Cyber Technical Intelligence Analyst

About New York City Cyber Command

New York City Cyber Command (NYC3) is committed to protecting City systems that provide vital services to New Yorkers from cyber threats, and helping residents become safer in their digital lives. As the organization defending the largest municipality in the country, NYC3 is charged with directing citywide incident response, setting citywide cybersecurity policies and standards and working with city agencies to strengthen their cyber defenses.

Mission Statement

“To lead and execute an innovative, intelligence-driven, risk-informed cyber defense and response strategy -- with the support of key partners and allies -- that enables the city government to properly function and provide services to New Yorkers.”

Vision Statement

“New York City is the most cyber-resilient city in the world.”

Job Description

Technical Intel Analysts within NYC Cyber Command perform many critical functions within the Threat Management discipline. Chief among these functions is providing the key verticals of the Threat Management team with direct support to operations by consuming and analyzing tactical and technical intel, as well as coordinating between operators and the CTI lead. Some of the Cyber Intel Analysts tasks are described below:

• Provide intel support to primary operators, and also directly assist or execute investigative efforts or tasks;

• Assist hunt missions to augment detection capabilities to identify threats across NYC3 operating environment;

• Responsible for the collection, processing, analysis, and dissemination of tactical intelligence (IOC’s) and products (finished reports) throughout NYC3 and partner organizations;

• Develop, maintain, and execute threat and risk communication processes that advise NYC3 network defenders;

• Responsible for pushing indicators to security defenses from NYC3’s Threat Intelligence Platform (TIP) and coordinating activity with defensive operators;

• Perform network, system, and kill chain analysis on how malware was introduced and propagated;

• Conduct research for tracking certain code families, campaigns, or actors through technical analysis of data, malicious codes, and infrastructure;

• Employ predictive analytic methods to determine changes in adversary’s capabilities, motivations, and intent, while providing recommendations to reduce risk before exposure to threats occur;

• Provide direct analytic support to the Security Operations Center, including Incident Response and Risk Analysts, to add context to active investigations and threats using intelligence;

• Create and present custom threat briefing materials for NYC3 Operational teams to provide tactical situational awareness;

• Handle special projects and initiatives as assigned.

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

The preferred candidate should possess the following:

• Excellent verbal and written communication skills are required;

• Experience working in a security environment and/or supporting security teams from a technical standpoint;

• In-depth knowledge of the current cyber threat landscape, with a specific focus on the technical aspects of adversarial Tactics, Techniques and Procedures (TTPs) and their relation to the cyber kill chain and other analytical models;

• Fundamental analytic tradecraft skill sets, with extensive experience in the extraction and analysis of tactical intelligence from investigations;

• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, and non-repudiation);

• Strong understanding of vulnerability and exploitation concepts, or experience in penetration testing;

• Expertise in host and network-based forensics, or Incident Response best practices;

• Strong understanding of dynamic/behavioral malware analysis methods and technology;

• Experience in host and network-based defense, or monitoring and detection best practices.

Special Note: Taking and passing civil service exams are necessary to maintain employment with the City of New York. Please check the Department of Citywide Administrative Services (DCAS) website (http://www.nyc.gov/html/dcas/html/work/exam_monthly.shtml) for important exam filing information. Please ensure that you are either a permanent employee in the civil service title listed on this posting, or, that you file for the examination when there is an open filing period. For more information regarding the civil service process, please visit the DCAS website at: http://www.nyc.gov/html/dcas/html/work/work.shtml

* Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration

For City employees, please go to Employee Self Service (ESS), click on Recruiting Activities > Careers, and search for Job ID #471323

For all other applicants, please go to www.nyc.gov/jobs/search and search for Job ID #471323

SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW

APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL

NOTE: This position is open to qualified persons with a disability who are eligible for the 55-a Program.

Please indicate in your cover letter that you would like to be considered for the position under the 55-a program.

Department of Information Technology & Telecommunications and the City of New York are equal opportunity employers.

DoITT participates in E-Verify

Day - Due to the necessary technical support duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings.

New York, NY

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.