The City University of New York

DevSecOps Engineer (IT Infrastructure Engineer 3) - Provisional

GENERAL DUTIES

This position encompasses professional and responsible highly technical consultative and/or administrative work unique to the design and engineering of complex datacenters, networks and cloud deployments. Under administrative direction of a university IT manager, with broad latitude for independent action or decision, is responsible for the development of comprehensive infrastructure solutions. Engineer and operate mission critical infrastructure and be responsible for the access and protection of sensitive data, systems, and networks. May lead a team or participate in a team in planning, designing, implementing, and maintaining datacenter and cloud operations that includes the management of IT facilities, network, security, telecommunications, servers, storage, and virtualization components.

There are three Levels of this title. Assignment Levels 2 and 3 may oversee multiple projects and supervise employees. This specification describes typical assignments for this title; related duties may be assigned as needed.

To view the complete job description, go tohttp://www.cuny.edu/about/administration/offices/hr/classified-civil-service/ccsjobs/and view the Job Description for IT Infrastructure Engineer.

CONTRACT TITLE

IT Infrastructure Engineer

FLSA

Non-exempt

CAMPUS SPECIFIC INFORMATION

The Office of Computing and Information Services (CIS) at the City University of New York (CUNY) supports the IT and telecommunications needs of CUNY's 25 colleges. CIS supports enterprise IT and applications, develops new technologies that advance the University's core mission, builds, upgrades and maintains the University's network, and operates the University's Data Center and Service Desk. Additionally, CIS manages the processes of safeguarding the University’s IT assets and operates the SOC, develops disaster recovery plans for business continuity, maintains the security of the University’s IT assets, and maintains the CUNYfirst Enterprise Resource Planning (ERP) solution that integrates student administration, financial management, and human resources operations across CUNY’s 25 colleges. Lastly, CIS provides strategic and operational IT leadership with respect to the maintenance, enhancement, and expansion of the CUNY network spanning across all CUNY campuses.

CUNY-CIS seeks a highly skilled DevSecOps Engineer to join the Office of the CTO, who will play a key role in integrating security best practices into development, deployment, and operations to support the university’s shared services IT initiative. This role ensures compliance with federal regulations (PCI DSS, FERPA, GLBA) while safeguarding sensitive data through Security Configuration Management (SCM) and File Integrity Monitoring (FIM). Reporting to the Director of DevSecOps, the engineer will contribute to Network Automation, Centralized Management, CUNY Private Cloud (Server Workload Consolidation), and Telephony Services Consolidation by ensuring secure and compliant infrastructure deployment across CUNY’s 25 campuses and Central Office. By automating security protocols and streamlining secure service delivery, this role enhances operational efficiency while protecting critical data and systems. This hands-on position requires a proactive, collaborative engineer to deliver secure, scalable solutions that advance CUNY’s mission.

Key responsibilities include, but are not limited to the following:

• Manages complex enterprise-scale infrastructure crises, works under pressure to resolve security incidents, mitigate vulnerabilities, and ensures rapid remediation efforts.
• Maintains disaster recovery configurations and procedures, leads periodic testing, oversees documentation updates, and ensures seamless incident response and business continuity.
• Leads application development, ensures security and compliance within complex enterprise-scale new technologies and system requirements.
• Identifies probable system design flaws or security risks, conducts assessments, vulnerability scans, and penetration testing to proactively address threats before performance impact occurs.
• Works closely with various IT teams, including development, operations, and cloud engineering, to integrate security seamlessly into the Software Development Lifecycle (SDLC) and Infrastructure as Code (IaC) processes.
• Develops and maintains CI/CD pipelines and automation scripts, implements security testing, vulnerability scanning, and configuration management using tools like Ansible, Terraform, and Jenkins.
• Evaluates, deploys, and manages enterprise security tools and platforms, including static and dynamic code analysis tools, container security solutions (e.g., Docker, Kubernetes), and identity and access management (IAM) systems.
• Ensures compliance with security frameworks and regulations, including PCI DSS, HIPAA, FERPA, and GDPR, by participating in security audits, risk assessments, and implementing necessary controls.
• Develops and reviews technical specifications for IT system procurement, including evaluating vendor submissions from bids, requests for information, and proposals.
• Establishes and maintains real-time security monitoring, alerting, and reporting mechanisms using tools such as Splunk, ELK Stack, and SIEM solutions to enhance visibility and compliance.
• Leads security training initiatives, educating teams on secure coding practices, threat prevention, and compliance mandates while staying updated on evolving cybersecurity trends and emerging technologies.

