Systems Security Engineer Jobs for OPT Students

INTRODUCTION

The New York City Department of Investigation (DOI) is one of the oldest law enforcement agencies in the country; its mission is to combat municipal corruption. DOI serves the people of New York City by acting as an independent and nonpartisan watchdog for New York City government, City agencies, and City employees, vendors with City contracts, individuals and entities that receive City funds. The Information Technology Unit of the NYC Department of Investigation is currently seeking a highly skilled, motivated and hands-on System Security Engineer to manage and secure our environment, including Active Directory, Windows Servers, Exchange (on-prem and Online), Microsoft 365, AirWatch MDM, and file shares. This role supports system stability and cybersecurity readiness, emphasizing automation, practical risk management, prioritization, and collaboration, ensuring our core systems remain secure, efficient, and compliant within a small but capable IT team.

ROLE AND RESPONSIBILITIES

Key Responsibilities
- Active Directory Administration: Manage user accounts, permissions, and Group Policy Objects (GPOs); secure and monitor domain controllers.
- Exchange Management: Administer Exchange on-premises and Exchange Online hybrid environments, managing mail flow, mailbox provisioning, spam filtering, and secure mail routing.
- Security & Compliance: Apply Microsoft and CIS hardening baselines; enforce consistent GPO and Exchange security configurations; monitor logs for anomalies.
- Patch & Configuration Management: Implement and manage regular patching schedules for Windows Servers, Exchange systems, and related components.
- Monitoring & Response: Leverage Proofpoint, Varonis, Adaudit, SIEM, Endpoint Manager, and AirWatch MDM to monitor user activity, device compliance, system configurations, and mail flow. Investigate alerts and anomalies related to AD, Exchange, and endpoints to detect and respond promptly to potential security incidents.
- File Share Management: Maintain secure access controls and auditing for on-prem file shares; monitor for data access anomalies using Varonis.
- Certificates & PKI: Manage digital certificates, renewals, and certificate authorities (CAs) for servers, internal services, and authentication.
- Backup & Recovery: Ensure reliable backups for AD, Exchange, file shares, and critical servers; test restoration procedures regularly.
- Automation & Documentation: Develop PowerShell scripts to automate patching, mailbox management, and security reporting; maintain accurate operational documentation.
- Collaboration: Work cross-functionally with IT support and network teams to maintain a secure, resilient infrastructure.

If selected, the candidate will be fingerprinted and undergo a background investigation. In addition, because the position has a law enforcement and/or investigative function, the candidate's consumer credit history will be reviewed during the background investigation, as permitted by NYC Administrative Code 8-107(24)(b)(2)(A).

MINIMUM QUALIFICATIONS

- A baccalaureate degree from an accredited college, including or supplemented by twenty-four (24) semester credits in computer science or a related computer field and two (2) years of satisfactory full-time software experience in designing, programming, debugging, maintaining, implementing, and enhancing computer software applications, systems programming, systems analysis and design, data communication software, or database design and programming, including one year in a project leader capacity or as a major contributor on a complex project; or
- A four-year high school diploma or its educational equivalent and six (6) years of full-time satisfactory software experience as described in “1" above, including one year in a project leader capacity or as a major contributor on a complex project; or
- A satisfactory combination of education and experience that is equivalent to (1) or (2) above. College education may be substituted for up to two years of the required experience in (2) above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. A master's degree in computer science or a related computer field may be substituted for one year of the required experience in (1) or (2) above. However, all candidates must have a four year high school diploma or its educational equivalent, plus at least one (1) year of satisfactory full-time software experience in a project leader capacity or as a major contributor on a complex project.

PREFERRED QUALIFICATIONS

- Experience managing Active Directory, Exchange (on-prem and Online), and Microsoft 365 environments.
- Strong skills in Windows Server administration, patch management, and system hardening.
- Working knowledge of Proofpoint, Varonis, Ad Audit, SIEM, Endpoint Manager, and Workspace One MDM.
- Proficiency in PowerShell scripting for automation and auditing.
- Familiarity with certificate management (PKI) and file share security.
- Experience with VMware or Hyper-V virtualization platforms.
- Focus: A practical, security-focused administrator ensuring uptime, resilience, and protection across identity, messaging, and data-sharing systems within a lean operational model.

COMPENSATION

- Salary: $52,426.00 – $117,295.00

Public Service Loan Forgiveness

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/

Residency Requirement

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for two continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of the interview.

Additional Information
The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.