Endpoint Security and Identity and Access Management (IAM) Specialist for the Division of HPD TECH

About the Agency:

The New York City Department of Housing Preservation Development (HPD) promotes quality and affordability in the city's housing, and diversity and strength in the city’s neighborhoods because every New Yorker deserves a safe, affordable place to live in a neighborhood they love.

- We maintain building and resident safety and health

- We create opportunities for New Yorkers through housing affordability

- We engage New Yorkers to build and sustain neighborhood strength and diversity.

HPD is entrusted with fulfilling these objectives through the goals and strategies of “Housing Our Neighbors: A Blueprint for Housing and Homelessness,” Mayor Adams’ comprehensive housing framework. To support this important work, the administration has committed $5 billion in new capital funding, bringing the 10-year planned investment in housing to $22 billion the largest in the city’s history. This investment, coupled with a commitment to reduce administrative and regulatory barriers, is a multi-pronged strategy to tackle New York City’s complex housing crisis, by addressing homelessness and housing instability, promoting economic stability and mobility, increasing homeownership opportunities, improving health and safety, and increasing opportunities for equitable growth.

Your Team:

Housing Preservation & Development Technology (HPD Tech) is the IT division within HPD. The Office of HPD Tech leads the agency’s effort to transform HPD through technology by promoting productivity and eliminating manual processing, shrinking costs, and increasing the pace of work. HPD Tech works to improve effectiveness of business processes using core applications for flawless execution. HPD Tech empowers decision makers with access to quality (complete and accurate) information to anticipate and pro-actively react to building, neighborhood and market conditions.

The Office of HPDTech is composed of 7 units: CIO (Chief Information Office), CTO (Chief Technology Office), CPO (Chief Product Office), Budget, Enterprise Architecture, Planning & Compliance, and Information Security.

Your Impact:

As the Endpoint Security and Identity and Access Management (IAM) Specialist for the Division of HPDTech, you will play a pivotal role in safeguarding our organization’s digital assets by focusing on the management of endpoint security solutions from various vendors such as Trelix, Crowdstrike, and Microsoft, and ensuring the right individuals have the appropriate access to critical systems and data. This position is central to enhancing our security posture, reducing risk, and ensuring compliance with regulatory requirements. By driving the implementation and continuous improvement of our endpoint security tools and IAM processes, tools, and policies, the successful candidate will help shape a secure and scalable access environment that supports business agility and operational efficiency across the enterprise. Your contributions will directly impact user experience, security incident prevention, and the organization’s ability to meet its governance and audit goals.

Your Role:

We are seeking a skilled and detail-oriented Endpoint Security and Identity and Access Management (IAM) Specialist to join our cybersecurity team. In this role, you will be responsible for implementing and maintaining identity and access solutions that ensure secure, compliant, and efficient access to organizational resources. You will manage the full identity lifecycle, including provisioning, deprovisioning, role-based access controls, authentication mechanisms, and access reviews. The ideal candidate will have a strong understanding of IAM technologies, security best practices, and regulatory requirements. This role is essential to strengthening our security posture, supporting operational efficiency, and enabling secure digital transformation across the agency. Additionally, the candidate will be required to focus on the management of endpoint security solutions from various vendors such as Trelix, Crowdstrike, and Microsoft, within our environments.

The role will be responsible for the day-to-day operations, installations, troubleshooting, reporting and incident management of the security products across the entire infrastructure environment. The analyst will also be required to support new configuration requests, testing and deployment for endpoint solutions.

Your Responsibilities:

- Deploy, manage, and monitor endpoint protection solutions (e.g., antivirus, anti-malware) across all agency devices.

- Investigate and respond to endpoint security incidents and alerts in coordination with the SOC or incident response team.

- Conduct periodic security assessments and audits of endpoints to identify and remediate risks.

- Maintain visibility into endpoint health and compliance using centralized management tools.

- Manage the full identity lifecycle, including user provisioning, access changes, and deprovisioning for employees, contractors, and third parties.

- Implement and support IAM technologies such as Multi-Factor Authentication (MFA), and role-based access control (RBAC).

- Conduct periodic access reviews, entitlement audits, and segregation of duties analysis to ensure access compliance.

- Create and maintain IAM policies, standards, and documentation to align with regulatory and organizational requirements.

- Automate IAM workflows and integrate identity systems with tools such as ManageEngine

- Monitor for anomalous access behavior and support incident response for identity-related security events.

- Collaborate with business units and compliance teams to enforce least privilege and secure access practices.

- Includes all duties completed by the incumbent.

Required Skills

- Identity lifecycle management and provisioning workflows

- Experience with IAM platforms: ManageEngine, Microsoft Entra ID (Azure AD), One Identity Active Roles (ARS)

- Directory services: LDAP, Active Directory, Azure AD

- Multi-Factor Authentication (MFA)

- Experience with antivirus, anti-malware solutions: CrowdStrike, Trelix/McAfee, Microsoft Defender for Endpoint

- Patch management tools: Ivanti Patchlink, SCCM, Tanium

Preferred skills

- CrowdStrike Certified Falcon Administrator (CCFA) – Preferred

- Trellix (McAfee EPO/FireEye) related certifications – a plus

- IAM Tools (ManageEngine)

COMPUTER ASSOC (TECH SUPP) - 13611

1. A baccalaureate degree from an accredited college or university and two years of satisfactory full-time experience, in mainframe computer, mid-range computer, LAN or WAN computer environments and or local desktop support; or"
2. An associate degree or 60 semester credits from an accredited college or university and three years of satisfactory, full-time experience as described in "1" above; or
3. A four-year high school diploma or its educational equivalent and four years of satisfactory, full-time experience, as described in "1" above; or
4. Education and/or experience equivalent to "1", "2", or "3" above. Undergraduate college credit can be substituted for experience on the basis of 30 semester credits, from an accredited college or university, for six months of experience. However, all candidates must have at least a four-year high school diploma or its educational equivalent and two years of satisfactory full-time experience, as described in "1" above.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.