775 Cybersecurity jobs in New York

• Currently majoring or planning to major in computer science or a similar field
• Have an avid interest in cybersecurity and technology in your personal life, through activities such as CTFs, home labbing, and/or personal development projects
• A strong programmer who can demonstrate high potential and an aptitude for learning
• Interested in your tools, including your editor, computer environment, version control, etc.
• Familiar with threat modeling and able to clearly communicate your understanding of trade-offs when it comes to security, risk, and usability
• Able to explain the cybersecurity decisions you've made in your own life, and how you've approached thinking about those decisions
• Able to adapt to changing scenarios and make challenging decisions under pressure
• Humble about what you know and don't know; not afraid to ask questions and admit mistakes
• A curious problem solver with a positive, collaborative attitude
• Demonstrate perseverance and grit when investigating and learning new things beyond just a surface-level understanding

Amex GBT is a place where colleagues find inspiration in travel as a force for good and - through their work - can make an impact on our industry. We're here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.

Amex GBT is seeking a Cyber Security Engineer with an analytical mind and a detailed understanding of cyber security methodologies. Cyber Security Engineers are expected to provide meticulous attention to detail, outstanding problem-solving skills, work comfortably under pressure and deliver on tight deadlines.

To ensure success, a Cyber Security Engineer must display an excellent understanding of technology infrastructures which include but are not limited to Encryption, Certificates, Security governance and oversight, Security Controls, Security tooling, and Security policies and procedures. Top candidates must be comfortable working with a variety of technologies, large scale deployments, security problems and troubleshooting and providing CyberSecurity engineering deliverables in a secure/compliant manner.

What You'll Do:

• Working with CyberSecurity Architects team for the planning, proposal and implementation of security controls and platforms.

• Working knowledge in the field of CyberSecurity, including but not limited to Cloud deployments, application integration, and APIs.

• Project level experience working in a team environment with multiple parallel workflows, team members, Project Managers, and defined deliverables.

• Identify and define system security requirements including requirements for achieving audit requirements.

• Preparing and documenting standard operating procedures and protocols for the Projects and workflows that the Engineer is participating in for the team.

• Configure and troubleshoot security infrastructure devices as necessary for a smooth and highly available set of controls.

• In a team environment, develop technical solutions and deploy security tools to help mitigate security vulnerabilities and automate repeatable tasks

• Troubleshooting and diagnostic skills for the purpose of providing long term actionable solutions and remediation of issues.

• Responding to and participating in incidents as a representative of the CyberSecurity Engineering team.

• Ensuring that the organization's data and infrastructure are protected by enabling and maintaining security controls. This includes Gap Analysis as necessary.

• Participating in the change management process

• Daily administrative tasks, reporting and communication with the relevant stakeholders, managers and directors.

• Delivering comprehensive reports including assessment-based findings, outcomes and solutions for increased system security enhancements

• Working as part of a team with similarly tasked Engineers and Analysts in a diverse, engaging, supportive and respectful manner

What We're Looking For:

• Knowledge of risk assessment tools, technologies and methods

• Experience designing secure networks, systems and application architectures

• Use and deployment of encryption for data protection at rest and in transit for contractual, regulatory and audit requirements

• Direct experience with implementation of security tools such as WAF, DAM, IPS/IDS, Anti-DDoS, Bot Detection, SIEM, Data Leakage Prevention, Proxy, Automation & Orchestration, etc.

• Experience working in a team environment for planning, researching and developing security policies, standards and procedures

• Ability to communicate security issues to peers and management

• Detailed technical knowledge of database and operating system security

• Experience with network security and networking technologies and with system, security, and network monitoring tools

• Thorough understanding of the latest security principles, techniques, and protocols

• Maintaining current knowledge of technology capabilities and trends

• Problem solving skills and ability to work under pressure

• Understanding of the OSI (Open Systems Interconnection) model and well-known ports and services

• BS degree in Computer Science, Cyber Security or related field or equivalent work experience

• Industry certifications in cyber security such as but not limited to, CISSP, GSEC, CSSP, CEH highly desired

• 5+ years working experience as a Cyber Security Engineer

Location

United States

The US national annual base salary range for this position is from $110,000 to $220,000. The national range provided includes the base salary that GBT expects to pay for the role. Actual base salary will be based on factors including the scope and complexity of the role and the successful candidate's relevant experience, skills, knowledge, and work location.

