The Office of Technology and Innovation (OTI) oversees all Citywide technology, privacy, cybersecurity, infrastructure, and telecommunications to ensure the security of, and enhance, City operations and service delivery to New York City's residents, businesses, employees, and visitors. As the City's technology and innovation leader, OTI is responsible for operating, maintaining, and securing IT infrastructure and systems that touch every aspect of City life from public safety to human services, from education to economic development crossing the full spectrum of governmental operations.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology, transition our existing data infrastructure to a cloud-centric platform, and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

About New York City Cyber Command
New York City Cyber Command (NYC3) is committed to protecting City systems that provide vital services to New Yorkers from cyber threats, and helping residents become safer in their digital lives.

As the organization defending the largest municipality in the country, NYC3 is charged with directing citywide incident response, setting citywide cybersecurity policies and standards and working with city agencies to strengthen their cyber defenses.

Job Description
Shift-Leads within NYC Cyber Command perform many critical functions within the Threat Management discipline. Chief among these functions is providing leadership coverage within the 24x7x365 Security Operations Center (SOC). For this reason, Shift-Leads must be able and willing to fill night and weekend shifts. Some of the Shift-Lead’s tasks are described below:
- Serve as an escalation point for all Threat Analysts on shift for complex/unusual alerts/cases/requests/incidents;
- Ensure adequate coverage for the SOC so that operations are properly monitored and all incidents are reported and remediated in accordance with documented requirements;
- Manage shifts and coverage for all staff;
- Coordinate with appropriate engineering, security, and management teams to resolve and report on issues identified via SOC monitoring tools;
- Handoff any “in-flight” alerts/cases/requests/incidents to the next Shift-Lead;
- Coordinate detection and response activities with SOC Lead and Incident Commanders;
- Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities to distinguish these incidents and events from benign activities;
- Review cases escalated by Threat Analysts to investigate, respond and remediate;
- Conduct quality assurance of cases;
- Ensure an effective flow of escalated cases;
- Assist in developing the incident response strategy and then creating and assigning response actions to Threat Analysts as needed;
- Train Threat Analysts on new processes and tools;
- Identify new Playbooks that need to be developed based on incident reviews;
- Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment to the SOC Lead or CERT;
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack;
- Identify and communicate gaps in being able to effectively respond to incidents;
- Develop detection logic to assist in detecting malicious activity;
- Plan and recommend modifications or adjustments based on exercise results or system environment;
- Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information;
- Determine tactics, techniques, and procedures (TTPs) for intrusion sets;
- Examine network topologies to understand data flows through the network;
- Recommend computing environment vulnerability corrections;
- Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings);
- Work with stakeholders to resolve computer security incidents and vulnerability compliance;
- Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans;
- Assist with projects focused on enhancements to detection;

A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or,

Education and/or experience which is equivalent to "1" above.

The preferred candidate should possess the following: - Excellent verbal and written communication skills are required - Experience supervising a team - Bachelor's degree in Information Technology, related discipline or relevant work experience - Strong analysis skills - Strong network forensics skills - Ability to analyze malware - Ability to conduct vulnerability scans and recognize vulnerabilities in security systems - Ability to accurately and completely source all data used in intelligence, assessment and/or planning products - Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) - Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies - Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/

New York City Residency is not required for this position

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.