The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit oti.nyc.gov to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

About New York City Cyber Command
OTI / NYC Cyber Command is charged with protecting all City systems against cyber threats, including systems that deliver vital services to New Yorkers. Headed by the Chief Information Security Officer of the City of New York, we provide in-depth support to over 100 agencies and offices to protect, detect, identify, respond to, and recover from cyber threats.

About the Position
Cyber Intelligence Analysts within Cyber Command perform critical functions within the Threat Management discipline including consuming and analyzing tactical and technical intelligence as well as providing operational and tactical level support to key stakeholders of the Threat Management team. The Cyber Intelligence Analyst is the liaison between operators and the CTI team and provides intelligence support in the form of assisting hunt missions, augmenting detection capabilities, supporting response efforts from a technical perspective, extracting and correlating indicators or artifacts to primary operators and directly assisting or executing investigative efforts or tasks. Cyber Intelligence Analysts communicate their findings through a variety of intelligence products and services, to include finished intelligence products.

Responsibilities will include:
- Provide intelligence support to primary operators; assistance or execute investigative efforts or tasks;
- Assist hunt missions to augment detection capabilities to identify threats across Cyber Command operating environment;
- Gather materials to support intelligence briefings for executive management and operational stakeholders;
- Play an active role in servicing RFI's;
- Actively research and track threat actors, malware, campaigns, code families, and infrastructure;
- Conduct link analysis across datasets to support technical analysis and assessments;
- Support the validation, collection, processing, analysis, and dissemination of tactical intelligence (IOCs) and products (finished reports) throughout Cyber command and partner organizations;
- Develop, maintain, and execute threat and risk communication processes that advise NYC3 network defenders;
- Responsible for pushing indicators to security defenses from Cyber Command’s Threat Intelligence Platform (TIP) and coordinating activity with defensive operators;
- Perform network, host, and kill chain analysis on malware behavior and intrusion sets;
- Conduct research for tracking certain code families, campaigns, or actors through technical analysis of data, malicious codes, and infrastructure;
- Employ predictive analytic methods to determine changes in adversary’s capabilities, motivations, and intent, while providing recommendations to reduce risk before exposure to threats occur;
- Provide analytic support to the Security Operations Center, including Incident Response and Risk Analysts, to add context to active investigations and threats using intelligence;
- Create and present custom threat briefing materials for Cyber Command’s operational teams to provide tactical situational awareness;
- Contribute to structured analytic technique exercises;
- Aid exercises for incident response, finished intelligence, and other use cases;
- Assist incident response efforts with tactically relevant guidance for triaging and forensic analysis as needed;
- Support implementation of relevant feedback for technical intelligence products.

HOURS/SHIFT
Day - Due to the necessary technical duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings.

WORK LOCATION
Brooklyn, NY

To Apply
Special Note: Taking and passing civil service exams are necessary to maintain employment with the City of New York. Please check the Department of Citywide Administrative Services (DCAS) website (http://www.nyc.gov/html/dcas/html/work/exam_monthly.shtml) for important exam filing information. Please ensure that you are either a permanent employee in the civil service title listed on this posting, or, that you file for the examination when there is an open filing period. For more information regarding the civil service process, please visit the DCAS website at: http://www.nyc.gov/html/dcas/html/work/work.shtml

Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration

Please go to www.cityjobs.nyc.gov and search for Job ID # 613797

SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW
APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL

OTI participates in E-Verify.

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

The successful candidate should possess the following: - Ability to work independently and function effectively as part of a team in a dynamic environment - Strong written and verbal communication skills including, organization, presentation and facilitation skills - Proficient analytical qualities that include logical reasoning, critical thinking and problem solving - Proficient with applications such as Microsoft Office, or comparable products - Demonstrate a clear understanding of the intelligence lifecycle and its component parts of intelligence-driven threat hunting - Knowledge of the current cyber threat landscape, with a specific focus on the technical aspects of adversarial Tactics, Techniques and Procedures (TTPs) and their relation to the cyber kill chain and other analytical models - Knowledge of standard monitoring, detection, and response security functions - Understanding of foundational threat intelligence analysis frameworks, including the Diamond Model and Kill Chain - Working knowledge of intelligence analysis applications (Maltego), tools, and systems Familiarity with various technologies such as SIEM, IDS/IPS, Proxy, Endpoint and enterprise incident management systems - Familiarity with basic intelligence tradecraft, including the intelligence cycle, structured analytic techniques, and intelligence writing and briefing - Experience working in a security environment and/or supporting security teams from a technical standpoint - Fundamental analytic skill sets, with extensive experience in the extraction and analysis of tactical intelligence from investigations - Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, and non-repudiation) - Understanding of vulnerability and exploitation concepts, or experience in penetration testing - Expertise in host and network-based forensics, or Incident Response best practices - Strong understanding of dynamic/behavioral malware analysis methods and technology - Experience in host and network-based defense, or monitoring and detection best practices - Demonstrate an ability to actively work with vendors who provide intelligence support, analytical support, and toolsets - Prior experience working in intelligence preferred - Ability to obtain a security clearance is preferred

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.