In addition to base salary, this role is eligible for our Annual Incentive Award plan, which rewards participants based on company and individual performance. For information about our comprehensive US benefits programs and eligibility, please review our Benefits-at-a-Glance document.

Benefits at a glance (

The #TeamGBT Experience

Work and life: Find your happy medium at Amex GBT.

• Flexible benefits are tailored to each country and start the day you do. These include health and welfare insurance plans, retirement programs, parental leave, adoption assistance, and wellbeing resources to support you and your immediate family.

• Travel perks: get a choice of deals each week from major travel providers on everything from flights to hotels to cruises and car rentals.

• Develop the skills you want when the time is right for you, with access to over 20,000 courses on our learning platform, leadership courses, and new job openings available to internal candidates first.

• We strive to champion Inclusion in every aspect of our business at Amex GBT. You can connect with colleagues through our global INclusion Groups, centered around common identities or initiatives, to discuss challenges, obstacles, achievements, and drive company awareness and action.

• And much more!

All applicants will receive equal consideration for employment without regard to age, sex, gender (and characteristics related to sex and gender), pregnancy (and related medical conditions), race, color, citizenship, religion, disability, or any other class or characteristic protected by law.

Click Here ( for Additional Disclosures in Accordance with the LA County Fair Chance Ordinance.

Furthermore, we are committed to providing reasonable accommodation to qualified individuals with disabilities. Please let your recruiter know if you need an accommodation at any point during the hiring process. For details regarding how we protect your data, please consult the Amex GBT Recruitment Privacy Statement ( .

What if I don't meet every requirement? If you're passionate about our mission and believe you'd be a phenomenal addition to our team, don't worry about "checking every box;" please apply anyway. You may be exactly the person we're looking for!

Click Here to Learn More (

• Maintain and operate the Museum's information security infrastructure, including, but not limited to: network and host-based security platforms, vulnerability scanning systems and tools, intrusion detection/prevention systems (IDS/IPS), file integrity verification and monitoring software, security information and event management (SIEM) platform, application (Layer 7) firewall, network access control (NAC), data loss prevention (DLP), log indexing and correlation platform, anti-virus and anti-spyware console, firewall and network access controls lists and web and email proxy and filtering systems.
• Review and correlate data from various system reports, alerts and logs, as well as industry and partner alerts to identify potential risks and direct threats to the Museum's infrastructure, services and users. Initiate responses to such alerts consistent with establish operational standards and Museum policy and procedures.
• Identify and complete effective response mitigations in response to detected threats.
• Assist with vulnerabilities and risk analyses of existing and planned systems for a diverse clientele including scientific researchers, educational professionals, exhibit designers, administrative support staff and collaborators. Assist with digital forensics examinations, including malware analysis, using a variety of tools. Support incident response (IR) functions in keeping with existing policies, protocols and procedures.
• Continuously maintain an in-depth knowledge of the rapidly changing cybersecurity landscape by synthesizing information about cybersecurity from various sources including Homeland Security, CERT, media vendors and research organizations. Use that knowledge to spot potential risks to the Museum.
• Participate in weekly off-hours (non-office hours) maintenance windows.
• Participate in weekly on-call rotation to respond to and triage cybersecurity alerts.
• Maintain a schedule that includes after-hours deployment/maintenance and 24/7 emergency response to IT infrastructure service disruptions and cybersecurity threats.

• High School Diploma or equivalent.
• Two years of relevant direct IT experience.
• Experience, knowledge and comfort working in a heterogeneous IT infrastructure environment, with various IT systems, technologies, platforms, concepts and applications, including Windows, Unix, Linux, VMware, Oracle, SQL Server, MySQL, Active Directory, OpenLDAP and Cisco networking platforms.
• Proficiency in the development of software code, scripts and automations.
• Solid understanding of the latest security principles, techniques and protocols.
• Demonstrated ability to analyze, troubleshoot and investigate information technology issues.
• Functional knowledge of cloud services and technologies.

