Security Operations Center Analyst at CityOfNewYork

IMPORTANT NOTE: ONLY CANDIDATES WHO HAVE A PERMANENT CYBER SECURITY ANALYST OR IN COMPARABLE CIVIL SERVICE TITLE WILL BE CONSIDERED FOR AN INTERVIEW. PLEASE INCLUDE YOUR EMPLOYEE IDENTIFICATION NUMBER (EIN) AND YOUR TITLE WHEN APPLYING. NYC Department of Finance (DOF) is responsible for administering the tax revenue laws of the city fairly, efficiently, and transparently to instill public confidence and encourage compliance while providing exceptional customer service. DOF’s Finance Information Technology (FIT) Division designs, builds, and supports all facets of DOF’s computer systems, including hardware, software, applications, infrastructure, telephone, and data security. FIT delivers and administers tax-related payment programs for the City of New York by providing the information technology solutions needed to achieve its mission of collecting revenue while ensuring an efficient and improved customer experience. FIT is also responsible for the systems and websites which enable citywide payments, land records, property assessment, parking adjudications, customer service, and the Sheriff’s public safety work. As a member of the Finance Cyber Security Operations Center, the candidate will work within a multidisciplinary team to monitor security systems, identify potential threats, and support incident response activities. This position serves as a critical first line of defense against digital risks, helping safeguard networks and data while gaining hands-on experience and guidance from senior analysts. Reporting to the Director of Cyber Security Operations, the selected candidate’s responsibilities will include, but not be limited to the following: - Monitor SIEM dashboards, endpoint detection tools, intrusion detection systems, email security platforms, and firewall alerts for indicators of compromise or anomalous activity. - Maintain situational awareness of the security posture by reviewing real time event feeds and scheduled reports. - Identify patterns or behaviors that may indicate malicious activity, policy violations, or system misuse. - Validate and classify alerts to determine severity, credibility, and potential impact. - Collect and analyze log data from multiple sources to establish context around events. - Differentiate between false positives and events requiring escalation, following established playbooks and procedures. - Document investigative steps, observations, and preliminary conclusions in the case management system. - Escalate confirmed or high risk events to senior analysts or incident responders in accordance with the Incident Response Plan. - Assist with containment actions under guidance, such as isolating endpoints or blocking malicious indicators. - Preserve relevant evidence to support further investigation or forensic analysis. - Reference threat intelligence sources to contextualize alerts, identify known indicators, and understand adversary tactics. - May serve as a subject matter expert on characterizing and analyzing network traffic to identify anomalous activity and potential threats to network resources. - Apply frameworks such as MITRE ATT&CK to categorize observed behaviors and support consistent analysis. - Report recurring false positives, tool anomalies, or gaps in visibility to support tuning and optimization efforts. - Verify log ingestion, sensor health, and alert functionality as part of routine operational checks. - May serve as a subject matter expert or Team Lead to coordinate with enterprise-wide cyber defense staff to validate network alerts. - Contribute to maintaining watchlists, detection rules, and operational documentation. - Participate in knowledge sharing sessions, tabletop exercises, and SOC training activities. - Develop foundational skills in networking, operating systems, authentication mechanisms, and common attack techniques. - Work closely with senior analysts, engineers, and incident responders to strengthen investigative capabilities. - May serve as a subject matter expert in the development of content for cyber defense tools. Additional Information: In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire. This position may be eligible for remote work up to 2 days per week, pursuant to the Remote Work Pilot Program agreed between the City and the Collective Bargaining Unit representing employees serving in the civil service title. CYBER SECURITY ANALYST - 13633