Please note: State agencies that contact job applicants do not usually request personal or financial information via text message or over the phone in connection with your response to a job posting. If you are contacted for such information by these methods, or any other method, please verify the identity of the individual before transmitting such information to that person.
Note: For questions about the job posting, please contact the agency that posted this position by using the contact information provided on the "Contact" tab for the position.

Review Vacancy

Date Posted 08/10/22

Applications Due08/24/22

Vacancy ID110249

AgencyThruway Authority

TitleInformation Technology Specialist 3 (Information Security)

Occupational CategoryI.T. Engineering, Sciences

Salary Grade23

Bargaining UnitNone listed

Salary RangeFrom $74731 to $105235 Annually

Employment Type Full-Time

Appointment Type Permanent

Jurisdictional Class Non-competitive Class

Travel Percentage 0%

Workweek Mon-Fri

Hours Per Week 37.5


From 8 AM

To 4 PM

Flextime allowed? No

Mandatory overtime? No

Compressed workweek allowed? No

Telecommuting allowed? Yes

County Albany

Street Address 200 Southern Blvd

City Albany


Zip Code12209

Minimum Qualifications Bachelor’s degree* with at least 15 credit hours in cyber security, information assurance, or information technology; and two years of information technology experience, including one year of information security or information assurance experience**.

*Substitution: bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of general information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis; an associate's degree requires an additional two years of general information technology experience.

**Experience solely in information security or information assurance may substitute for the general information technology experience.

Preferred Qualifications:
•Working knowledge of information security, risk management, security architecture, computer networks, incident response, and vulnerability management.
•3 years of experience in conducting network vulnerability scans, web application scans and vulnerability assessments.
•3 years of experience in computer programming, scripting, secure systems development lifecycle (SSDLC), security architecture, code reviews and application security best practices
•3 years of experience in one or more vulnerability scanning tools, and vulnerabilities management.

Duties Description Under the direction of the Chief Information Security Officer (CISO), the incumbent will act as a lead team member providing information security services to ensure confidentiality, integrity, and availability of Thruway Authority’s information and systems.
This position will be a team lead for vulnerability management program to provide vulnerability scanning services for Thruway Authority. The incumbent will also develop, interpret, and deliver vulnerability scanning reports, and assist with the prioritization and interpretation of vulnerabilities.
Specific duties include, but are not limited to:
•Maintain vulnerability scanning tools including tool configuration, scan configuration, and report generation.
•Perform vulnerability scanning and analysis to help determine scope of risk and prioritization of remediation.
•Oversee the scheduling of scans in coordination with owners and custodians to ensure minimal impact to the operational activities.
•Interpret scan results and determine appropriate remediation steps in coordination with different groups.
•Analyze scans/reports from security scanning tools and other internal security tools related to risks and vulnerabilities.
•Participate in information security risk analysis and risk management processes.
•Acts as information security lead on projects and initiatives to ensure security by design through implementation of the Secure Systems Development Lifecycle (SSDLC).
•Support the implementation of information security procedures and protocols, participates in security risk reviews and remediation activity including producing written reports.
•Assist with incident response activities and remediations.
•Train staff on how to perform vulnerability scanning.
Supervising and/or managing staff and resources, as needed, dedicated to Thruway Authority information security team

Additional Comments This is a CSEA position.

Excellent Benefit Package including:
Paid vacation, personal leave, & sick leave with sick leave incentive pay, thirteen paid holidays with additional five paid floating holidays. Paid jury duty, competitive health, prescription, dental & vision insurance. Excellent retirement plan, & optional Deferred Compensation plan, Flexible Spending Account and more.

The New York State Thruway Authority is an Equal Opportunity Affirmative Action Employer.

New York State Human Rights Law prohibits discrimination based on age, race, creed, color, national origin, sexual orientation, military status, sex, disability, marital status, gender identity, prior arrests, prior conviction records, predisposing genetic characteristics or domestic violence victim status.

The New York State Thruway Authority provides reasonable accommodations to applicants with disabilities. If you need a reasonable accommodation for any part of the application and hiring process, please notify Frances Rosales, Director of Equal Opportunities Bureau at 518-436-2718.

Some positions may require additional credentials or a background check to verify your identity.

Name Rebecca Dowd


Fax 518-471-5076

Email Address


Street 200 Southern Blvd

City Albany

State NY

Zip Code 12209


Notes on ApplyingPlease fax or scan and e-mail a resume and transcript to if you are interested in the position and indicate the vacancy ID of the position you are applying for.

Printable Version