• College degree in information technology, cybersecurity or another related field.
• Training in cybersecurity methods (including, but not limited to incident response, forensics, cybersecurity operations) that provides a basic knowledge of the data security compliance regulations and information security controls needed to mitigate cyber threats and vulnerabilities of applications, databases and infrastructure platforms.
• Three years direct work experience in information security, information security compliance, incident response, digital forensics and/or associated fields.
• Experience in building and maintaining security systems, including firewalls, intrusion prevention systems, SIEM tools, vulnerability analysis systems, file integrity monitoring tools, data loss prevention, network access control, logging and correlation platforms and endpoint protection systems.
• Proficiency in the development of software code, scripts and automations of cybersecurity services.
• Ability to analyze, troubleshoot and investigate security-related information systems anomalies based on security platform reporting, network traffic, log files and host-based and automated security alerts.

• Must be able to remain in a stationary position (sitting or standing) for prolonged periods.
• Must be able to occasionally lift up to 20 pounds.
• Must be able to move about the Museum campus.
• Positioning/change of positioning: Must be able to frequently position oneself/body to accomplish job duties.

Required fields are indicated with an asterisk (*).

1. *
   Do you have a High School Diploma or GED?
   • Yes
   • No
   
   
2. *
   Do you have two years of relevant direct IT experience?
   • Yes
   • No
   
   
3. *
   Are you proficient in developing software code, scripts and automations?
   • Yes
   • No
   
   
4. *
   Do you have experience with, knowledge of and feel comfortable with working in a heterogeneous IT infrastructure environment, with various IT systems, technologies, platforms, concepts and applications, including Windows, Unix, Linux, VMware, Oracle, SQL Server, MySQL, Active Directory, OpenLDAP and Cisco networking platforms?
   • Yes
   • No
   
   
5. *
   Do you have a solid understanding of the latest security principles, techniques and protocols?
   • Yes
   • No
   
   
6. *
   Are you able to analyze, troubleshoot and investigate information technology issues?
   • Yes
   • No
   
   
7. *
   Do you have a functional knowledge of cloud services and technologies?
   • Yes
   • No
   
   
8. *
   Can you maintain availability to participate in weekly off-hours (non-office hours) maintenance windows?
   • Yes
   • No
   
   
9. *
   Can you maintain availability to participate in a weekly on-call rotation to respond to and triage cybersecurity alerts?
   • Yes
   • No
   
   
10. *
    Can you maintain availability to include after-hours deployment/maintenance and 24/7 emergency response to IT infrastructure service disruptions and cybersecurity threats?
    • Yes
    • No
    
    
    
    

1. Resume
2. Cover Letter

• Identify areas for architectural, engineering, and operational improvements and to ensure that the security architecture is suitable and supportable Manage and plan the future technical architecture, providing insight into the future of their area of technology to continually improve effectiveness and efficiency.
• Conduct design and engineering processes to ensure that security architecture solutions maintain the confidentiality, integrity, and availability of information assets.
• Understand, review, and approve Cybersecurity Reference Architectures and solutions for applying them.
• Collaborate with technology and business teams to ensure that the implementation of new technologies and security solutions can be supported and that they are in alignment with security architecture, industry best practice, principles of secure design, and business strategies.
• Revalidate systems to most recent reference architectures to determine gaps, develop and manage programs to align systems to newest standards and reference architectures. Define the appropriate architecture, technical requirements, and standards necessary to address information security needs for the organization. Perform risk assessments of new and existing technology solutions to identify opportunities for improvement, and engineering solutions to adequately mitigate associated risks.
• Lead the development and implementation of security technology solutions for complex environments and architecture including cross-platform interoperability, including development of baseline infrastructure and application hardening guides based on industry best practices.
• Define security configurations and operational standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
• Serve as the engineering security expert in application development; database design; network and operating system security design; access and audit control development; and identity management solutions.
• Develop sets of security principles, technology standards and architectural constructs which guide the solution design, engineering and deployment of IT solutions.
• Ensure security architecture reviews are conducted for new technology to ensure best practices, document security solutions, and enable common solutions across the enterprise.
• Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; and preparing cost estimates.
• Address security requirements within cloud architectures, creating new and evolving security services and standards pertaining to cloud services; consulting with internal and external customers; and developing and documenting strategies, standards, and roadmaps for cloud security components and architectures.

