Job Title - Cybersecurity Analyst(Hybrid)
Location - Brooklyn, NY(ONLY LOCAL TO NJ-NY-CT)
Duration Long Terms
Job Description
- Experience and Organizational Capability:
The contractor/cybersecurity analyst would have the following credentials, organizational capability, and/or experience:
- A bachelor's degree in information technology or Computer
- An industry recognized certification within the domains of information security and privacy (e.g., CISSP, GIAC, CISM, CISA, CIPP, CTPRP, CCSP, etc.).
- A minimum of 8+ years of experience working in an IT or computer-related field. Greater consideration will be given to contractors with greater than 5 years of
- A minimum of three (3) years of hands-on technical experience in cloud
- At least 3 year of experience:
- with Cloud Cybersecurity efforts and emerging technology aligned with the Risk Management Framework (RMF).
- in an Information & Network Security occupation
- in a cybersecurity-related occupation
- A minimum of three (3) years of experience in:
- applying information security and privacy
- applying risk management frameworks such as NIST, FISMA, or ISO
- SSAE 16, SOC 2, Shared Assessments, FedRAMP, and other vendor risk assessment methodologies.
- Governance, Risk, and Compliance (GRC) and vendor risk management
- technical IT expertise in areas such as network IT protocols, IT operating systems, IT programming languages, encryption techniques, and intrusion detection systems to effectively analyze and respond to cybersecurity
- Excellent oral and written communication, ability to convey technical and security related concepts to people at all levels of the organization.
- Proficiency in the design and implementation of effective information security controls with minimal oversight.
- Acute attention to detail with a high level of data integrity and
- Strong organizational and prioritization skills to handle multiple
- Must be able to work both on-site and, if needed, remotely
- Scope of Services:
The Contractor/cybersecurity analyst would perform a variety of services, both in-person at NYC Health Department locations and, if needed, remotely, including but not limited to:
- Identifying and mitigating complex IT technical threats to computer systems, networks, and data.
- Using technical IT tools and IT software to monitor, analyze, and defend against cyber-
- Monitoring and analyzing network traffic, configuring firewalls, intrusion detection/prevention systems and conducting vulnerability assessments.
- Managing and protecting endpoints such as desktops, laptops, servers, and mobile devices from malware, ransomware, and other threats.
- Investigating security incidents, identifying root causes, and implementing corrective actions to prevent future occurrences.
- Utilizing SIEM tools to collect, correlate and analyze security event data for threat detection and responses.
- Monitoring and analyzing emerging threats, vulnerabilities, and attack vectors to proactively defend against cyber threats.
- Performing Penetration
- Keeping abreast of the latest security, privacy, and regulatory concerns and best practices impacting third party risk management.
- Advising the agency on any changes requested by third parties to security and privacy provisions of agreements or contracts.
- Collaborating with IT project management and operational teams to design secure cloud infrastructure plans and services.
- Performing analysis on the security of all cloud services, including but not limited to: AWS, Microsoft Azure, Google, etc.
- Providing subject matter expertise on cloud security, automation, and
- Developing, documenting, and validating policies, processes, and procedures relating to a variety of cloud concepts and standards.
- Developing cloud security metrics to analyze risks and identify potential opportunities to reduce vulnerabilities.
- Collaborating with all parties and the city's Cyber Command Center to obtain cloud solution dispositions and update agency inventory lists.