Incident Response Analyst, Office of Chief Information Officer

About the position The Office of Information Security (OIS) leads the implementation of an integrated, modern, framework-based security program across the Department of Health and Mental Hygiene to preserve the integrity of agency services and protect sensitive business data from current and emerging cyber threats, and to preserve the reputation of the agency and its ability to protect and promote the health of all New Yorkers. The Cyber Incident Response team provide detection and response to cybersecurity events, events of interest, and incidents for DOHMH. It also collects forensic user evidence requested by legal and investigative entities. Responsibilities • Automate processes leveraging scripts (Python, batch, etc.). Run reports to gather data from SQL databases (SQL). Run penetration testing tools (AppScan). • Responsible for vulnerability management. • Knowledge of SOAR responses and their implementation. • Create SIEM dashboards to help visualize data and events. • Set the program strategy and develop approaches to integrate automation/orchestration services into existing and future processes that will support the verticals within Threat Management. • Perform technical and forensic investigations. • Analyze system services, operating systems, networks, and applications to address possible cyber-attacks. • Remain current on cybersecurity trends and intelligence to enhance the security analysis and the identification capabilities for the IR Team. • Respond and resolve basic operational technical Incidents and Requests. • Summarize events/incidents effectively to different constituencies such as legal counsel, executive management, and technical staff, both in written and verbal forms. • On-call availability as needed/required. Schedules may include several days per month, after hours and weekend support. Requirements • A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area. • A four-year high school diploma or its equivalent approved by a State's department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in '1' above. • Education and/or experience equivalent to '1' or '2', above. College education may be substituted for up to two years of the required experience in '2' above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. • Twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience. Nice-to-haves • Self-starter, detail-oriented, reliable and accountable. • Excellent organizational, time-management and multi-tasking skills, including the ability to take initiative, prioritize duties, and work both independently and within a team. • Applicant should be able to work with little or no supervision. • Familiarity with SIEM and creation of relevant dashboards. • Knowledge of cyber security tools and protocols. • Knowledge of Windows and Linux operating systems. • Knowledge of security best practices. • Knowledge of Windows desktop/server environments, Azure and Microsoft O365. • Excellent written and verbal communication skills. • Knowledgeable of penetration/vulnerability assessment methodologies and the cyber kill chain. • Familiarity with cyber threat intelligence and MITRE's ATT&CK framework. • Knowledgeable of cyber incident handling and response processes. • Familiarity of vulnerability management and remediation. • Experienced in integrated cybersecurity assessment frameworks and lifecycles. Benefits • A premium-free health insurance plan that saves employees over $10K annually, per a 2024 assessment. • Additional health, fitness, and financial benefits may be available based on the position's associated union/benefit fund. • A public sector defined benefit pension plan with steady monthly payments in retirement. • A tax-deferred savings program. • A robust Worksite Wellness Program that offers resources and opportunities to keep you healthy while serving New Yorkers. • Work From Home Policy: Depending on your position, you may be able to work up to two days during the week from home. • Job Security - you could enjoy more job security compared to private sector employment. Apply tot his job