• Must possess active listening, attention to detail, customer service, prioritization, and problem-solving skills.
• Ability to work independently and strategically.
• Demonstrated expertise in identifying and analyzing risks and developing effective mitigation strategies.
• Strong technical knowledge and diverse skillset to understand various technologies, systems, and potential risks.
• Excellent critical thinking, problem-solving, and decision-making skills.
• Strong interpersonal, verbal and written communication skills, with the ability to effectively collaborate with both technical and non-technical peers.
• Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.
• Extensive hands-on experience with related tools.
• Solid working knowledge of IT domains.
• Ability to work under pressure and meet deadlines individually and collaboratively. Think logically, assess problems, and be results-oriented.
• Ability to identify complex business and technology risks and associated vulnerabilities. Prioritize multiple tasks and switch between tasks quickly.
• Ability to communicate effectively, both orally and in writing, to interact with team members, customers, management, and support personnel (technical and non-technical).Ability to establish and maintain effective working relationships with employees at all levels within the organization, and with both internal and external customers.

• Must possess an expert/highly proficient in deep understanding of technology and cybersecurity domain principles within the context of Operational Technologies, Signaling Systems and Rolling Stock.
• Expert/Highly Proficient, knowledge of Concepts, principals and design of data security and disaster recovery processes including threat and vulnerability management; access control; network design and management; identity and access management; and data protection and management.
• Legal and regulatory compliance requirements as they relate to data and information privacy and security. Expert/Highly Proficient, knowledge of Cybersecurity technologies including identity and access management solutions; intrusion detection/prevention, PKI, security incident and event management solutions and network/firewall technology.
• Expert/Highly Proficient ability to develop and implement enterprise data security architecture.
• Design secure solutions and accompanying controls. And Ability to quickly learn and understand new technologies.
• Expert/Highly Proficient proven ability to manage projects and initiatives.
• Expert/Highly Proficient ability to fit in with the constant shifting needs and demands of the business Departments.

• Certified Information Security Professional (CISSP),
• Global Information Assurance Certification (GIAC)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC),
• Certified Information Systems Auditor (CISA), other related certification(s)

• May mentor less experienced staff. Performs other duties and tasks as assigned.
• May need to work outside of normal work hours supporting 24/7 operations (i.e., evenings and weekends).
• Travel may be required to other MTA locations or other external sites.
• Responsible for financial/budgeting/vendor/contract planning and management.

About the job Cybersecurity Engineer

Location: Remote(Onsite as needed)

Job Summary:

We are seeking an experienced and highly skilled Cybersecurity Engineer. The ideal candidate will have a deep understanding of information security, risk management, and technical skills necessary to safeguard the organizations IT infrastructure against cyber threats.

Key Responsibilities:

• Design and Implement Security Measures:
  • Develop, implement, and maintain security architecture, firewalls, intrusion detection/prevention systems, and other security technologies.
  • Design secure network systems, ensuring the confidentiality, integrity, and availability of data.
• Monitoring and Incident Response:
  • Continuously monitor the network for security breaches or attacks.
  • Analyze and respond to security incidents in a timely manner, performing root cause analysis and incident resolution.
  • Investigate suspicious activities and conduct forensic analysis when necessary.
• Risk Assessment and Vulnerability Management:
  • Regularly conduct vulnerability assessments and penetration testing to identify system weaknesses.
  • Collaborate with other teams to remediate identified security vulnerabilities.
  • Perform risk analysis to determine the level of threats and prioritize actions.
• Security Policy Development:
  • Develop and enforce security policies and procedures for network, system, and data protection.
  • Ensure compliance with regulatory standards, including GDPR, HIPAA, and other industry-specific regulations.
• Security Awareness and Training:
  • Educate staff on security best practices, including phishing awareness, password policies, and data protection measures.
  • Develop training programs to improve the organizations overall security posture.
• Collaboration:
  • Work with IT teams to ensure secure network configurations and system hardening.
  • Collaborate with cross-functional teams to evaluate and enhance security features of software and hardware systems.
• Continuous Improvement:
  • Stay up-to-date with the latest cybersecurity trends, threats, and technology.
  • Recommend improvements to the organization's cybersecurity policies and practices.

