNY’s mission forward. Key responsibilities include, but are not limited to the following: + Provides expertise and support to development, operations, and cloud engineering teams to integrate security seamlessly into the entire Software Development Lifecycle (SDLC) and Infrastructure as Code (IaC) processes. + Plans, develops, and controls CI/CD pipelines and automation scripts for security testing, vulnerability scanning, and configuration management, leveraging tools such as Ansible, Terraform, and Jenkins to streamline security implementations. + Supervises security assessments, which includes penetration testing, vulnerability scans, and threat modeling for applications, APIs, and infrastructure, and coordinates with teams to remediate identified risks. + Evaluates, deploys, and manages advanced security tools and platforms, including static and dynamic code analysis tools, container security solutions (e.g., Docker, Kubernetes), and identity and access management (IAM) systems to enhance the security of applications and environments. + Oversees the development and execution to improve incident response plans, which focuses on the detection, monitoring, and swift resolution of security incidents. + Ensures compliance with security frameworks and regulations such as PCI DSS, HIPAA, FERPA, and GDPR by participating in security audits, risk assessments, and implementing necessary controls to address industry-specific requirements. + Provides state of the art expertise and support to development and operations teams on secure coding practices, threat prevention, and compliance mandates; plans and develops training programs and supports the adoption of secure development methodologies. + Stays current with the latest security trends, vulnerabilities, and emerging technologies, recommending and implementing continuous improvements to enhance the organization's security posture and ensures proactive protection against evolving threats. + Organizes and controls real-time security monitoring, alerting, and reporting mechanisms to provide visibility into security incidents and ensure ongoing compliance with security standards. **NOTES:** 1. Until further notice, this position is eligible for a hybrid work schedule. + **An appointment to this Competitive title/position in the Classified Civil Service Title Series will be made with a Provisional status. Employees in provisional status must pass a competitive civil service examination and be appointed from a civil service list to remain in the title/position.** **MINIMUM QUALIFICATIONS** Six (6) years of progressively responsible full-time paid information systems technology experience,at least eighteen (18) months of which shall have been in an **administrative or managerial capacity** in the areas of computer applications programming, systems programming, information systems development, data telecommunications, data base administration or a closely related area. Education at an accredited college or university may be substituted for the general information systems technology experience at the rate of one (1) year of college for six (6) months of experience up to a maximum of four (4) years of college for two (2) years of experience. In addition, a master’s degree in computer science or a closely related field from an accredited college or university may be substituted for an additional year of the general information systems technology experience. However, all candidates must possess the eighteen (18) months of administrative or managerial experience described above. Experience in an **administrative capacity** must include, but is not limited to, responsibilities such as: monitoring an IT budget; reviewing and approving IT procurement and invoice payments; reviewing and approving contracts with vendors; monitoring and approving IT projects; setting standards and best practices; risk evaluation (e.g., security, reputational, operational); organizational development; chairing or participating in IT Governance and Advisory committees; and/or overseeing vendor relationship management. Experience in a **managerial capacity** must include, but is not limited to, responsibilities such as: strategic planning for an office/division; creating and implementing policies; setting standards and best practices; defining and documenting project scope; root cause analysis with recommendations; collaborating with other managers and executives to define future state of IT program; and/or forecasting. The following types of experience are **not** acceptable: superficial use of preprogrammed software without complex programming, design, implementation or management of the product; use of a word processing package; use of a hand-held calculator; data entry; operation of data processing hardware or consoles. **OTHER QUALIFICATIONS** Preferred: + 6+ years of experience in DevOps, Security, or related roles, with demonstrated experience in integrating security practices into the development lifecycle. + Proficiency with CI/CD tools such as Jenkins, GitLab CI, or Azure DevOps and expertise in automating security processes within these pipelines. + Strong understanding and hands-on experience with cloud security in AWS, Azure, or Google Cloud Platform (GCP), including cloud-native security tools like AWS Security Hub, Azure Security Center, or Google Cloud Security Command Center. + Expertise in Infrastructure as Code (IaC) using tools like Terraform, Ansible, or Chef, with a focus on securely automating and managing cloud environments. + Experience with security tools such as static and dynamic code analysis, container security (e.g., Aqua, Twistlock), and vulnerability management platforms. + Strong knowledge of threat modeling, vulnerability assessment, and penetration testing, with the ability to prioritize and remediate identified vulnerabilities. + Familiarity with Identity and Access Management (IAM), Zero Trust security models, and multi-factor authentication technologies. + Experience in compliance frameworks such as PCI DSS, HIPAA, GDPR, NIST, or ISO 27001, with practical knowledge of conducting security audits and risk assessments. + Proficiency in scripting and automation languages like Python, Bash, or PowerShell for automating security tasks and enhancing operational efficiency. + Experience with monitoring and log aggregation tools such as Splunk, ELK Stack, or SIEM solutions to ensure real-time security monitoring and incident detection. + Knowledge of ITIL Methodology, cloud architecture, AWS, and Azure. + Ability to work independently and in a team environment, with strong communication and problem-solving skills. **COMPENSATION** The salary range is **$140,000 - $155,000** , commensurate with qualifications, education and experience. **BENEFITS** CUNY offers a comprehensive benefits package to employees and eligible dependents based on job title and classification. Employees are also offered pension and Tax-Deferred Savings Plans. Part-time employees must meet a weekly or semester work hour criteria to be eligible for health benefits. Health benefits are also extended to retirees who meet the eligibility criteria. **HOW TO APPLY** For full consideration, submit a cover letter and resume online via CUNY's web-based job system, addressing how your experience and credentials meet the responsibilities and qualifications outlined. The direct link to the job opening from external sources is: https://hrsa.cunyfirst.cuny.edu/psc/erecruit/EMPLOYEE/HRMSCG/c/HRS\_HRAM\_FL.HRS\_CG\_SEARCH\_FL.GBL?Page=HRS\_APP\_JBPST\_FL&Action=U&FOCUS=Applicant&SiteId=1&JobOpeningId=29794&PostingSeq=1 Current CUNY employees must apply through CUNYfirst Employee Self Service using their login credentials. After you login, click the Careers tile on the Employee Self Service Menu page to view job openings **CLOSING DATE** Open until filled. **JOB SEARCH CATEGORY** CUNY Job Posting: Managerial/Professional **EQUAL EMPLOYMENT OPPORTUNITY** CUNY encourages people with disabilities, minorities, veterans and women to apply. At CUNY, Italian Americans are also included among our protected groups. Applicants and employees will not be discriminated against on the basis of any legally protected category, including sexual orientation or gender identity. EEO/AA/Vet/Disability Employer. Job ID 29794 Location Central Office