Security Operations Center Analyst

IMPORTANT NOTE: ONLY CANDIDATES WHO HAVE A PERMANENT CYBER SECURITY ANALYST OR IN COMPARABLE CIVIL SERVICE TITLE WILL BE CONSIDERED FOR AN INTERVIEW. PLEASE INCLUDE YOUR EMPLOYEE IDENTIFICATION NUMBER (EIN) AND YOUR TITLE WHEN APPLYING.

NYC Department of Finance (DOF) is responsible for administering the tax revenue laws of the city fairly efficiently and transparently to instill public confidence and encourage compliance while providing exceptional customer service.

DOFs Finance Information Technology (FIT) Division designs builds and supports all facets of DOFs computer systems including hardware software applications infrastructure telephone and data security. FIT delivers and administers tax-related payment programs for the City of New York by providing the information technology solutions needed to achieve its mission of collecting revenue while ensuring an efficient and improved customer experience. FIT is also responsible for the systems and websites which enable citywide payments land records property assessment parking adjudications customer service and the Sheriffs public safety work.

As a member of the Finance Cyber Security Operations Center the candidate will work within a multidisciplinary team to monitor security systems identify potential threats and support incident response activities. This position serves as a critical first line of defense against digital risks helping safeguard networks and data while gaining hands-on experience and guidance from senior analysts.

Reporting to the Director of Cyber Security Operations the selected candidates responsibilities will include but not be limited to the following:

-Monitor SIEM dashboards endpoint detection tools intrusion detection systems email security platforms and firewall alerts for indicators of compromise or anomalous activity.
-Maintain situational awareness of the security posture by reviewing real time event feeds and scheduled reports.
-Identify patterns or behaviors that may indicate malicious activity policy violations or system misuse.
-Validate and classify alerts to determine severity credibility and potential impact.
-Collect and analyze log data from multiple sources to establish context around events.
-Differentiate between false positives and events requiring escalation following established playbooks and procedures.
-Document investigative steps observations and preliminary conclusions in the case management system.
-Escalate confirmed or high risk events to senior analysts or incident responders in accordance with the Incident Response Plan.
-Assist with containment actions under guidance such as isolating endpoints or blocking malicious indicators.
-Preserve relevant evidence to support further investigation or forensic analysis.
-Reference threat intelligence sources to contextualize alerts identify known indicators and understand adversary tactics.
-May serve as a subject matter expert on characterizing and analyzing network traffic to identify anomalous activity and potential threats to network resources.
-Apply frameworks such as MITRE ATT&CK to categorize observed behaviors and support consistent analysis.
-Report recurring false positives tool anomalies or gaps in visibility to support tuning and optimization efforts.
-Verify log ingestion sensor health and alert functionality as part of routine operational checks.
-May serve as a subject matter expert or Team Lead to coordinate with enterprise-wide cyber defense staff to validate network alerts.
-Contribute to maintaining watchlists detection rules and operational documentation.
-Participate in knowledge sharing sessions tabletop exercises and SOC training activities.
-Develop foundational skills in networking operating systems authentication mechanisms and common attack techniques.
-Work closely with senior analysts engineers and incident responders to strengthen investigative capabilities.
-May serve as a subject matter expert in the development of content for cyber defense tools.

Additional Information:

In compliance with federal law all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

This position may be eligible for remote work up to 2 days per week pursuant to the Remote Work Pilot Program agreed between the City and the Collective Bargaining Unit representing employees serving in the civil service title.

CYBER SECURITY ANALYST - 13633

Qualifications :

1. A baccalaureate degree from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security network security computer science computer programming computer engineering information technology information science information systems management network administration or a pertinent scientific technical or related area; or

2. A four-year high school diploma or its equivalent approved by a States department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in 1 above; or

3. Education and/or experience equivalent to 1 or 2 above. College education may be substituted for up to two years of the required experience in 2 above on the basis that sixty (60) semester credits from an accredited college is equated to one year of addition twenty-four (24) credits from an accredited college or graduate school in cyber security network security computer science computer programming computer engineering information technology information science information systems management network administration or a pertinent scientific technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school) may be substituted for one year of experience.

Additional Information :

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic including but not limited to an individuals sex race color ethnicity national origin age religion disability sexual orientation veteran status gender identity or pregnancy.

Remote Work :

No

Employment Type :

Full-time