Lead Network Security Engineer

Lead Network Security Engineer

LOCATION DETAILS: Albany NY (Only local)

Should have strong Oprational Technology experience

Position Summary
Seeking a Network Security Engineer to provide network and security engineering for its business network intelligent transportation systems (ITS) and operational technology (OT) environments. This position reports to NYSDOTs Chief Information Security Officer and the NYSDOT ETO Director and supports network and cybersecurity operations across transportation management regional and main office environments.

The Network Engineer will be responsible for developing recommendations related to maintaining monitoring troubleshooting and optimizing the network infrastructure and cybersecurity tools that supports the safe and efficient operation of NYSDOT transportation systems. The role focuses on network devices security tools and communication links within and between Transportation Management Centers (TMCs) regional offices and the Main Office.

This position requires a strong understanding of core networking and cybersecurity principles best practices and a demonstrated interest in intelligent transportation technologies.

Key Responsibilities

• Configure and troubleshoot VLANs network segments and routing protocols.
• Monitor network performance and availability using network management tools
• Respond to and resolve network incidents including connectivity issues performance degradation and security alerts.
• Perform routine maintenance tasks such as firmware updates configuration backups and equipment replacement support.
• Provide technical support to internal teams and external partners regarding network connectivity and performance.
• Assist in the configuration and management of firewalls intrusion detection and prevention systems (IDS/IPS) and other security appliances.
• Configure and monitor SIEM platforms for security anomalies and escalate incidents according to established procedures.
• Document network configurations standard procedures and operational guidance.
• Support vulnerability scanning and remediation efforts.
• Assist maturing the cybersecurity incident response plans.
• Prepare detailed reports of security incidents and network anomalies for appropriate authorities including the FBI and the New York State Office of Information Technology Services.
• Work closely with the NYSDOT CISO and other cybersecurity team members to support security and compliance.
• Collaborate with other NYSDOT departments to support the integration of new intelligent transportation system devices and applications.

Minimum Qualifications

• Bachelors degree in computer science information technology or a related field or equivalent experience.
• Strong understanding of TCP/IP routing switching and network security principles.
• Proficiency configuring and troubleshooting LANs VLANs trunks spanning tree IP subnetting routing protocols and wireless networking
• Proven experience in network administration and troubleshooting.
• Ability to perform and analyze packet traces.
• Proficiency with firewalls to configure and troubleshoot security rules NAT threat protection and logging
• Experience with IDS/IPS and SIEM tools security event triage and escalation.
• Industry certifications such as CCNP PCNSA or similar are preferred.
• Familiarity with network monitoring tools.
• Familiarity with vulnerability scanning tools.
• Excellent problem-solving and communication skills.
• Display a strong grasp of key cybersecurity and IT concepts such as:
• Cloud Concepts: SaaS IaaS PaaS hybrid on premises
• Cybersecurity Principles: defense in depth least privilege CIA triad
• Cybersecurity Technology: NAC systems next-generation firewalls VPNs micro segmentation IAM vulnerability management encryption
• IT principles: High availability clustering failover single point of failure dynamic routing classification tagging
• Server and Compute: Client Server virtualization clustering failover backups imaging
• A strong desire to learn and grow within the field of intelligent transportation systems.

Preferred Qualifications

• Data classification principles and enforcement
• Understanding of cybersecurity frameworks such as NIST CSF CIS Critical Controls
• Experience supporting operational technology or critical infrastructure environments.
• Experience working with distributed networks that support transportation public sector industrial or field-based operations.
• Familiarity with cybersecurity incident response and escalation procedures.
• Experience balancing network security requirements with system availability and operational continuity.
• Hands-on familiarity with modern network security monitoring event analysis and infrastructure documentation practices.

Core Knowledge Areas

• TCP/IP networking subnetting routing and switching.
• VLAN design segmentation and troubleshooting.
• Network security fundamentals including firewalls IDS/IPS access control and secure configuration.
• SIEM monitoring security event triage and escalation.
• Network performance monitoring and availability management.
• Threat intelligence integration and operational awareness.
• Incident response support for network disruptions malicious activity and denial-of-service conditions.
• Documentation of network topology procedures and configurations.
• Collaboration with cybersecurity operations and engineering teams in a mission-critical environment.

Work Environment and Expectations

• Ability to work independently and to carry out assignments to completion within parameters of instruction given prescribed routines and standard accepted practices
• Experience working within an enterprise change control process.
• Must be able to work under pressure and meet deadlines while maintaining a professional attitude and providing exemplary customer service
• Strong analytical/problem solving skills
• Articulate verbal and written communication skills
• Computer Proficiency in MS Office Suite
• Ability to create legible Visio diagrams of IT and security systems
• The majority of these services are expected to be provided on site although some remote support may be required.
• The position supports operationally important transportation environments and requires strong coordination with security operations and engineering stakeholders.
• The successful candidate must be able to communicate clearly solve problems methodically and operate effectively in a high-availability environment where uptime safety and security are all important considerations.