110 State Street
Minimum Qualifications You must have a Bachelor’s degree* with 15 credit hours in Cyber Security, Information Assurance, or Informational Technology AND two (2) years of information technology experience including one (1) year of information security or information assurance experience.**
* Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate degree requires an additional two years of information technology, information security, or information assurance experience.
**Experience solely in information security or information assurance may substitute for the general information technology experience.
Duties Description • Manage the maintenance of the security monitoring infrastructure to include:
• Signatures tuning
• Signatures management
• Infrastructure management including Security Information and Event Management (SIEM) and Microsoft Defender for Cloud Apps
• Develop new use cases to include: data source identification, signature development, triage process development, signature/triage process improvement, and staff training.
• Perform security event monitoring and network traffic analysis using SIEM and Cloud Access Security Broker (CASB).
• Prioritize and differentiate between potential security events and false positives.
• Escalate priority security events to the Computer Security Incident Response Team (CSIRT) per standard operating procedures.
• Train staff on performing security event monitoring and network traffic analysis including, but not limited to, custom remote collection scripts, Encase Investigator, artifacts identification, artifact parsing, artifact analysis, and triage processes.
• Research current vulnerabilities, attacks, and analysis techniques.
• Manage the log management requirements for the Chief Information Office (CIO) including, but not limited to, verifying logs are being received, archived, and purged automatically.
• Perform incident handling activities to assist with the response to security incidents.
• Perform incident response activities including, but not limited to, investigating security incidents, performing threat analysis, and providing guidance/recommendations.
• Research new digital forensic and incident response tools, techniques, and methodologies.
• Manage and continuously improve the security threat feeds ingested by Office of the State Comptroller (OSC) including but not limited to: SIEM watchlists, open-source threat intelligence feeds, commercial threat intelligence feeds, and third-party intelligence.
• Manage the collection and documentation of the incident response metrics.
• Perform and continuously improve proactive techniques to identify security events within the IT infrastructure.
• Research, identify, and evaluate new threat intelligence sources that can be leveraged by the security program.
• Manage the phishing simulations across the agency including, but not limited to, advanced simulation notifications, creating training simulations, obtaining approval for simulations, conducting simulations, tracking, and reporting out the results to appropriate parties.
• Manage the phishing simulation product including its configuration, recipient lists, and ISO procedures document.
• Manage the collection and documentation of the phishing simulation metrics.
• Assist with the development of phishing security awareness training for individuals who fail multiple simulations.
• Plan and supervise the activities of staff to ensure duties are performed accurately, timely, and according to established priorities and division goals/strategies.
• Direct and supervise staff by communicating objectives and expectations, allocating resources, assigning tasks/projects, reviewing progress/deliverables, and providing constructive feedback.
• Perform the full range of supervisory responsibilities including, but not limited to, development and completion of comprehensive performance evaluations and review of timesheets and telecommuting journals.
• Develop training plans and provide staff with training opportunities appropriate to their level of expertise including on-the-job training, vendor sponsored events and formal outside training.
• Handle personnel and performance issues timely and with discretion.
• Understand and ensure the adherence to all agency policies and standards.
Additional Comments Knowledge, Skills, and Abilities:
• Demonstrated experience in logging and monitoring.
• One year of experience in SIEM.
• One year of experience in security monitoring.
• Demonstrated knowledge of security monitoring, incident response, malware analysis, malware forensics, or digital forensics.
• Demonstrated critical thinking, problem-solving and analytical skills.
• Demonstrated ability to maintain sensitive and confidential information.
• Excellent verbal and written communication skills.
The Office of the New York State Comptroller (OSC) supports telecommuting where it is reasonable to do so based upon the agency’s mission and operational needs. Generally, employees new to OSC will be restricted from telecommuting for at least 8 calendar weeks. After the initial 8 calendar week restriction, if an employee’s duties and work performance are aligned with telecommuting they may be allowed to do so. Upon approval to telecommute, OSC employees may telecommute up to 5 days per pay period.
Some positions may require additional credentials or a background check to verify your identity.
110 State Street, 12th Floor
Notes on ApplyingSubmit a clear, concise cover letter, resume, and a completed copy of this template: https://osc.ny.gov/files/Jobs/docs/00703-info-tech-spec-3-info-sec-mq-template-11-23.docx via email to firstname.lastname@example.org no later than December 11, 2023. Documents must be sent as unlocked and accessible attachments.
Reference Item?#00703 - EMZ?in the subject line of your email and on your cover letter for proper routing.
If you have questions about this vacancy, please contact this Division representative:
Division contact: Lisamarie Astarita, CIO_HR@osc.ny.gov
Important Notes: To access the required template, copy the link above and paste it into your web browser, then download, complete, and save to submit with your email response. You MUST complete the linked template in full to demonstrate you meet the minimum qualifications for this position. Interview selection is based SOLELY on the information you provide in this document, incomplete or vague information will not be viewed in your favor.