• Education:
  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent work experience).
• Experience:
  • Proven experience as a Cybersecurity Engineer or in a similar IT security role (typically 3-5 years).
  • Experience with security systems (firewalls, IDS/IPS, SIEM, etc.) and security technologies.
  • Hands-on experience with network security, encryption techniques, and vulnerability management tools.
• Certifications (preferred but not required):
  • Certified Information Systems Security Professional (CISSP)
  • Certified Ethical Hacker (CEH)
  • Certified Information Security Manager (CISM)
  • CompTIA Security+ or other relevant certifications.
• Technical Skills:
  • Strong knowledge of TCP/IP, network protocols, and routing.
  • Proficient in security tools (e.g., Nessus, Wireshark, Metasploit, etc.).
  • Knowledge of operating systems (Windows, Linux, etc.) and their security configurations.
  • Familiarity with cloud security (AWS, Azure, etc.) is a plus.
• Soft Skills:
  • Strong analytical and problem-solving abilities.
  • Excellent communication skills to explain security concepts to non-technical staff.
  • Ability to work under pressure and handle security incidents efficiently.

• Flexible working hours may be required to respond to security incidents outside of regular business hours.
• Initial Background check will be required.
• Ability to go onsite/disaster recovery site as needed.
• 1099 contract.

Vistrada is looking to hire a strong Cybersecurity Analyst to join our Cybersecurity practice.

A Cybersecurity Analyst is part of a team that consults with clients about cybersecurity related topics and strategies. This role helps clients identify cybersecurity related improvements, conduct cybersecurity risk assessments, conduct cybersecurity scans and testing, document cybersecurity related policies and procedures, and respond to cybersecurity related issues.

Responsibilities Include: 

• Conduct regulatory compliance audits and assessments utilizing frameworks like CMMC, NIST, CSF, ISO, PCI, HIPAA, etc.

• Create and update cybersecurity related policies and procedures.

• Participate in the creation of cybersecurity awareness training programs, materials and conduct training sessions.

• Perform scripted penetration testing and vulnerability scanning utilizing tools like Clone Systems.

• Review and deliver penetration testing and vulnerability scanning reports to clients.

• Participate in the on-boarding of clients into GRC tools like Apptega.

• Provide training and support to clients for our GRC tools.

• Participate in activities related to phishingsocial engineering testing, physical security assessments, and tabletop exercises.

• Participate in activities related to our advisory services offerings including planning, budgeting, presentation building, crisis management, etc.

• Participate in activities related to cybersecurity incident response and remediation.

• Keep abreast of emerging technologies related to cybersecurity and communicate findings to the team.

• Keep abreast of emerging cybersecurity vulnerabilities and help develop notifications and action plans for our clients.

Required Experience/Skills: 

• Knowledge of NIST 800-53, NIST 800-171, CSF, CMMC, DFARS, IS027001, PCI, HIPAA and other regulations

• Possess a bachelor’s degree in Cybersecurity

• Policy Development

• 1-5 years of experience

• Vulnerability Scanning / Penetration Testing

• Ability to handle multiple assessments at one time

• Possess/pursuing certifications such as CISA or CISSP, or something similar

• Strong analytical skills and ability to effectively prioritize and coordinate multiple deliverables simultaneously

• Strong ability to work effectively in a team and to communicate verbally and in writing with both external and internal customers

• Eagerness to learn in diverse areas, as well as possess a strong ability to work independently to produce desired results 

Job Type: Full-time; Work mostly from home and occasionally at client sites.

Benefits: Medical, Dental, 401K (with employer match), Disability, Paid Time Off, and Bonus Program.

Salary Range: $60K-$80K

Company Background: 

Vistrada is a Business, Technology, and Management services firm dedicated to helping clients plan and implement initiatives across Business and Technology Transformation, Integrated Risk Management, Cybersecurity, and Managed Services. Vistrada provides deep expertise and flexible team structures ensuring agility and responsiveness to support our client’s evolving needs. We leverage the right team during a client’s journey to optimize their investment and commitment.

Founded in 2007, Vistrada LLC is a profitable privately-held minority-owned organization. With more than 500+ people successfully serving clients today, our teams operate with a breadth of expertise bringing Big 4 consulting, agency, and Fortune 500 company experiences to clients. Our clients include the most prestigious institutions and many emerging companies with relationships spanning 10+ years. Vistrada has extensive public and private sector experience.

