Civil Service Cyber Security Jobs (NOW HIRING)

**Candidates must be permanent in the Cyber Security Analyst civil service title to apply**
The Cybersecurity Analyst (Level 2) supports the NYC Law Department's Information Security Office by safeguarding sensitive legal, personnel, and case related data across all agency systems. This role performs hands on security operations, user access administration, log and SIEM monitoring, and vulnerability management in accordance with NYC DCAS, NYC Cyber Command (NYC3), NIST 800 53, CIS Controls, and Citywide Information Security Policies.
The Analyst will work closely with Legal Technology, Infrastructure, and NYC3 partners to ensure the confidentiality, integrity, and availability of Law Department systems. This position requires strong analytical skills, attention to detail, and the ability to operate effectively in a high stake, fast paced government environment.
Key Responsibilities
User Access & Identity Management (Pre Automation):
- Create, modify, and disable user accounts in accordance with NYC Law Department access control procedures and DCAS cybersecurity standards.
- Apply least privilege, role-based access control (RBAC) and enforce MFA across all systems.
- Conduct quarterly and ad hoc access reviews for legal divisions, ensuring compliance with NYC3 Identity & Access Management (IAM) guidelines.
- Monitor for account lockouts, unauthorized access attempts, and credential misuse.
- Maintain detailed audit trails of all account changes for DCAS and internal compliance reviews.
System Monitoring & Log Review:
- Monitor SIEM dashboards (e.g., Splunk, Azure Sentinel, or NYC3 approved platforms) for anomalies, intrusion attempts, and policy violations.
- Review logs from servers, endpoints, firewalls, case management systems, and cloud platforms.
- Correlate log data to identify patterns of malicious activity affecting legal operations.
- Track system health metrics and escalate early indicators of compromise to senior analysts or NYC3.
- Document all monitoring activities in accordance with Citywide Cybersecurity Logging Standards.
Vulnerability Management (Secondary/Backup Role):
- Support scheduled vulnerability scans using NYC3 approved scanning tools.
- Validate scan results, prioritize remediation based on risk, and coordinate with Infrastructure and Application teams.
- Track patching progress and verify remediation for Windows, Linux, and application environments.
- Use PDQ and Tanium for software deployment, patching, and configuration updates.
- Use Tanium for endpoint visibility, compliance reporting, and threat detection.
- Ensure all remediation activities align with NYC Cyber Command's Patch & Vulnerability Management Policy.
Cyber & Incident Investigations:
- Assist in triaging alerts, gathering forensic evidence, and escalating incidents to senior analysts or NYC3 as required.
- Document investigation steps, findings, and corrective actions in accordance with NYC Incident Response Procedures.
- Use EDR tools, network analyzers, and forensic utilities to support investigations.
- Leverage Forscout and Tanium modules for rapid endpoint queries, isolation, and remediation.
- Conduct root cause analysis and recommend preventive measures to reduce future risk.
Standards, Compliance & Governance:
- Ensure all activities comply with NYC Law Department policies, NYC3 directives, NIST 800 53, ISO 27001, and CIS Controls.
- Maintain accurate records of account changes, monitoring activities, and incident reports for audits.
- Identify and recommend automation opportunities to streamline account management and monitoring workflows.
- Participate in agency wide cybersecurity awareness initiatives and staff training.
CYBER SECURITY ANALYST - 13633

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or
2. A four-year high school diploma or its equivalent approved by a State's department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in "1" above; or
3. Education and/or experience equivalent to "1" or "2", above. College education may be substituted for up to two years of the required experience in "2" above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.