NOTES:

1. Until further notice, this position is eligible for a hybrid work schedule.
2. An appointment to this Competitive title/position in the Classified Civil Service Title Series will be made with a Provisional status. Employees in provisional status must pass a competitive civil service examination and be appointed from a civil service list to remain in the title/position.

MINIMUM QUALIFICATIONS

1. A baccalaureate degree in computer science, engineering or a related field from an accredited college or university and five (5) years of satisfactory full-time experience in thedesign and engineering of complex datacenters, networks and/or cloud deployments; or

2. A baccalaureate degree from an accredited college or university and six (6) years of satisfactory full-time experience as described in “1” above; or

3. A high school diploma or its educational equivalent and ten (10) years of satisfactory full-time experience as described in “1” above; or

4. Education and/or experience which is equivalent to "1," "2" or "3" above. The following may substitute for some of the required experience required in "1," "2" or "3" above, as follows:

College education (undergraduate credits) may substitute for up to four (4) years of the required experience in "3" above on the following basis:

A. 30 to 59.9 semester credits substitute for 1 year of experience; or

B. 60 to 89.9 semester credits substitute for 2 years of experience; or

C. 90 to 119.9 semester credits substitute for 3 years of experience; or

D. 120 or more semester credits substitute for 4 years of experience.

Graduate credits in information technology, computer science or a related field may substitute for up to two (2) years of experience in "1" or "2" above on the following basis:

A. 15 to 29.9 graduate credits substitute for 1 year of required experience; or

B. 30 or more graduate credits substitute for 2 years of required experience.

Each of the following validcurrent certification(s) may substitute for one (1) year of the required experience in "1," "2" or "3" above:

A. Certified Information Systems Security Professional (CISSP) issued by ISC2; and/or

B. Certified Scrum Product Owner (CSPO) issued by Scrum Alliance; and/or

C. Cisco Certified Network Associate (CCNA) issued by Cisco; and/or

D. Cisco Certified Network Professional (CCNP) issued by Cisco; and/or

E. CompTIA Linux+ issued by CompTIA; and/or

F. CompTIA Network+ issued by CompTIA; and/or

G. Security+ issued by CompTIA; and/or

H. IBM Certified Solution Architect – Cloud Pak for Data issued by IBM; and/or

I. ITIL Foundation Certification issued by Axelos; and/or

J. Juniper Networks Certified Internet Associate (JNCIA) issued by Juniper Networks; and/or

K. Microsoft Certified: Azure Administrator Associate issued by Microsoft; and/or

L. NetApp Certified Data Administrator (NCDA) issued by any authorized organization approved by NetApp; and/or

M. NetApp Certified Storage Installation Engineer (NCSIE) issued by any authorized organization approved by NetApp; and/or

N. NetApp Certified Storage Installation Engineer (NCSIE) issued by any authorized organization approved by NetApp; and/or

O. Oracle Cloud Infrastructure Architect Professional Certification issued by Oracle; and/or

P. Red Hat Certified Engineer (RHCE) issued by Red Hat; and/or

Q. VMware Certified Professional (VCP) issued by VMware.

However, all candidates must have a high school diploma or its educational equivalent and at least three (3) years of experience as described in “1” above.

Assignment Level II or III

Level II: After meeting the Qualification Requirements above, an additional two (2) years of satisfactory full-time experience in thedesign and engineering of complex datacenters, networks and/or cloud deployments is required for Level II.