Powered by JazzHR

Job Summary: Basic up to $5,500 Mon- Fri, 815am - 530pm Variable Bonuses $00 Allowances 800 Flexi Benefits as per annual AL + 2 days Family Care Leave Medical Benefits Tuas South Job Responsibilities: Oversee the development, testing, and maintenance of cybersecurity measures to safeguard Critical Information Infrastructure (CII) assets within Plant control systems Designing and implementing cybersecurity policies and procedures for OT systems, ensuring compliance with regulatory requirements, including the Cybersecurity Code of Practice (CCoP 2.0) Conducting CII auditing, vulnerability assessments, risk assessments, and working with regulatory bodies to ensure the Plant meets cybersecurity standards Conducting CII penetration (PEN) test, red/ purple teaming exercise on a regular basis ensuring company Business Continuity Plan (BCP) and Disaster Restoration Plan (DPR) are well documented and communicated Liaising with cybersecurity vendors in conducting relevant assessments to fulfil CCoP requirement Coordinating with stakeholders to maintain optimal security levels, preparing incident response plans, and providing cybersecurity training to employees to increase awareness and response capability Plan and implement budgeted cybersecurity projects based on business requirements Applicants who possess relevant experience for the above responsibilities are most welcome to apply. If you do not possess the above experience, your application will still be considered on individual merits and you may be contacted for other opportunities. Please submit your updated resume in MS Words format by using the APPLY NOW BUTTON, By submitting your personal data and/or resume, you give consent to collection, use and disclosure of your personal data and/or resume by the company (or its agent) for the purpose of the processing and administration by the company relating to this job application. **We regret to inform that only shortlisted candidates would be notified. Toh Cheng Jie (Martin) Registration Number: R23117397 EA Licence No: 06C2859 (MCI Career Services Pte Ltd) #J-18808-Ljbffr

