Job description

The Computer Emergency Response Team (CERT) resource function provides essential support to the 24x7x365 Security Operations Center in its ability to defend City systems from cyber threat, including direct support of life safety, and revenue generating operations. The CERT resource function is the escalation point for high-profile cybersecurity incidents impacting City agencies; responsible for coordinating response activities in the Joint Security Operations Center (JSOC) across NYC agencies, state, federal, and private partners. Ensuring the CERT has the capacity to handle the enormous scope of protecting all City infrastructure and responding to high severity incidents is critical to providing protection for all New Yorkers. Lack of these resources would result in increased likelihood of high severity cyber incidents that could cause significant disruptions to the City’s cybersecurity operations and may require costly remediation efforts. TASKS : Serve as the escalation point for high-profile cybersecurity incidents, engage in malware analysis, digital forensics, and campaign assessments; and harmonizes response activities in the JSOC among OTI, City departments, and state, federal, and private partners. Work with cyber intelligence teams to identify new cyber threats and campaigns and proactively deploy countermeasures, prioritize incident response activities and coordinate response efforts among City departments and external partners, investigate cybersecurity incidents through log, file, and malware analysis, Perform memory, network, and host forensics Devise appropriate remediation strategies and assist affected City agencies in containing, eradicating, and recovering from cybersecurity incidents, develop post-incident action plans to improve Mean Time to Detect and Mean Time to Respond, Maintain knowledge of current cyber threat campaigns and tradecraft Proactive threat hunting to identify, counter, and recover from advanced adversaries, Design, build and enhance cyber-incident detection tools and capabilities, Participate in on-call rotation. MANDATORY SKILLS: Formal education or a strong background in Computer Science, Computer Engineering or similar experience Minimum 5/6+ years of experience in Threat Management/SOC/Incident Response environment performing security event and incident detection and handling in an operational environment. Previous experience working as a part of an IT Security team, Incident response experience responding to advanced adversaries Active knowledge of current trends in computer security, software/hardware vulnerabilities, Active interest in current security research, Ability to work as part of a CERT which may require rotational weekday/weekend on-call coverage Strong sense of teamwork, an inquisitive mind, and the desire to share knowledge, Ability to understand and implement technical vulnerability corrections Experience in web application security assessment and/or penetration testing, hybrid cloud environments, conducting static and dynamic malware analysis, automation, scripting (Python, PowerShell, etc.) Understanding of intrusion analysis, Knowledge of multiple operating systems internals (Windows, Linux, OS X), Host and network forensics, At least one of the following industry certifications: SANS GIAC: GCIA, GCIH, GCFA, GCFE, GNFA, GREM, GPEN, GWAPT, GXPN, GDAT, Offensive Security: OSCP

colinoncars.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, colinoncars.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, colinoncars.com is the ideal place to find your next job.