Job Details

  • Title: Threat (CyberSecurity) Analyst
  • Code: RCI-ITCS4-9156A
  • Location: Brooklyn New York (NY) 11201
  • Posted Date: 05/15/2019
  • Duration: 14 Months
  • Status: Open
Talk to our Recruiter

  Job Description

Scheduled Work Hours: 12-hour rotating shifts, nights and weekends (not including a mandatory unpaid meal break after 6 hours of work), 35 hours per week, the consultant must request overtime in the Agency’s timekeeping system, and the project manager must approve those hours worked above the weekly maximum.


NYC Cyber Command (NYC3) Threat Analysts will perform many critical functions within the Threat Management discipline. Chief among these functions is staffing 24x7x365 coverage at the Security Operations Center (SOC) during nights and weekend shifts. Analysts interface regularly with engineering, architecture, and operations teams within NYC3, City agency staff, vendors, and information-sharing partners; they monitor the City network and various security alerts for signs of intrusion, attempted compromise, and anomalous behavior; they apply mitigation techniques or escalate to appropriate teams to assist with mitigation efforts, e.g., network, agency resources, Windows Operations; and they correlate threat intelligence with various logs collected by established security controls.

Tasks include:

  • Lead SOC detection and response activities during shift;
  • Coordinate SOC operations with SOC Manager;
  • Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources;
  • Coordinate with enterprise-wide cyber defense staff to validate network alerts;
  • Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level;
  • Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment;
  • Perform cyber defense trend analysis and reporting;
  • Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack;
  • Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy;
  • Plan and recommend modifications or adjustments based on exercise results or system environment;
  • Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities;
  • Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity;
  • Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information;
  • Determine tactics, techniques, and procedures (TTPs) for intrusion sets;
  • Examine network topologies to understand data flows through the network;
  • Recommend computing environment vulnerability corrections;
  • Identify and analyze anomalies in network traffic using metadata;
  • Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings);
  • Work with stakeholders to resolve computer security incidents and vulnerability compliance;
  • Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.


  • At least 8 years of experience in a Threat Management/SOC/IR environment;
  • Excellent verbal and oral communication skills;
  • Must have knowledge of information security principles, practices and procedures;
  • Strong understanding of network and host technologies;
  • Must have experience applying techniques for detecting host and network-based intrusions using intrusion detection methods and technologies;
  • Experience with SIEM technologies, malware analysis and mitigation techniques
  • Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation);
  • Must be able to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute);
  • Ability to investigate and solve complex problems.


  • Experience with host level forensics
  • Ability to conduct in-depth malware analysis
  • Strong technical writer