The American Museum of Natural History is one of the world’s preeminent scientific and cultural institutions, and has as its mission to discover, interpret and disseminate information about human cultures, the natural world and the universe through a wide-ranging program of scientific research, education and exhibition. The Information Technology department is seeking a full-time Cybersecurity Engineer to apply information security knowledge across a broad range of disciplines, activities and contexts to provide a secure data environment for the Museum. This position has operational responsibility across several domains, including, but not limited to: data security, digital forensics, incident response and analysis, IT systems and operations, network security, systems and applications security and vulnerability management. The Engineer works with IT staff, cybersecurity staff and leadership and other Museum users to develop the security operations and infrastructure controls needed to provide a secure environment and in response to emerging threats and incidents facing the Museum. Job duties include, but are not limited to: Maintain and operate the Museum’s information security infrastructure, including, but not limited to: network and host-based security platforms, vulnerability scanning systems and tools, intrusion detection/prevention systems ( IDS / IPS ), file integrity verification and monitoring software, security information and event management ( SIEM ) platform, application (Layer 7) firewall, network access control ( NAC ), data loss prevention ( DLP ), log indexing and correlation platform, anti-virus and anti-spyware console, firewall and network access controls lists and web and email proxy and filtering systems. Review and correlate data from various system reports, alerts and logs, as well as industry and partner alerts to identify potential risks and direct threats to the Museum’s infrastructure, services and users. Initiate responses to such alerts consistent with establish operational standards and Museum policy and procedures. Identify and complete effective response mitigations in response to detected threats. Assist with vulnerabilities and risk analyses of existing and planned systems for a diverse clientele including scientific researchers, educational professionals, exhibit designers, administrative support staff and collaborators. Assist with digital forensics examinations, including malware analysis, using a variety of tools. Support incident response (IR) functions in keeping with existing policies, protocols and procedures. Continuously maintain an in-depth knowledge of the rapidly changing cybersecurity landscape by synthesizing information about cybersecurity from various sources including Homeland Security, CERT , media vendors and research organizations. Use that knowledge to spot potential risks to the Museum. Participate in weekly off-hours (non-office hours) maintenance windows. Participate in weekly on-call rotation to respond to and triage cybersecurity alerts. Maintain a schedule that includes after-hours deployment/maintenance and 24/7 emergency response to IT infrastructure service disruptions and cybersecurity threats. The expected salary range for the Cybersecurity Engineer is $70,000/annual – $7,000/annual. The AMNH offers an extensive benefits package designed to meet the needs of our dedicated and diverse community. Pay will be determined based on several factors. The hiring range for the position at commencement is based on the type of work and the scope of responsibilities. The salary and placement offered is based on a number of individualized factors, including, but not limited to, skills, knowledge, training, education, credentials, areas of specialization and depth and scope of experience. Minimum Qualifications High School Diploma or equivalent. Two years of relevant direct IT experience. Experience, knowledge and comfort working in a heterogeneous IT infrastructure environment, with various IT systems, technologies, platforms, concepts and applications, including Windows, Unix, Linux, VMware, Oracle, SQL Server, MySQL, Active Directory, OpenLDAP and Cisco networking platforms. Proficiency in the development of software code, scripts and automations. Solid understanding of the latest security principles, techniques and protocols. Demonstrated ability to analyze, troubleshoot and investigate information technology issues. Functional knowledge of cloud services and technologies. Preferred Qualifications College degree in information technology, cybersecurity or another related field. Training in cybersecurity methods (including, but not limited to incident response, forensics, cybersecurity operations) that provides a basic knowledge of the data security compliance regulations and information security controls needed to mitigate cyber threats and vulnerabilities of applications, databases and infrastructure platforms. Three years direct work experience in information security, information security compliance, incident response, digital forensics and/or associated fields. Experience in building and maintaining security systems, including firewalls, intrusion prevention systems, SIEM tools, vulnerability analysis systems, file integrity monitoring tools, data loss prevention, network access control, logging and correlation platforms and endpoint protection systems. Proficiency in the development of software code, scripts and automations of cybersecurity services. Ability to analyze, troubleshoot and investigate security-related information systems anomalies based on security platform reporting, network traffic, log files and host-based and automated security alerts. Physical Demands Must be able to remain in a stationary position (sitting or standing) for prolonged periods. Must be able to occasionally lift up to 20 pounds. Must be able to move about the Museum campus. Positioning/change of positioning: Must be able to frequently position oneself/body to accomplish job duties. Category Category Full-Time Total Number of Scheduled Hours Per Pay Period Total Number of Scheduled Hours Per Pay Period 70 Union Status Union Status Non-Union FLSA FLSA Exempt Expected Salary Minimum Expected Salary Minimum 70,000/annual Expected Salary Maximum Expected Salary Maximum 77,000/annual EEO Statement The American Museum of Natural History is an Equal Opportunity/Affirmative Action Employer. The Museum does not discriminate with respect to employment, or admission or access to Museum facilities, programs or activities on the basis of race, creed, color, religion, age, disability, marital status, partnership status, gender (including sexual harassment), sex, sexual orientation, gender identity, gender expression, genetic information, pregnancy and lactation accommodations, alienage or citizenship status, current or former participation in the uniformed services, status as a veteran, caregiver, pre-employment marijuana testing, sexual and reproductive health decisions, salary history, national or ethnic origin, height, weight, or on account of any other basis prohibited by applicable City, State, or Federal law. Additional protections are afforded in employment based on arrest or conviction record, status as a victim of domestic violence, stalking and sex offenses, unemployment status, and credit history, in each case to the extent provided by law. Required fields are indicated with an asterisk (*). * Do you have a High School Diploma or GED? Yes No * Do you have two years of relevant direct IT experience? Yes No * Are you proficient in developing software code, scripts and automations? Yes No * Do you have experience with, knowledge of and feel comfortable with working in a heterogeneous IT infrastructure environment, with various IT systems, technologies, platforms, concepts and applications, including Windows, Unix, Linux, VMware, Oracle, SQL Server, MySQL, Active Directory, OpenLDAP and Cisco networking platforms? Yes No * Do you have a solid understanding of the latest security principles, techniques and protocols? Yes No * Are you able to analyze, troubleshoot and investigate information technology issues? Yes No * Do you have a functional knowledge of cloud services and technologies? Yes No * Can you maintain availability to participate in weekly off-hours (non-office hours) maintenance windows? Yes No * Can you maintain availability to participate in a weekly on-call rotation to respond to and triage cybersecurity alerts? Yes No * Can you maintain availability to include after-hours deployment/maintenance and 24/7 emergency response to IT infrastructure service disruptions and cybersecurity threats? Yes No Documents Needed To Apply Required Documents Resume Cover Letter Optional Documents American Museum of Natural History 200 Central Park West New York, NY 10024-5192 Phone: Open daily, 10am – 5:30pm Maps and Directions #J-18808-Ljbffr

