**Candidates must be permanent in the Cyber Security Analyst civil service title to apply**

The Cybersecurity Analyst (Level 2) supports the NYC Law Department’s Information Security Office by safeguarding sensitive legal, personnel, and case related data across all agency systems. This role performs hands on security operations, user access administration, log and SIEM monitoring, and vulnerability management in accordance with NYC DCAS, NYC Cyber Command (NYC3), NIST 800 53, CIS Controls, and Citywide Information Security Policies.
The Analyst will work closely with Legal Technology, Infrastructure, and NYC3 partners to ensure the confidentiality, integrity, and availability of Law Department systems. This position requires strong analytical skills, attention to detail, and the ability to operate effectively in a high stake, fast paced government environment.

Key Responsibilities

User Access & Identity Management (Pre Automation):

- Create, modify, and disable user accounts in accordance with NYC Law Department access control procedures and DCAS cybersecurity standards.
- Apply least privilege, role-based access control (RBAC) and enforce MFA across all systems.
- Conduct quarterly and ad hoc access reviews for legal divisions, ensuring compliance with NYC3 Identity & Access Management (IAM) guidelines.
- Monitor for account lockouts, unauthorized access attempts, and credential misuse.
- Maintain detailed audit trails of all account changes for DCAS and internal compliance reviews.

System Monitoring & Log Review:

- Monitor SIEM dashboards (e.g., Splunk, Azure Sentinel, or NYC3 approved platforms) for anomalies, intrusion attempts, and policy violations.
- Review logs from servers, endpoints, firewalls, case management systems, and cloud platforms.
- Correlate log data to identify patterns of malicious activity affecting legal operations.
- Track system health metrics and escalate early indicators of compromise to senior analysts or NYC3.
- Document all monitoring activities in accordance with Citywide Cybersecurity Logging Standards.

Vulnerability Management (Secondary/Backup Role):

- Support scheduled vulnerability scans using NYC3 approved scanning tools.
- Validate scan results, prioritize remediation based on risk, and coordinate with Infrastructure and Application teams.
- Track patching progress and verify remediation for Windows, Linux, and application environments.
- Use PDQ and Tanium for software deployment, patching, and configuration updates.
- Use Tanium for endpoint visibility, compliance reporting, and threat detection.
- Ensure all remediation activities align with NYC Cyber Command’s Patch & Vulnerability Management Policy.

Cyber & Incident Investigations:

- Assist in triaging alerts, gathering forensic evidence, and escalating incidents to senior analysts or NYC3 as required.
- Document investigation steps, findings, and corrective actions in accordance with NYC Incident Response Procedures.
- Use EDR tools, network analyzers, and forensic utilities to support investigations.
- Leverage Forscout and Tanium modules for rapid endpoint queries, isolation, and remediation.
- Conduct root cause analysis and recommend preventive measures to reduce future risk.

Standards, Compliance & Governance:

- Ensure all activities comply with NYC Law Department policies, NYC3 directives, NIST 800 53, ISO 27001, and CIS Controls.
- Maintain accurate records of account changes, monitoring activities, and incident reports for audits.
- Identify and recommend automation opportunities to streamline account management and monitoring workflows.
- Participate in agency wide cybersecurity awareness initiatives and staff training.

CYBER SECURITY ANALYST - 13633

Minimum Qualifications

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

Preferred Skills

- Minimum 2 years of experience in cybersecurity, IT security operations, or system administration. - Experience with PDQ, Flowmon, Forscout, Tanium, SIEM platforms, and vulnerability scanning tools. - Experience working in a regulated or government environment preferred. Technical Skills: - Strong understanding of authentication, access control, and identity management. - Familiarity with incident response processes and forensic investigation techniques. - Knowledge of patch management, vulnerability remediation, and endpoint security. - Ability to interpret logs, alerts, and security telemetry from multiple sources. Soft Skills: - Strong analytical and problem-solving abilities. - Excellent written and verbal communication skills, especially for legal and executive audiences. - Ability to work independently and collaboratively across legal, technical, and administrative teams. - High level of discretion when handling sensitive legal information. Performance Metrics - Accuracy and timeliness of user account provisioning and deprovisioning. - Frequency, quality, and documentation of system monitoring and log reviews. - Responsiveness and effectiveness in incident triage and investigation. - Contribution to vulnerability remediation timelines and compliance targets. - Adherence to NYC Law Department, DCAS, and NYC3 cybersecurity policies

55a Program

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

Public Service Loan Forgiveness

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.

Residency Requirement

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.