IT Security Specialist - Cyber Threat Intelligence

The mission of the New York City Police Department is to enhance the quality of life in New York City by working in partnership with the community to enforce the law, preserve peace, protect the people, reduce fear, and maintain order. The NYPD strives to foster a safe and fair city by incorporating Neighborhood Policing into all facets of Department operations, and solve the problems that create crime and disorder through an interdependent relationship between the people and its police, and by pioneering strategic innovation.

The Information Security team within ITB is a highly specialized group of cyber security professionals tasked to oversee the defense and response of cyber security incidents within NYPD. This includes, but not limited to, user access and controls, vulnerability, scanning, cyber threat intelligence gathering, and incident response.

The Information Security Office seeks an IT Security Specialist. Job duties include:

o Research current and emerging threats facing the business and industry sector.

o Track threat actor infrastructure and associated malware families.

o Centralize multiple threat sources (premium, industry-shared, open-source, dark web), correlate indicators and threats, and distill actionable intelligence.

o Use automation to efficiently streamline and de-duplicate threats for playbooks, but use human analysis for actionable decision-making.

o Actively hunt for exposures and identify incidents warranting action to disrupt and remediate threats.

o Use and assign indicator severity and impact ratings to determine appropriate plans of action.

o Document threats into contextual reports outlining severity, urgency and impact, and ensure they can be understood by both management and technical teams.

o Serve as a trusted advisor to establish credibility with business unit leadership and technical teams.

o Share relevant information with stakeholders and make recommendations for next steps when facing threats.

o Actively participate in threat hunting tabletop exercises to hone and strengthen skills across the team.

o Evaluate and implement deception techniques designed to thwart adversaries.

o Work closely with security leadership to instill cybersecurity policies and practices throughout business units to address security operations, incident response, application security and infrastructure.

o Actively inform and engage in security projects across the business to disrupt active or potential threats.

o Be readily available to participate in collaborative threat analysis meetings with internal and external trusted entities.

o Maintain an up-to-date level of knowledge related to security threats, vulnerabilities and mitigations to reduce attack surface, and circulate it through business units.

o Motivate business units to adopt cybersecurity controls to reduce attack surface.

o Openly support the CISCO, management team and executive leadership, even during tumultuous times.

o Perform other duties as assigned.

Work Location: 1 Police Plaza and 11 Metro Tech

Work Schedule: M-F 0900-1700 HRS

Additional Information:

In compliance with Federal Law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

The City of New York offers a comprehensive benefits package including health insurance for the employee and his or her spouse or domestic partner and un-emancipated children under age 26, union benefits such as dental and vision coverage, paid annual leave and sick leave, paid holidays, a pension, and optional savings and pre-tax programs such as Deferred Compensation, IRA, and a flexible spending account.

Minimum Qualifications

A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or,

Education and/or experience which is equivalent to "1" above.

Preferred Skills

• Applicants should have several years of cyber security experience with a specialization in intelligence gathering, and an applicable knowledge of adversary tactics, MITRE ATT&CK framework, OSINT and proficiency with commercial and open source cyber-threat intelligence tools.

• Applicants should also possess strong administrative, verbal and written communication skills.

• Bachelor's or Master's degree and CISSP, GCIH, GCTI certificate are preferred (certificates should be valid and current).

• Familiarity with administering directory services, Windows and Azure AD, SSO, MFA and role-based access control (RBAC).

• Experience administering IAM systems, access controls, security and risk management, and security governance fundamentals.

• Ideally familiar with one or more regulatory requirements and laws such as, but not limited to, PCI, Federal Financial Institutions Examination Council (FFIEC), Sarbanes-Oxley (SOX), HIPAA, GDPR and GLBA. Additionally, experience in one or more of the following preferred: ISO 17799, ITIL and NIST.

• Preferable experience with one or more scripting languages (e.g., Python, PowerShell, Bash).

• Track record acting with integrity, taking pride in work, seeking to excel, and being curious and flexible.

• Strong written and oral communication skills across varying levels of the organization.

• Understanding of service design, delivery concepts and control frameworks.

Residency Requirement

New York City Residency is not required for this position

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.