Cyber Security AnalystNew York City Department of Consumer and Worker Protection • New York, New York, United States
Cyber Security Analyst
New York City Department of Consumer and Worker Protection
- New York, New York, United States
- New York, New York, United States
Über
The NYC Department of Consumer and Worker Protection (DCWP) protects and enhances the daily economic lives of New Yorkers to create thriving communities. DCWP licenses more than 51,000 businesses in more than 40 industries and enforces key consumer protection, licensing, and workplace laws that apply to countless more. By supporting businesses through equitable enforcement and access to resources and, by helping to resolve complaints, DCWP protects the marketplace from predatory practices and strives to create a culture of compliance. Through its community outreach and the work of its offices of Financial Empowerment and Labor Policy & Standards, DCWP empowers consumers and working families by providing the tools and resources they need to be educated consumers and to achieve financial health and work‑life balance. DCWP also conducts research and advocates for public policy that furthers its work to support New York City’s communities.
DCWP is seeking to hire a Cyber Security Analyst Level II to join its IT Services Division. Under the direction of the Executive Director Infrastructure, the Cyber Security Analyst Level II will assist with implementing cybersecurity policies, standards, directives, and guidelines that draw heavily from citywide cyber policies implemented by the City of New York for all agencies. The role will defends against cybersecurity incidents and identify, analyze, communicate, and contain incidents as they occur. This cybersecurity role requires excellent communication skills, creativity, strong technical background, and familiarity with traditional and emerging security technologies and practices. The activities of this role will be split between day‑to‑day operations and working on new and existing cybersecurity related projects.
Major Responsibilities
Assist DoTSS in liaising with the NYC Office of Technology and Innovation (OTI) to ensure any security threats are mitigated by DCWP in a timely manner.
Respond to alerts and events that could threaten the agency’s IT security posture, remaining proactive and staying ahead of issues.
Characterize and analyze network traffic and server/cloud performance metrics to identify anomalous activity and potential threats.
Complete appropriate patching on various systems, including workstations, servers, and network equipment such as switches, voice gateways, and routers.
Analyze identified malicious activity to determine means, method, and details of exploitations against agency systems and applications.
Evaluate commercial software in conjunction with OTI for safe use by NYC DCWP.
Guide ITOPS in reimaging/ restoring devices and equipment to previous known‑good states after an incident.
Validate, analyze, investigate, and mitigate reported trouble tickets or incidents from OTI.
Follow up to ensure DCWP staff are taking and following Cyber Security Training.
Ensure new software (COTS, on‑prem, cloud‑based CRM) is developed following citywide security standards and protocols and passes through SDLC and security accreditation (from OTI).
Follow up on incident reports and application scan reports to ensure proper mitigation is taking place in a timely manner.
Conduct network monitoring and intrusion detection analysis using various computer network defense tools such as intrusion detection/prevention systems, firewalls, and host‑based security systems; review and adjust ACL as needed based on source/destination/port by requirement.
Conduct log‑based and endpoint‑based threat detection to detect and protect against threats from multiple sources.
Correlate activity across assets (endpoint, network, apps) and environments (on‑premises, cloud) to identify patterns of anomalous or suspicious activity.
Support the creation of business continuity/disaster recovery plans, including conducting disaster recovery tests, publishing test results and making changes necessary to address deficiencies.
Research emerging threats and vulnerabilities to aid in the identification of incidents.
Provide users with incident response support, including mitigating actions to contain activity and facilitating forensic analysis when necessary.
Perform security standards testing against computers or IT equipment before implementation to ensure security standards are met.
Coordinate with OTI and ITOPS on providing IT inventory, performing DCWP security audits, and coordinating Comptroller and Criminal Justice Information Security (CJIS) directive audits.
Minimum Qualifications
Baccalaureate degree from an accredited college including or supplemented by 24 semester credits in computer science or a related computer field and one year of satisfactory full‑time computer software experience in computer systems development and analysis, applications programming, database administration, maintenance and support, systems programming, data communications, mainframe development, mobile development, web development, and design.
Four‑year high school diploma or its educational equivalent and five years of satisfactory full‑time computer software experience as described in (1) above.
Education and/or experience equivalent to (1) or (2) above. College education may be substituted for up to two years of the required experience in (2) on the basis that 60 semester credits from an accredited college are equated to one year of experience. Additionally, 24 semester credits from an accredited college or graduate school in computer science or a related field, or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience. All candidates must have at least a four‑year high school diploma or its equivalent and at least one year of satisfactory full‑time experience as described in (1) above.
Preferred Skills
Experience in IT audit, enterprise risk management, penetration testing, red team/incident responding, or as a junior security operations analyst.
Experience with regulatory compliance and information security management frameworks such as ISO 27000‑1 or 27000‑2, COBIT, NIST 800‑53 or 800‑171.
Strong decision‑making capabilities, proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
Ability to effectively influence others to modify their opinions, plans or behaviors.
Understanding of organizational mission, values, goals and consistent application of this knowledge.
Strong problem‑solving and troubleshooting skills.
Certifications such as CISSP, CISA, or CISM.
Understanding of privilege access management for servers, preferred knowledge of Delinea/Centrify.
Familiarity with CISA Binding Operational Directives and with Trellix/McAfee/CrowdStrike/Rapid7, and Azure.
55a Program This position is also open to qualified persons with a disability who are eligible for the 55‑a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55‑a Program.
Public Service Loan Forgiveness As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.
Residency Requirement New York City residency is not required for this position.
Additional Information The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.