Level III: After meeting the Qualification Requirements aboveandthe Level II requirements, an additional two (2) years of satisfactory full-time experience in thedesign and engineering of complex datacenters, networks and/or cloud deployments is required for Level III (for a total of 4 years of experience above the Qualification Requirements).

English Language Proficiency : Demonstrated English language proficiency, including ability to speak, read, write, and understand English well enough to meet minimally acceptable performance standards set for job duties.

Motor Vehicle Driver License : A Motor Vehicle Driver license, valid in New York State, may be required for some, but not all positions.

Note: CUNY considers full-time work to be at least 35 hours per week. Part-time experience of at least 20 hours per week may be prorated by half and credited instead of,but not in addition to, full-time experience during the same period (e.g., two months of related work experience at 20-34 hours per week equates to one month of full-time related work experience.) Part-time experience of fewer than 20 hours per week cannot be credited at all.

OTHER QUALIFICATIONS

Preferred:

• 6+ years' experience in security, DevOps, or related role(s), integrating security best practices into development and operations workflows.
• Expertise with CI/CD tools (Jenkins, GitLab CI, Azure DevOps) and Infrastructure as Code (Terraform, Ansible, Chef) for securely automating cloud and on-prem environments.
• Strong knowledge of AWS, Azure, or Google Cloud Platform (GCP), including cloud-native security tools (AWS Security Hub, Azure Security Center, Google Cloud Security Command Center).
• Hands-on experience with security assessments, penetration testing, static and dynamic code analysis, container security tools (e.g., Aqua, Twistlock), and vulnerability management platforms.
• Familiarity with IAM, Zero Trust security models, multi-factor authentication, and compliance frameworks such as PCI DSS, HIPAA, GDPR, NIST, or ISO 27001.
• Experience with security monitoring tools, log aggregation, and SIEM solutions (Splunk, ELK Stack) for real-time incident detection and response.
• Proficiency in Python, Bash, or PowerShell for automating security processes and improving operational efficiency.
• Knowledge of ITIL, cloud architecture, AWS, and Azure best practices to optimize security and infrastructure resilience.
• Ability to work independently and collaboratively, with excellent problem-solving and communication skills to address security challenges effectively.

COMPENSATION

Level 1: $105,827

Level 2: $115,190

Level 3: $126,287 - $155,000

BENEFITS

CUNY offers a comprehensive benefits package to employees and eligible dependents based on job title and classification. Employees are also offered pension and Tax-Deferred Savings Plans. Part-time employees must meet a weekly or semester work hour criteria to be eligible for health benefits. Health benefits are also extended to retirees who meet the eligibility criteria.

HOW TO APPLY

For full consideration, submit a cover letter and resume online via CUNY's web-based job system, addressing how your experience and credentials meet the responsibilities and qualifications outlined.

The direct link to the job opening from external sources is:

https://hrsa.cunyfirst.cuny.edu/psc/erecruit/EMPLOYEE/HRMSCG/c/HRS_HRAM_FL.HRS_CG_SEARCH_FL.GBL?Page=HRS_APP_JBPST_FL&Action=U&FOCUS=Applicant&SiteId=1&JobOpeningId=30493&PostingSeq=1

Current CUNY employees must apply through CUNYfirst Employee Self Service using their login credentials. After you login, click the Careers tile on the Employee Self Service Menu page to view job openings.

CLOSING DATE

Open until filled.

JOB SEARCH CATEGORY

CUNY Job Posting: Information Technology/Technical

EQUAL EMPLOYMENT OPPORTUNITY

CUNY encourages people with disabilities, minorities, veterans and women to apply. At CUNY, Italian Americans are also included among our protected groups. Applicants and employees will not be discriminated against on the basis of any legally protected category, including sexual orientation or gender identity. EEO/AA/Vet/Disability Employer.

Job ID

30493

Location

Central Office

Read Full Description