NYISO is hiring a
Senior Cybersecurity Operations Center Analyst

Summary

The NYISO is hiring a Senior Cybersecurity Operations Center Analyst to provide 24x7x365 continuous security monitoring, respond to cyber threats and incidents, and oversee processes for strong situational awareness. The role requires a Bachelor's Degree in Cybersecurity or related fields, at least 7 years of experience in IT or IT security positions, and various certifications.

Requirements

• Bachelor's Degree (BS) in Cybersecurity, Computer Science, Computer Information Systems, or similar fields required
• At least 7 years of experience in progressively responsible information technology and/or IT security positions is required
• Knowledgeable in Python, Bash, Powershell, or other scripting languages
• Knowledge of various security methodologies and processes, and technical security solutions (firewall, intrusion detection systems, and Security Information and Event Management (SIEM) platforms)
• Working knowledge of network communications and routing protocols (e.g., TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g., SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.)
• Experience working with various event logging systems and be proficient with security event log analysis
• Experience administering various operating systems (e.g., Windows, OS X, Linux, etc.) commonly deployed in enterprise networks
• Understanding of Windows Active Directory
• Experience in analyzing net flow data and packet capture (PCAP)

Responsibilities

• Provide advanced monitoring, analysis, and response to cyber security events and trends of security log data
• Develop incident response processes ensuring readiness of the cybersecurity incident response team (CSIRT)
• Provide advanced incident handling and analysis response when required as part of the CSIRT
• Manage contextualizing threat trending for Security Operations and situational awareness
• Develop and lead threat intelligence briefings and threat evaluation studies
• Remain knowledgeable about new threats. Analyze attacker tactics, techniques and procedures (TTPs)
• Work closely with stakeholders to enable the implementation of security recommendations
• Performs threat hunting within the environment to detect or discover malicious activity
• Develop security use-case monitoring and alerting based on best practice and threat trending. Ensures effective transition to analysts for operational response
• Provides project support where required to ensure security requirements are defined and transitioned successfully to continuous monitoring
• Leads threat modeling collaboration with other members of the IT security team
• Identifies and uses automation and orchestrate solutions (SOAR) to automate repetitive tasks and mature monitoring and response capabilities
• Leads CSOC threat research by assessing event data collected by systems both inside and outside of the CSOC
• Develop reporting and metrics to aid security operations effectiveness
• Provides operational maintenance of security platforms operated by security including IDS/IPS, SIEM, Threat Intelligence Platforms, AV, etc. This includes updating new signatures, tuning event volumes to acceptable levels, minimizing false positives, and maintaining up/down health status of sensors and data feeds

Preferred Qualifications

• Ability to multi-task, prioritize, and manage time effectively
• Strong attention to detail
• Excellent interpersonal skills and professional demeanor
• Excellent verbal and written communication skills
• Excellent customer service skills
• Experience with SerivceNow Incident Response module, and related SOAR capabilities a plus