Cyber Intelligence Analyst College Aide

The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City.

From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century.

Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit oti.nyc.gov to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people.

You'll have the opportunity to work with cutting-edge technology, and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

About New York City Cyber Command

OTI’s Office of Cyber Command is committed to protecting City systems that provide vital services to New Yorkers from cyber threats, and helping residents become safer in their digital lives.

As the organization defending the largest municipality in the country, Cyber Command is charged with directing citywide incident response, setting citywide cybersecurity policies and standards and working with city agencies to strengthen their cyber defenses.

Cyber Intelligence Analysts within Cyber Command perform critical functions within the Threat Management discipline including consuming and analyzing tactical and technical intelligence as well as providing operational and tactical level support to key stakeholders of the Threat Management team.

The Cyber Intelligence Analyst is the liaison between operators and the CTI team and provides intelligence support in the form of assisting hunt missions, augmenting detection capabilities, supporting response efforts from a technical perspective, extracting and correlating indicators or artifacts to primary operators and directly assisting or executing investigative efforts or tasks.

Cyber Intelligence Analysts communicate their findings through a variety of intelligence products and services, to include finished intelligence products.

Responsibilities will include but are not limited to :

• Provide intelligence support to primary operators; assistance or execute investigative efforts or tasks;
• Assist hunt missions to augment detection capabilities to identify threats across Cyber Command operating environment;
• Gather materials to support intelligence briefings for executive management and operational stakeholders;
• Play an active role in servicing RFI's;
• Actively research and track threat actors, malware, campaigns, code families, and infrastructure;
• Conduct link analysis across datasets to support technical analysis and assessments;
• Support the validation, collection, processing, analysis, and dissemination of tactical intelligence (IOC’s) and products (finished reports) throughout Cyber command and partner organizations;
• Develop, maintain, and execute threat and risk communication processes that advise NYC3 network defenders;
• Responsible for pushing indicators to security defenses from Cyber Command’s Threat Intelligence Platform (TIP) and coordinating activity with defensive operators;
• Perform network, host, and kill chain analysis on malware behavior and intrusion sets;
• Conduct research for tracking certain code families, campaigns, or actors through technical analysis of data, malicious codes, and infrastructure;
• Employ predictive analytic methods to determine changes in adversary’s capabilities, motivations, and intent, while providing recommendations to reduce risk before exposure to threats occur;
• Provide analytic support to the Security Operations Center, including Incident Response and Risk Analysts, to add context to active investigations and threats using intelligence;
• Create and present custom threat briefing materials for Cyber Command’s operational teams to provide tactical situational awareness;
• Contribute to structured analytic technique exercises;
• Aid exercises for incident response, finished intelligence, and other use cases;
• Assist incident response efforts with tactically relevant guidance for triaging and forensic analysis as needed;
• Support implementation of relevant feedback for technical intelligence products;
• Perform special projects and initiatives as assigned.

HOURS / SHIFT

Day - No student shall be employed more than half-time in any week in which classes in which the student is enrolled are in session.

Students may be employed full-time during their vacation periods.

WORK LOCATION

Brooklyn, NY

TO APPLY

Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration.

Please go to and search for Job ID #

SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW

APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL

OTI participates in E-Verify

Minimum Qualifications

For Assignment Level I :

Matriculation at an accredited college or graduate school. Employment is conditioned upon continuance as a student in a college or graduate school.

For Assignment Level II (Information Technology) :

Matriculation at an accredited college or graduate school. Employment is conditioned upon continuance as a student in a college or graduate school with a specific course of study in information technology, computer science, management information systems, data processing, or closely related field, including or supplemented by 9 semester credits in an acceptable course of study.

For Assignment Level III (Information Technology Fellow) :

Matriculation at an accredited college or graduate school. Employment is conditioned upon continuance as a student in a college or graduate school with a specific course of study in information technology, computer science, management information systems, data processing, or other area relevant to the information technology project(s) assigned, including or supplemented by 9 semester credits in an acceptable course of study.

Appointments to this Assignment Level will be made by the Technology Steering Committee through the Department of Information Technology and Telecommunications.

SPECIAL NOTE

Maximum tenure for all Assignment Levels in the title of College Aide is 6 years. No student shall be employed more than half-time in any week in which classes in which the student is enrolled are in session.

Students may be employed full-time during their vacation periods.

Preferred Skills

The preferred candidate should possess the following : -Experience working in a security environment and / or supporting security teams from a technical standpoint-Demonstrate a clear understanding of the intelligence lifecycle and its component parts of intelligence-driven threat hunting-Knowledge of the current cyber threat landscape, with a specific focus on the technical aspects of adversarial Tactics, Techniques and Procedures (TTPs) and their relation to the cyber kill chain and other analytical models -Knowledge of standard monitoring, detection, and response security functions Understanding of foundational threat intelligence analysis frameworks, including the Diamond Model and Kill Chain-Working knowledge of intelligence analysis applications (Maltego), tools, and systems-Familiarity with various technologies such as SIEM, IDS / IPS, Proxy, Endpoint and enterprise incident management systems-Familiarity with basic intelligence tradecraft, including the intelligence cycle, structured analytic techniques, and intelligence writing and briefing-Fundamental analytic skill sets, with extensive experience in the extraction and analysis of tactical intelligence from investigations-Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, and non-repudiation)-Understanding of vulnerability and exploitation concepts, or experience in penetration testing-Expertise in host and network-based forensics, or Incident Response best practices-Strong understanding of dynamic / behavioral malware analysis methods and technology-Experience in host and network-based defense, or monitoring and detection best practices-Demonstrate an ability to actively work with vendors who provide intelligence support, analytical support, and toolsets-Prior experience working in intelligence preferred-Ability to obtain a security clearance is preferred.

Public Service Loan Forgiveness

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs.

For more information, please visit the U.S. Department of Education’s website at class "jobad-residencyRequirement">

Residency RequirementNew York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County.

To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.