Threat Analyst

The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit oti.nyc.gov to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology, and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

About New York City Cyber Command
OTI’s Office of Cyber Command is committed to protecting City systems that provide vital services to New Yorkers from cyber threats, and helping residents become safer in their digital lives. As the organization defending the largest municipality in the country, Cyber Command is charged with directing citywide incident response, setting citywide cybersecurity policies and standards and working with city agencies to strengthen their cyber defenses.

Threat Analysts within Cyber Command perform many critical functions within the Threat Management discipline. Chief among these functions is providing 24x7x coverage within the Security Operations Center. For this reason, Threat Analysts must be able and willing to fill night and weekend shifts.
Responsibilities will include:
-Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
-Coordinate with enterprise-wide cyber defense staff to validate network alerts;
-Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level;
-Document and escalate incidents (including events history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment;
-Perform cyber defense trend analysis and reporting;
-Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack;
-Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy;
-Plan and recommend modifications or adjustments based on exercise results or system environment;
-Provide daily summary reports of network events and activity relevant to cyber defense practices;
-Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts;
-Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities;
-Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity;
-Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information;
-Determine tactics, techniques, and procedures (TTPs) for intrusion sets;
-Examine network topologies to understand data flows through the network;
-Recommend computing environment vulnerability corrections;
-Identify and analyze anomalies in network traffic using metadata;
-Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings);
-Work with stakeholders to resolve computer security incidents and vulnerability compliance;
-Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans;
-Perform special projects and initiatives as assigned.

HOURS/SHIFT
Day - Due to the necessary technical support duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings

WORK LOCATION
New York, NY

TO APPLY
Special Note: Taking and passing civil service exams are necessary to maintain employment with the City of New York. Please check the Department of Citywide Administrative Services (DCAS) website ( for important exam filing information. Please ensure that you are either a permanent employee in the civil service title listed on this posting, or, that you file for the examination when there is an open filing period. For more information regarding the civil service process, please visit the DCAS website at:

* Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration

Please go to and search for Job ID#

SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW
APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL

NOTE: This position is open to qualified persons with a disability who are eligible for the 55-a Program.
Please indicate in your cover letter that you would like to be considered for the position under the 55-a program.

OTI participates in E-Verify

Minimum Qualifications

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty semester credits from an accredited college is equated to one year of experience. In addition, twenty-four credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

Preferred Skills
The preferred candidate should possess the following:-Excellent verbal and written communication skills are required-Understanding of Cybersecurity Fundamentals: This includes knowledge of common attack vectors, security principles, and networking protocols-Incident Handling Procedures: Ability to follow established incident handling procedures and workflows to effectively identify, analyze, and respond to security incidents-Strong foundation in IT knowledge-Critical Thinking and Problem-Solving: The ability to think critically and solve problems when responding to security incidents and making decisions under pressure-Ability to accurately and completely source all data used in intelligence, assessment and/or planning products-Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)-Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies-Technical Aptitude: Knowledge of operating systems (Windows, Linux, etc.), scripting languages (Python, PowerShell, etc.), and cloud platforms in the context of understanding and analyzing security events-Familiarity with security tools such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection System/Intrusion Prevention System), antivirus software, and endpoint detection and response (EDR) solutions is essential.
55a Program
This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.
Public Service Loan Forgiveness
As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at class="jobad-residencyRequirement"> Residency RequirementNew York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.

---