The Bureau of Information Systems provides a full range of technology support services for key business functions and Charter mandated responsibilities of the Comptroller’s Office. These services include technology strategic planning, web site development, graphic design, disaster recovery, systems development, network administration, audio/visual services, business process re-engineering, change management, program management, security administration, Service Desk, computer operations, telecommunications, and document management. As part of security administration, Advanced Threat Protection (ATP) technology is used for detecting and preventing situations where sensitive information is exposed outside the organization’s network.

Under the direction of the Manager of Network Operations, the Cyber Security Analyst will assist with implementing cybersecurity polices, standards, directives, and guidelines that draws heavily from citywide cyber policies implemented by the City of New York for all agencies. Tasks include, but are not limited to, the following:

- Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis and direct system remediation)

- Conduct threat analysis and assessments on network/systems, monitor, maintain, update and secure client's infrastructure.

- Establish, maintain, and execute all components of an incident response plan, including run books, from incident intake through root cause analysis, technical remediation analysis and reporting.

- Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system (IDS) logs to identify possible threats to network security.

- Execute cyber defense incident triage to include determination of scope, urgency, and potential impact; identifying the specific vulnerability and making recommendations that enable expeditious remediation.

- Perform initial, forensic investigation, accurately document incidents from beginning to end including evidence handling.

- Participate in the incident response activities to minimize the impact. Act as a technical and forensic investigation liaison between the agency, OTI, and Cyber Command

- Respond and resolve basic operational technical Incidents and Requests.

- Perform other related duties and functions as required.


Note: We appreciate every applicant’s interest; however, only those under consideration will be contacted. Certain residency requirements may apply. Vacancy notices listed as “Until Filled” will be posted for at least five workdays.

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

- 2 years or more experience working in a complex enterprise environment - Strong understanding of vulnerability and exploitation concept - Previous experience in firewalls, IDS/IPS, SEIM, cybersecurity tools - Previous experience performing threat hunting and incident response using SIEM tools, cybersecurity management tools - Knowledge of Malware Analysis, Reverse Engineering and Host-based and Memory Forensics tools and techniques - Deep understanding of computer intrusion activities, incident response techniques, tools and procedures - Knowledge of digital forensics methodology as well as security architecture, system administration and networking (including TCP/IP, DNS, HTTP, SMTP) - Knowledge of operating systems including Mac and Windows - Familiarity with programming languages such as Python, Perl, C/C++, PowerShell, etc. - Experience with security assessment and vulnerability tools such as Qualys, NMAP, Security Onion suite, Nessus, and Metasploit.

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.