The American Museum of Natural History is one of the world’s preeminent scientific and cultural institutions, and has as its mission to discover, interpret and disseminate information about human cultures, the natural world and the universe through a wide-ranging program of scientific research, education and exhibition. The Information Technology department is seeking a full-time Cybersecurity Engineer to apply information security knowledge across a broad range of disciplines, activities and contexts to provide a secure data environment for the Museum. This position has operational responsibility across several domains, including, but not limited to: data security, digital forensics, incident response and analysis, IT systems and operations, network security, systems and applications security and vulnerability management. The Engineer works with IT staff, cybersecurity staff and leadership and other Museum users to develop the security operations and infrastructure controls needed to provide a secure environment and in response to emerging threats and incidents facing the Museum. Job duties include, but are not limited to: Maintain and operate the Museum’s information security infrastructure, including, but not limited to: network and host-based security platforms, vulnerability scanning systems and tools, intrusion detection/prevention systems (IDS/IPS), file integrity verification and monitoring software, security information and event management (SIEM) platform, application (Layer 7) firewall, network access control (NAC), data loss prevention (DLP), log indexing and correlation platform, anti-virus and anti-spyware console, firewall and network access controls lists and web and email proxy and filtering systems. Review and correlate data from various system reports, alerts and logs, as well as industry and partner alerts to identify potential risks and direct threats to the Museum’s infrastructure, services and users. Initiate responses to such alerts consistent with establish operational standards and Museum policy and procedures. Identify and complete effective response mitigations in response to detected threats. Assist with vulnerabilities and risk analyses of existing and planned systems for a diverse clientele including scientific researchers, educational professionals, exhibit designers, administrative support staff and collaborators. Assist with digital forensics examinations, including malware analysis, using a variety of tools. Support incident response (IR) functions in keeping with existing policies, protocols and procedures. Continuously maintain an in-depth knowledge of the rapidly changing cybersecurity landscape by synthesizing information about cybersecurity from various sources including Homeland Security,CERT, media vendors and research organizations. Use that knowledge to spot potential risks to the Museum. Participate in weekly off-hours (non-office hours) maintenance windows. Participate in weekly on-call rotation to respond to and triage cybersecurity alerts. Maintain a schedule that includes after-hours deployment/maintenance and 24/7 emergency response to IT infrastructure service disruptions and cybersecurity threats. The expected salary range for the Cybersecurity Engineer is $70,000/annual – $77,000/annual. TheAMNHoffers an extensive benefits package designed to meet the needs of our dedicated and diverse community. Pay will be determined based on several factors. The hiring range for the position at commencement is based on the type of work and the scope of responsibilities. The salary and placement offered is based on a number of individualized factors, including, but not limited to, skills, knowledge, training, education, credentials, areas of specialization and depth and scope of experience. Minimum Qualifications: High School Diploma or equivalent. Two years of relevant direct IT experience. Experience, knowledge and comfort working in a heterogeneous IT infrastructure environment, with various IT systems, technologies, platforms, concepts and applications, including Windows, Unix, Linux, VMware, Oracle,SQLServer, MySQL, Active Directory, OpenLDAP and Cisco networking platforms. Proficiency in the development of software code, scripts and automations. Solid understanding of the latest security principles, techniques and protocols. Demonstrated ability to analyze, troubleshoot and investigate information technology issues. Functional knowledge of cloud services and technologies. Preferred Qualifications: College degree in information technology, cybersecurity or another related field. Training in cybersecurity methods (including, but not limited to incident response, forensics, cybersecurity operations) that provides a basic knowledge of the data security compliance regulations and information security controls needed to mitigate cyber threats and vulnerabilities of applications, databases and infrastructure platforms. Three years direct work experience in information security, information security compliance, incident response, digital forensics and/or associated fields. Experience in building and maintaining security systems, including firewalls, intrusion prevention systems,SIEMtools, vulnerability analysis systems, file integrity monitoring tools, data loss prevention, network access control, logging and correlation platforms and endpoint protection systems. Proficiency in the development of software code, scripts and automations of cybersecurity services. Ability to analyze, troubleshoot and investigate security-related information systems anomalies based on security platform reporting, network traffic, log files and host-based and automated security alerts. Physical Demands: Must be able to remain in a stationary position (sitting or standing) for prolonged periods. Must be able to occasionally lift up to 20 pounds. Must be able to move about the Museum campus. Positioning/change of positioning: Must be able to frequently position oneself/body to accomplish job duties. #J-18808-Ljbffr