About New York City Cyber Command
Mission. NYC Cyber Command leads the City’s cyber defense efforts, working across more than 100 agencies and offices to prevent, detect, respond, and recover from cyber threats. NYC3 protects NYC infrastructure and critical systems from malicious attacks and safeguards the data, devices, and services of the City.
Culture. Foremost, we serve the people of the City of New York, so earning - and keeping - their trust is paramount. To deserve that trust, we relentlessly focus on facts, provide sound judgment, and maintain a healthy culture. We pride ourselves on having a respectful and inclusive workplace built on kindness, honest intellectual debate, and excellent work.
Job Description
Threat Hunters within NYC Cyber Command (NYC3) perform many critical functions within the Threat Management discipline. Chief among these functions is proactively creating, organizing, and executing hunting hypotheses to identify previously undiscovered malicious activity within the NYC environment and data. Some of the Threat Hunters tasks are described below:
● Direct and/or conduct hunt missions to augment detection capabilities to identify threats across NYC3 operating environment;
● Develop, maintain, and execute the threat hunting process and Hunt teams integration processes;
● Develop, maintain, and execute threat and incident communication processes that advise NYC3 network defenders and responders when an incident is identified through Hunting exercises;
● Assist in managing and administering the toolset of the hunting team;
● Maintain a strong working relationship with the NYC3 Cyber Threat Intelligence (CTI) team to devise hypotheses and to understand TTPs/IOCs of interest;
● Create use cases from hunting activity that will be utilized by the other Threat Management teams (Security Operations Center, Computer Emergency Response Team, Cyber Threat Intelligence, & Counter Threat Automation);
● Deliver recommendations and actions to improve the detection, escalation, containment and resolution of incidents;
● Assist in the creation of finished reporting that will be provided to NYC3 Threat Management executives and Operational teams to outline Hunting processes, results, and capability/visibility gaps identified;
● Create and present custom hunt mission briefing materials for NYC3 Operational teams to provide lessons learned and hunting cross training;
● Perform network, system, and kill chain analysis on how malicious activity was introduced and propagated within the environment;
● Special projects and initiatives as assigned.
Preferred Skills
● Excellent verbal and oral communication skills are required;
● Experience with the incident response process, including detected adversarial activities, log analysis, and malware analysis;
● Experience working in a security environment and/or supporting security teams from a technical standpoint;
● Experience creating logic to develop security alerts and applying them to large sets of data;
● Expertise in querying against, manipulating, and visualizing large data sets to assist in different analytical techniques that include but are not limited to stack counting, clustering, grouping, etc;
● Experience with regular expressions, and scripting languages such as Python and/or PowerShell;
● In-depth knowledge of the current cyber threat landscape, with a specific focus on adversarial Tactics, Techniques and Procedures (TTPs) and how to create hypotheses to hunt across them in an environment;
● Experience reviewing and analyzing Security Events from various monitoring and logging sources;
● Experience with creating signatures defensive and hunting capabilities including Snort, YARA, etc;
● Knowledge of, and experience with packet analysis and IDS/IPS technology;
● Formal education or a strong background in Computer Science, computer engineering or similar experience;
● An active knowledge of current trends in computer security, software/hardware vulnerabilities;
● Active interest in current security research;
● Strong sense of teamwork, an inquisitive mind and the desire to share knowledge;
● Knowledge of multiple operating systems (Windows, Linux, OSX), their files systems, and registry functions.
Qualification Requirements
1. A baccalaureate degree from an accredited college and four years of satisfactory full‐time experience related to projects and policies required by the particular position; or,
2. Education and/or experience which is equivalent to ʺ1ʺ above.