Review Vacancy
AgencyInformation Technology Services, Office of
TitleInformation Technology Architect 2 (Enterprise) - Network Architect
Occupational CategoryI.T. Engineering, Sciences
Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)
Salary RangeFrom $106898 to $131665 Annually
Duties Description The New York State Office of Information Technology Services (ITS) provides operational support 24 hours a day, 7 days a week, 365 days of the year, supporting more than 4,900 applications for 53 New York State Agencies.
The New York State Department of Transportation (DOT) Office of Traffic Safety and Mobility (OTSM) and ITS are in year one of five years, implementing a Technology Plan designed to improve both safety and mobility by enhancing, streamlining, and improving resiliency of transportation system management and operations (TSMO) strategies. The portfolio of work includes 29 overall projects that address governance, legacy technology replacement, and installation of proven technology innovations. OTSM and ITS have established a joint Operational Technology Team (OT Team) to design, build, test and implement the portfolio of work and provide ongoing operational support of the portfolio.
Under the direction of the Director of IT/OT Convergence within Dedicated Support, Department of Transportation (DOT), the Information Technology Architect 2 (Enterprise) - Network Architect will be responsible for designing, implementing, and maintaining secure and reliable network infrastructure for the agency’s Operational Technology (OT) environment. This role is critical in bridging the gap between traditional IT and OT networks, ensuring seamless communication, data integrity, and robust security across the agency’s industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, and other OT assets. The Network Architect will be responsible for developing and enforcing network security policies, standards, and procedures specific to the OT environment, while collaborating with TSMO Technology team to achieve optimal performance and resilience.
Duties include, but are not limited to, the following:
Network Design & Implementation
• Design, configure, and implement robust and secure network architectures for OT systems, including SCADA, industrial control systems (ICS), and intelligent transportation systems (ITS).
• Develop network diagrams, documentation, and standard operating procedures (SOPs) for OT network infrastructure.
• Select and evaluate network hardware and software solutions, ensuring compatibility with OT systems and adherence to industry standards.
Network Security
• Implement and maintain network security measures to protect OT systems from cyber threats, including firewalls, intrusion detection/prevention systems (IDS/IPS), and network segmentation.
• Conduct regular security assessments and vulnerability scans of OT networks.
• Develop and implement security policies and procedures specific to OT environments, aligning with industry best practices (e.g., NIST Cybersecurity Framework, ISA/IEC 62443).
• Respond to and investigate security incidents affecting OT networks.
Network Maintenance and Troubleshooting
• Monitor network performance and proactively identify and resolve network issues impacting OT systems.
• Perform routine maintenance tasks, including software updates, firmware upgrades, and configuration changes.
• Troubleshoot complex network problems, utilizing network analysis tools and techniques.
• Provide on-call support for critical network issues.
Transportation Safety and Compliance
• Ensure network infrastructure complies with relevant transportation safety regulations and standards (e.g., FRA, FTA, DOT).
• Participate in safety audits and risk assessments related to OT network infrastructure.
• Implement and maintain network configurations that support failover and redundancy to ensure system availability in critical situations.
Documentation and Reporting
• Maintain accurate and up-to-date documentation of network configurations, diagrams, and procedures.
• Prepare reports on network performance, security incidents, and project status.
Emerging Technologies
• Stay abreast of emerging network technologies and trends, particularly those relevant to OT and transportation.
• Evaluate and recommend new technologies to improve network performance, security, and efficiency.
Collaboration and Communication
• Collaborate with OT engineers, control system specialists, and other stakeholders: Working closely with other teams to understand their networking needs and ensure that OT networks are designed and operated effectively.
• Communicate effectively with both technical and non-technical audiences: Explaining complex technical concepts in a clear and concise manner.
• Develop and maintain documentation for OT networks: Creating and maintaining network diagrams, configuration documentation, and other documentation to support OT network operations.
• Provide training and support to other IT and OT staff: Sharing knowledge and expertise with other team members.
Compliance and Standards
• Ensure compliance with relevant industry standards and regulations: Understanding and adhering to standards such as ISA/IEC 62443, NIST Cybersecurity Framework, and other relevant regulations.
• Participate in audits and assessments: Supporting internal and external audits of OT network security and compliance.
Minimum Qualifications EMPLOYMENT:
• Seven (7) years of broad information technology (IT) experience, demonstrating a comprehensive understanding of various IT disciplines and how they intersect within large-scale organizations.
• Five (5) years of specialized experience in enterprise architecture, software development, or a related technical role.
EDUCATION/EXPERIENCE SUBSTITUTIONS:
Earned college degrees in computer science, electrical engineering, or a related field of study may substitute for the specified years of broad IT experience as follows:
• Bachelor's or higher-level degree in any field including or supplemented by 15 semester credit hours in computer science, electrical engineering, or related field substitutes for three (3) years of general information technology experience; any bachelor’s substitutes for two (2) years of general information technology experience.
