This listing has expired and therefore is not publicly viewable.
|Company||NYS Office of Information Technology Services|
|Preferred GIAC Certifications||GCED, GCIH|
|Salary||$81,446 - 102,661|
Under the direction and support of the Manager of Information Technology Services 1 and the Director of Cyber Command, the position will be a member and leader within the team that performs intake and initial triage of cyber security events. The incumbent will be responsible for the technical and process direction of the SOC, provide direction to the analysts, as well as act as a liaison to other stakeholders related to incident response efforts within NY State and local government entities. Incumbent will also be expected to ensure that systematic activities are coordinated with required teams and follow NYS standard and policy.
The position requires communicating orally and in writing with various individuals including management, users, vendors, and other IT staff. The position requires availability during off-shift hours to ensure appropriate response to security incidents or other critical activities that may impact sensitive information, critical systems, NYS agencies, or ITS.
Specific duties include, but are not limited to:
• Serve as team leader and mentor for SOC analysts.
• Supervision of SOC activities related to computer security incidents for NYS and various supported local entities.
• Supervise subordinate team members performing the full range of administrative responsibilities, including performance evaluations, time sheet approval, etc.
• Provide management oversight for the identification, triage and response efforts for events or incidents.
• Manage escalation procedures, workflows and tasks related to SOC activities.
• Ensure identified incidents are escalated timely to CIRT for deeper analysis, resolution and mitigation.
• Ensure that SOC serves as the primary liaison with the portfolio information security staff and coordinate with other security teams with NY state for effective and efficient IR tasks.
• Perform scripting required to automate various processes within SOC.
• Ensure the tickets related to events and incidents are tracked in the ticket management system and tracked to closure in a timely manner.
• Ensure that trusted third party notifications are forwarded to the proper stakeholders in a timely manner.
• Work with the SOC Manager and other Senior Analysts to ensure that the standard operating procedures are being created for various SOC functions
• Ensure that all standard operating procedures and are being followed.
• Identify opportunities to improve security monitoring and operational tasks.
• Provide training, guidance, and act as a mentor to subordinate team members.
bachelor’s degree* with at least 15 credit hours in cyber security, information assurance, or information technology; and three years of information technology experience, including two years of information security or information assurance experience**.
*Substitution: bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of general information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis; an associate's degree requires an additional two years of general
information technology experience.
**Experience solely in information security or information assurance may substitute for the general information technology experience.
• Bachelor’s Degree with a concentration or major in Information Security, Cyber Security, Digital Forensics, Information Assurance, or a related field
• Applicable Information Security certificate(s), including but not limited to:
o Certificate in Computer Network Defense (e.g., GCIA, GCED, GDAT, GPPA, GCDA, GMON, GWEB, CND, ECIH, GCIH)
o Certificate in Cyber Threat Intelligence (e.g., CTIA, GCTI, CCIP, CSTIR)
o Certificate in Digital Forensics (e.g., ACE, GCFA, GCFE, GREM, GNFA)
o Certificate in Penetration Testing (e.g., GPEN, CEH, GAWN, GWAPT, LPT)
o Certificate in Information Security Management (e.g., GSLC, GSTRT, GCEIT, CISM, CCISO)
o Certified Information Systems Security Professional (CISSP)
• 3+ years’ experience in technical writing.
• 2+ years’ experience in the following areas:
o Leading a team in related work.
o Applying and implementing network and/or system security.
o Information security incident response.
o Cyber digital forensics.
o Log analysis (e.g. firewall logs, DNS logs, proxy logs, IDS/IPS logs)
o Using SIEM technologies to support in-depth investigations.
o Using computer security investigation tools (e.g. FTK)
Working knowledge of:
o computer networks, intrusion detection systems, routers, firewalls, operating systems, network vulnerability assessments, web application vulnerability assessments, computer programming and scripting
o network security solutions (e.g., intrusion detection/prevention systems, firewalls)
o system administration
o vulnerability management
o computer programming and scripting
o Information Security (CIA triad, Information Classification, Risk Management, Incident Response, Vulnerability Management, Security Architecture & Engineering)
• Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding
• Demonstrated critical thinking, problem solving and analytical skills