Cyber Threat Analyst


Job Description

About New York City Cyber Command
NYC Cyber Command was created in 2017 by Executive Order to lead the City’s cyber defense efforts, working across more than 100 agencies and offices to prevent, detect, respond, and recover from cyber threats. NYC Cyber Command is committed to protecting NYC infrastructure and critical systems from malicious attacks through the use of the latest technologies, public-private partnerships, and regular training and exercises for City employees.

Job Description
Threat Analysts within NYC Cyber Command perform many critical functions within the Threat Management discipline. Chief among these functions is providing 24x7x365 coverage within the Security Operations Center. For this reason, Threat Analysts, must be able and willing to fill night and weekend shifts. Some of the Threat Analysts tasks are described below:

Responsibilities will include:
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources;
• Coordinate with enterprise-wide cyber defense staff to validate network alerts;
• Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level;
• Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment;
• Perform cyber defense trend analysis and reporting;
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack;
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy;
• Plan and recommend modifications or adjustments based on exercise results or system environment;
• Provide daily summary reports of network events and activity relevant to cyber defense practices;
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts;
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities;
• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity;
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information;
• Determine tactics, techniques, and procedures (TTPs) for intrusion sets;
• Examine network topologies to understand data flows through the network;
• Recommend computing environment vulnerability corrections;
• Identify and analyze anomalies in network traffic using metadata;
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings);
• Work with stakeholders to resolve computer security incidents and vulnerability compliance;
• Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.

Minimum Qual Requirements
1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area;
or
2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above;
or
3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

Preferred Skills
The preferred candidate should possess the following:
• Excellent verbal and oral communication skills;
• Ability to analyze malware;
• Ability to conduct vulnerability scans and recognize vulnerabilities in security systems;
• Ability to accurately and completely source all data used in intelligence, assessment and/or planning products;
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation);
• Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies;
• Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).

Want to apply later?

Type your email address below to receive a reminder

Apply to Job

ErrorRequired field
ErrorRequired field
ErrorRequired field
Error
Error
insert_drive_file
insert_drive_file