• Associate degree with 15 semester credit hours in computer science, electrical engineering, or related field may substitute for one (1) year of general information technology experience. Candidates in a bachelor’s degree program with at least 15 semester credit hours in computer science, electrical engineering, or related field may substitute such credits for one (1) year of general information technology experience.
• Master’s degree or higher in computer science, electrical engineering, or related field substitutes for one (1) year of general information technology experience.
PREFERRED QUALIFICATIONS
Certifications:
• Preference for candidates holding relevant networking, cybersecurity, and operational technology industry certification, including but not limited to Cisco Certified Network Professional (CCNP), Cisco Certified Specialist – Enterprise SD-WAN Implementation, and Palo Alto NGFW Engineer / PCNSC.
Education:
• Bachelor's degree in Computer Science, Electrical Engineering, or a related field.
Experience:
• Minimum 7-10 years of experience in network engineering, with a focus on OT environments.
• Experience working in the transportation is desirable.
Technical Skills:
• Expert-level knowledge of networking protocols and technologies (e.g., TCP/IP, Ethernet, VLANs, routing protocols, VPNs).
• Strong understanding of network security principles and best practices (e.g., firewalls, intrusion detection/prevention, network segmentation).
• Experience with network monitoring and analysis tools (e.g., Wireshark, SolarWinds, Nagios).
• Proficiency in configuring and managing network devices (e.g., routers, switches, firewalls) from major vendors (e.g., Cisco, Palo Alto).
• Familiarity with industrial control systems (ICS) and SCADA systems.
• Knowledge of wireless communication technologies (e.g., Wi-Fi, cellular, radio).
• Experience with cloud networking technologies (e.g., AWS, Azure, Google Cloud) is a plus.
OT Specific Skills:
• Knowledge of industrial networking protocols (e.g., Modbus TCP, Profinet, DNP3, OPC UA).
• Understanding of OT network architectures and security considerations (e.g., Purdue Model).
• Experience with OT security appliances and software (e.g., industrial firewalls, intrusion detection systems).
• Familiarity with OT asset management and vulnerability management tools.
• Knowledge of real-time operating systems (RTOS) used in OT devices.
• Experience with PLC (Programmable Logic Controller) and HMI (Human Machine Interface) systems.
• Understanding of SCADA (Supervisory Control and Data Acquisition) systems and their communication protocols.
• Experience with deploying and managing wireless networks in industrial environments.
Transportation Skills:
• Understanding of intelligent transportation systems (ITS) architectures and technologies.
• Experience with transportation-specific communication protocols (e.g., NTCIP).
• Knowledge of transportation safety regulations and standards (e.g., FRA, FTA, DOT).
• Experience with video surveillance systems used in transportation environments.
Soft Skills:
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Ability to prioritize tasks and manage time effectively.
• Ability to communicate technical information to non-technical audiences.
• Strong leadership and mentoring skills.
PLEASE NOTE:
• Appointment to this position and continued employment with the agency is contingent upon obtaining and/or maintaining New York State residency within six months of hiring.
• Appointment to this position is not final until all agency approvals have been granted.
Additional Comments ITS will not offer permanent employment to any candidate unless the candidate provides documentation that they are authorized to accept work in the United States on a permanent basis. It is the policy of ITS not to hire F1 or H1 visa holders for permanent employment or to sponsor non-immigrant aliens for temporary work authorization visas or for permanent residence.
Fingerprinting and background check are required for employment with ITS.
Details of the position will be described further if you are selected for an interview.
Salary Commensurate with experience
Benefits of Working for NYS
Generous benefits package, worth 65% of salary, including:
Holiday & Paid Time Off
• Thirteen (13) paid holidays annually
• Up to Thirteen (13) days of paid vacation leave annually
• Up to Five (5) days of paid personal leave annually
• Up to Eight (8) days of paid sick leave annually
• Up to three (3) days of professional leave annually to participate in professional development
Health Care Benefits
• Eligible employees and dependents can pick from a variety of affordable health insurance programs
• Family dental and vision benefits at no additional cost
Additional Benefits
• New York State Employees’ Retirement System (ERS) Membership
• NYS Deferred Compensation
• Access to NY 529 and NY ABLE College Savings Programs, as well as U.S. Savings Bonds
• Public Service Loan Forgiveness (PSLF)
• And many more
The Office of Information Technology Services is an equal opportunity employer, and we recognize that diversity in our workforce is critical to fulfilling our mission. We encourage all individuals with disabilities to apply.
This position may require critical services to be performed outside of normal work schedule.
Some positions may require additional credentials or a background check to verify your identity.
Email Address PostingResponses@its.ny.gov
Address
Street NYS Office of Information Technology Services
Swan Street Building, Core 4
Notes on ApplyingTo apply, please submit a cover letter and resume. Please indicate that you are applying for the Information Technology Architect 2 (Enterprise) - Network Architect position and include the Vacancy ID in the subject of your email.
Your Social Security number may be required to confirm eligibility.