This listing has expired and therefore is not publicly viewable.
|Company||New York Independent System Operator|
|Location||Rensselaer, NY 12144|
|Preferred GIAC Certifications||GSEC, GCIA, GCIH|
Job Summary and Essential Functions
The New York Independent System Operator (NYISO) works to make the power grid smarter by developing and deploying innovative information technology solutions to meet New York’s dynamic energy needs. The NYISO’s Information Technology department invites applications for a full-time Senior IT Security Specialist role.
The Senior Cyber Security Operations Center Analyst will designs and programmatically provide support of the NYISO’s Cybersecurity Operations. This individual will performs a wide range of technical cyber security services with a focus on cybersecurity operations. Senior CSOC Analysts provide overall team leadership, operational oversight\development of NYISO’s 24x7x365 Security Operations Center Tier 1 functions for continuous monitoring of Threat, Vulnerability, and Incident management. The Senior CSOC Analyst is responsible for overseeing processes to ensure strong situational awareness coupled with an ability to respond effectively to security threats. The Senior Analysts supports operational activities during cybersecurity incidents, quickly and decisively responding to ensure risk is contained, and that any potential damage is prevented or minimized, and ensuring protective steps are taken to prevent similar incidents from occurring again. The CSOC Senior Analysts also oversees and performs tasks in support of threat\vulnerability management, log analysis, reporting & metrics, system scanning, and forensic analysis.
This position involves critical duties and responsibilities that must continue to be performed during crisis situations and contingency operations. Senior Analysts may be required to work shift rotations to support around the clock (24x7x365) coverage of the CSOC.
Responsibilities will include:
Development and transition of Security use-case monitoring and alerting based on best practice and threat trending and ensures effective Tier I transition for response is trained and communication effectively.
Develops and leads threat intelligence briefings, threat evaluation studies and work closely with stakeholders to enable the implementation of strategic recommendations.
Leads discoveries or determines new attacker techniques and perform threat hunting within the environment to detect or discover malicious activity.
Provides care and feeding of security platforms operated by Security: IDS/IPS, SIEM, AV, etc. This includes updating IDS/IPS and SIEM systems with new signatures, tuning their signature sets to keep event volume at acceptable levels, minimizing false positives, and maintaining up/down health status of sensors and data feeds. CSOC members involved in this service must have a keen awareness of the monitoring needs so that the CSOC may keep pace with constantly evolving threats. This capability may involve a significant ad hoc scripting to move data around and to integrate tools and data feeds.
Responsible for maintaining configuration items and executing functions on the vulnerability scanning management platform, which includes but not limited to vulnerability scanning in support of CIS benchmarks, security controls testing, and proactive vulnerability detection.
Responsible for composing essential documentation (procedures, scanning reports, remediation reports, etc.), providing analysis and metrics on vulnerabilities, and driving remediation of vulnerabilities throughout the organization.
Provides Guidance and development for Incident response processes, which includes ensuring readiness of the CyberSecurity Incident Response Team (CSIRT), development and support of incident response training exercising. Provide Incident handling and analysis (forensics) response when required as part of the CSIRT.
Provides Project support where required to ensure operational requirements are defined and transitioned successful in continuous security monitoring.
At least 7 years of experience in progressively responsible information technology and/or IT security positions is required, along with an in-depth understanding of information security best practices, and expertise with related technologies and tools.
Experience working with various network technologies, operating systems, databases, cloud environments (AWS, Azure) and coding standards.
Knowledge of various security methodologies and processes, and technical security solutions (firewall, intrusion detection systems, and Security Information and Event Management (SIEM) platforms).
Working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.)
Experience working with various event logging systems and be proficient with security event log analysis. Previous experience with Security Information and Event Monitoring (SIEM) platforms that perform log collection, analysis, correlation, and alerting is also desired.
Experience administering various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks. A conceptual understanding of Windows Active Directory is also desired.
Experience in analyzing net flow data and packet capture (PCAP).
Ability to multi-task, prioritize, and manage time effectively.
Strong attention to detail.
Excellent interpersonal skills and professional demeanor.
Excellent verbal and written communication skills.
Excellent customer service skills.
The NYISO takes pride in recruiting, developing and retaining highly talented individuals. In addition to competitive salaries, we offer a comprehensive benefits package and innovative reward programs.
The NYISO is an Equal Opportunity Employer and as such, does not discriminate in its hiring or employment practices.