Cyber Security Analyst
- DEPT OF PARKS & RECREATION
- Full-time
Location
MANHATTAN
- Exam may be required
Department
Information Technology
Job Description
*ONLY OPEN TO CURRENT FULL-TIME ANNUALLY PAID PARKS EMPLOYEES*
Major Responsibilities
- Under supervision, with latitude for independent initiative and decision making, assist Parks IT in liaising with the citywide NYC Office of Technology and Innovation (OTI) by ensuring any security threats are mitigated by Parks in a timely manner.
- With an effort to remain proactive and stay ahead of the issues, respond to alerts and events that could threaten the Agency’s information technology security posture.
- Characterize and analyze network traffic and server / cloud performance metrics to identify anomalous activity and potential threats.
- Complete appropriate patching on various systems, including workstations, servers and network equipment such as switches and routers.
- Analyze identified malicious activity to determine means, method, and details of exploitations against Agency systems and applications.
- Evaluate commercial software in conjunction with OTI for safe use by NYC Parks.
- Reimage / restore devices and equipment to previously known good states after an incident.
- Validate, analyze, investigate and mitigate reported trouble tickets or incidents from OTI.
- Follow up to ensure Parks staff are taking and following Cyber Security Training.
- Ensure new software (COTS, in-house) are being developed following citywide security standards and protocols.
- Follow up on incident reports and app scan reports to ensure that proper mitigation is taking place in timely manner.
- Conduct network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls and host-based security systems.
- Conduct log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources
- Correlate activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous or suspicious activity.
- Support the creation of business continuity/disaster recovery plans, including conducting disaster recovery tests, publishing test results and making changes necessary to address deficiencies.
- Research emerging threats and vulnerabilities to aid in the identification of incidents.
- Provide users with incident response support, including mitigating actions to contain activity and facilitating forensic analysis when necessary.
- Perform security standards testing against computers or IT equipment before implementation to ensure security standards are met.
- Coordinate with OTI and Parks IT on providing IT inventory, performing Parks security audits and coordinate comptroller directive 1 audits.
How to Apply: Go to cityjobs.nyc.gov and search for Job ID# 657112.
All applicants must apply via cityjobs.nyc.gov. The City is no longer using ESS to accept applications.
*Current Employees please include your ERN and Job ID# 657112 on your cover letter and resume.
Work Location: Arsenal West, Manhattan
NOTE: All resumes must be received no later than the last day of the posting period. *Posting period extended to 12/02/2024. Previous applicants to Job ID# 631234 are still under consideration and need not reapply. References will be required upon request.
nyc.gov/parks
MOVEMENT IN THE FACE OF CIVIL SERVICE LISTS IS PROHIBITED UNDER CIVIL SERVICE LAW.
For information about applying for Civil Service Exams go to: Civil Service Exams - Department of Citywide Administrative Services (nyc.gov)
1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or
2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or
3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.
1. Experience in IT audit, enterprise risk management, penetration tester, red team/incident responder or as a junior security operations analyst. 2. Experience with regulatory compliance and information security management frameworks (such as International 3. Organization for Standardization [IS0] 27000-1 or 27000-2, COBIT, National Institute of Standards and Technology [NIST] 800-53 or 800-171). 4. Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one. 5. An ability to effectively influence others to modify their opinions, plans or behaviors. 6. An understanding of organizational mission, values, goals and consistent application of this knowledge. 7. Strong problem-solving and troubleshooting skills. 8. Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM). 9. Valid New York State driver license. 10. Familiarity with CISA Binding Operational Directives. 11. Familiarity with NIST Framework, McAfee / CrowdStroke / Rapid7, and Azure or AWS.
This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.
As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.
Residency in New York City, Nassau, Orange, Rockland, Suffolk, Putnam or Westchester counties required for employees with over two years of city service. New York City residency required within 90 days of hire for all other candidates.
The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.
Job ID
657112
Title code
13633
Civil service title
CYBER SECURITY ANALYST
Title classification
Competitive-1
Business title
Cyber Security Analyst
Posted until
2024-12-02
- Experienced (non-manager)
Job level
02
Number of positions
1
Work location
24 West 61 Street
- Technology, Data & Innovation