Review Vacancy
AgencyInformation Technology Services, Office of
TitleSecurity Operations Center (SOC) Threat Intel Analyst, Information Technology Specialist 4 (Information Security), ref #5757-48R
Occupational CategoryI.T. Engineering, Sciences
Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)
Salary RangeFrom $93530 to $117875 Annually
Appointment Type Contingent Permanent
Minimum Qualifications Bachelor’s degree* with at least 15 credit hours in cyber security, information assurance, or information technology; and three years of information technology experience, including two years of information security or information assurance experience**.
*Substitution: bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of general information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis; an associate's degree requires an additional two years of general
information technology experience.
**Experience solely in information security or information assurance may substitute for the general information technology experience.
Preferred Qualifications:
• Certifications in one or more of the following:
o Cyber Defense (e.g., GCIA, GCIH, GCED, GSOM, GSOC, GMON, GCDA)
o Cyber Threat Intelligence (e.g., GCTI, CTIA, CCIP, GOSI)
o Information Security and Management (e.g., CISSP, CISM, CCISO, CCSK)
• 2+ years’ experience in one or more of the following:
o working as a senior SOC analyst or team lead
o conducting log analysis (e.g., firewall logs, DNS logs, proxy logs, IDS/IPS logs)
o using SIEM technologies to support in-depth investigations, specifically IBM QRadar
• 1+ years’ experience in one or more of the following:
o developing process and training documentation
o participating in cyber incident response
• Strong understanding of enterprise IT environments, including but not limited to system administration, network architecture, operating systems, endpoint detection and response tools, and network-based security solutions (e.g., IDS/IPS, firewalls)
• Strong understanding of the foundations of Information Security, such as the CIA triad, information classification, identity and access management, risk management, vulnerability management, secure architecture and engineering, network security, software development security, etc.
• Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding
• Excellent analytical process, hypothesis generation, and reporting skills
Duties Description Under the direction of senior leadership within the Office of Information Technology Services\Chief Information Security Office\Cyber Command Center, the incumbent will be a member of the team that is responsible for the ingestion and response to all forms of threat intelligence and vulnerability announcements received from many third parties such as vendors, DHS CISA, MS-ISAC, NYSP, and other sources of open-source intelligence. They will synthesize threat data from various sources and correlate it to produce targeted threat intelligence. The incumbent will perform threat hunting for threat actors in a multi-cloud/multi-OS environment and prototyping detection logic based on the output of those hunts. The candidate will also be able to emulate adversary behavior to assess the efficacy of the security controls.
This position requires the incumbent to possess a solid understanding of the current cyber threat landscape, the tactics, techniques, tools, and procedures commonly leveraged, and the steps necessary to swiftly identify and contain a potential cyber threat. Additionally, this position requires an incumbent to act with a great deal of independence in alignment with agency and upper-level management strategic direction.
Due to the nature of the work performed by the SOC, this position requires availability during off-shift hours to ensure appropriate response to security incidents or other critical activities as needed.
Duties include, but are not limited to:
• Conduct research, analysis, and correlation across a wide variety of all source data sets such as IOCs, IOAs and warnings
• Participate in threat intelligence response and threat hunting program within the SOC to ensure a timely and effective response to new cyber threats.
• Assist in detection engineering prototyping and prioritization efforts and support red team/adversary emulation activities to assess efficacy of existing security controls
• Work with the detection engineering team to translate repeatable hunts into alerts
• Work with incident detection, incident response, cyber threat intelligence, and other teams to coordinate and create remediation plans
• Work with cases escalated by SOC analysts to investigate, respond, and remediate
• Analyze identified malicious activity to determine vulnerabilities exploited, exploitation methods, effects on system and data
• Identify new use cases and playbooks that need to be developed based on incident reviews
• Document and escalate incidents using information gathered from a variety of sources
- Create daily, monthly, and yearly intelligence information in support of NYSOC business needs
- Create technical reports and executive summaries related to cyber security incidents and events
• Participate in active projects to help identify and resolve issues/problems to ensure successful outcomes are achieved
• Work with peer analysts to appropriately tune the detections and performance of multiple security tools such as firewall, intrusion detection/intrusion prevention systems (IDS/IPS), endpoint detection and response (EDR), sandbox tools, antivirus/antimalware, and security incident and event management (SIEM) to increase the quality of generated alerts
• Perform the full range of supervisory responsibilities
Additional Comments Background check and fingerprinting are required.
Additional details on work shift will be discussed at time of interview.
*Please note, this position may be filled in either Albany, NYC, or other locations statewide.
Benefits of Working for NYS
Generous benefits package, worth 65% of salary, including:
• Holiday & Paid Time Off
• Thirteen (13) paid holidays annually
• Up to thirteen (13) days of paid vacation leave annually
• Up to five (5) days of paid personal leave annually
• Up to thirteen (13) days of paid sick leave annually for PEF
• Up to three (3) days of professional leave annually to participate in professional development
Health Care Benefits
• Eligible employees and dependents can pick from a variety of affordable health insurance programs
• Family dental and vision benefits at no additional cost
Additional Benefits
• New York State Employees’ Retirement System (ERS) Membership
• NYS Deferred Compensation
• Access to NY 529 and NY ABLE College Savings Programs, as well as U.S. Savings Bonds
• Public Service Loan Forgiveness (PSLF)
• Up to 50% telecommuting
• And many more.
Some positions may require additional credentials or a background check to verify your identity.
Email Address postingresponses@its.ny.gov
Address
Street Office of Information Technology Services
Human Resources Services - Swan Street Building, Core 4, Floor 1
Notes on ApplyingTo apply, please submit a resume and cover letter indicating you are applying for Information Technology Specialist 4 (Information Security) Ref #5757-48R and include the vacancy ID. In your cover letter, please clearly indicate how you meet the minimum qualifications for this position. Your Social Security number may be required to confirm your eligibility.
Some positions may require additional credentials or a background check to verify your identity. Selected candidates who are new or returning to NYS service may be required to pay for fingerprinting fees. New York State is an equal opportunity employer.