Cyber Security Analyst

Client Name: City of New York

Start Date: March 1 2025

End Date: February 28 2031

Contract Length (in weeks): 312

• Identifying and mitigating complex IT technical threats to computer systems networks and data.
  
• Using technical IT tools and IT software to monitor analyze and defend against cyberattacks.
  
• Monitoring and analyzing network traffic configuring firewalls intrusion detection/prevention systems and conducting vulnerability assessments.
  
• Managing and protecting endpoints such as desktops laptops servers and mobile devices from malware ransomware and other threats.
  
• Investigating security incidents identifying root causes and implementing corrective actions to prevent future occurrences.
  
• Utilizing SIEM tools to collect correlate and analyze security event data for threat detection and responses.
  
• Monitoring and analyzing emerging threats vulnerabilities and attack vectors to proactively defend against cyber threats.
  
• Performing Penetration testing.
  
• Keeping abreast of the latest security privacy and regulatory concerns and best practices impacting third party risk management.
  
• Advising the agency on any changes requested by third parties to security and privacy provisions of agreements or contracts.
  
• Collaborating with IT project management and operational teams to design secure cloud infrastructure plans and services.
  
• Performing analysis on the security of all cloud services including but not limited to: AWS Microsoft Azure Google etc.
  
• Providing subject matter expertise on cloud security automation and virtualization.
  
• Developing documenting and validating policies processes and procedures relating to a variety of cloud concepts and standards.
  
• Developing cloud security metrics to analyze risks and identify potential opportunities to reduce vulnerabilities.
  
• Collaborating with all parties and the citys Cyber Command Center to obtain cloud solution dispositions and update agency inventory lists.
  

Requirements

1. A bachelors degree in information technology or Computer Science.
   
2. An industry recognized certification within the domains of information security and privacy (e.g. CISSP GIAC CISM CISA CIPP CTPRP CCSP etc..
   
3. A minimum of three 3 years of experience working in an IT or computerrelated field.Greater consideration will be given to contractors with greater than 5 years of experience.
   
4. A minimum of three 3 years of handson technical experience in cloud administration.
   
5. At least 1 year of experience:
   
1. with Cloud Cybersecurity efforts and emerging technology aligned with the Risk Management Framework (RMF).
   
2. in an Information & Network Security occupation preferred.
   
3. in a cybersecurityrelated occupation preferred.
   
6. A minimum of three 3 years of experience in:
   
1. applying information security and privacy fundamentals.
   
2. applying risk management frameworks such as NIST FISMA or ISO 27000.
   
3. SSAE 16 SOC 2 Shared Assessments FedRAMP and other vendor risk assessment methodologies.
   
4. Governance Risk and Compliance (GRC) and vendor risk management tools.
   
5. technical IT expertise in areas such as network IT protocols IT operating systems IT programming languages encryption techniques and intrusion detection systems to effectively analyze and respond to cybersecurity threats.
   
7. Excellent oral and written communication ability to convey technical and security related concepts to people at all levels of the organization.
   
8. Proficiency in the design and implementation of effective information security controls with minimal oversight.
   
9. Acute attention to detail with a high level of data integrity and accuracy.
   
10. Strong organizational and prioritization skills to handle multiple priorities.
    
11. Must be able to work both onsite and if needed remotely