Incident Commander - NYC Cyber Command New York, NY, USA Bookmark Share Print 755 0 4

Listing Description

Incident Commander

Salary: up to $160,000 Commensurate with Experience

Excellent Benefits

New York, NY

About New York City Cyber Command

NYC Cyber Command was created in 2017 by Executive Order to lead the City’s cyber defense efforts, working across more than 100 agencies and offices to prevent, detect, respond, and recover from cyber threats. NYC Cyber Command is committed to protecting NYC infrastructure and critical systems from malicious attacks through the use of the latest technologies, public-private partnerships, and regular training and exercises for City employees.

Job Description

The Incident Commander is responsible for management, supervision and coordination of cybersecurity incidents as part of a 24x7 operation. The Incident Commander also maintains incident response playbooks, conducts cyber tabletop exercises, acts as a liaison on third party incidents, and communicates with Agency and City Hall leadership. The Incident commander conducts gap identification and program maturity recommendations to ensure that the Security Operations Center is staffed 24/7, 365 with capable leadership who can take immediate actions upon notification of a cybersecurity incident.

● Serves as an Incident Commander in a 24/7 Security Operations Center, leading significant or high-profile incidents, including validating and escalating incidents, coordinating response activities across multiple city agencies

● Capable of rapid, independent decision making in stressful / fluid situations, including those that impact critical life safety and business systems

● Provides strategic guidance on and tracking of tools/visibility/capabilities gaps affecting information security posture

● Serves as liaison between the Security Operations Center and the impacted agency or agencies business and technical teams during an incident

● Coordinates and directs efforts among Security Operations team members throughout the incident response lifecycle

● Provides timely and relevant updates to appropriate executive stakeholders and Agency leadership

● Conducts after action reporting and provides relevant insights to guide improvements and adjustments to cybersecurity response processes

● Tests and updates incident response plans and processes to address existing and emerging threats

● Maintains strong working relationships across City technology and security teams

● Perform special projects and initiatives as assigned.

Preferred Skills

● 7+ years of experience in information security incident handling and security operations

● Experience with large scale, complex incidents of all types to include APT, DDOS, malicious insider, web and mobile applications, data exfiltration, etc.

● Demonstrated ability to perform independent analysis of complex problems and distill relevant findings and determine root cause

● Knowledge of technologies, systems and networks as well as typical gaps that could impact the ability of an organization to effectively detect and respond to cyber threats

● Demonstrated knowledge of common adversary tactics, techniques, and procedures

● Bachelor's degree in Information Technology, related discipline or relevant work experience

● An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner

● An ability to effectively influence others to modify their opinions, plans, or behaviors

● A team-focused mentality with the proven ability to work effectively with diverse stakeholders

● Strong organizational skills with proven ability to manage multiple high visibility issues simultaneously

● Relevant Technical Security Certifications (GCIA, GCIH, GCFA, GHFI, GNFA, GREM) a plus

Qualification Requirements:

BA/BS and 4 years of related technology experience with 18 months in a managerial/lead capacity

-OR-

Education and Experience equivalent.

To Apply

Please go to www.nyc.gov/jobs/search and search for Job ID #333344

Email resume to resumes@cyber.nyc.gov

(Indicate ‘333344 – Incident Commander' in subject line)

Special Note: Taking and passing civil service exams are necessary to maintain employment with the City of New York. Please check the Department of Citywide Administrative Services (DCAS) website (http://www.nyc.gov/html/dcas/html/work/exam_monthly.shtml) for important exam filing information. Please ensure that you are either a permanent employee in the civil service title listed on this posting, or, that you file for the examination when there is an open filing period. For more information regarding the civil service process, please visit the DCAS website at: http://www.nyc.gov/html/dcas/html/work/work.shtml

SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW

APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVALS

Visit us at www.nyc.gov/DoITT

The Department of Information Technology & Telecommunications and the City of New York

are equal opportunity employers.

DoITT participates in E-Verify● Serves as an Incident Commander in a 24/7 Security Operations Center, leading significant or high-profile incidents, including validating and escalating incidents, coordinating response activities across multiple city agencies