Intelligence Analyst 1 (Information Systems)

Description

Duties Description

The incumbent will report to the Critical Incident Response Team (CIRT) in the Office of Counter Terrorism (OCT). Duties include but are not limited to:

• Serve as a subject matter expert in cybersecurity incident response.
• Provide cyber incident response support, including digital forensics and root cause analysis, for confirmed actionable incidents such as detected cyber-attacks, malware infections, or ransomware events.
• Determine root cause(s) of a cyber incident and provide affected entities with actionable recommendations to contain, eradicate, and mitigate threats.
• Respond to reported cyber incidents swiftly and ensure all incidents are documented accurately in the tracking system in a timely manner.
• Escalate and brief leadership on cyber incidents, especially those that could have an impact to health, safety, and state operations.
• Maintain clear and consistent communication with cyber partners across New York State throughout the incident response process.
• Use incident data to identify specific vulnerabilities and provide recommendations to help strengthen the affected entities security posture and prevent future threats.
• Continuously develop, review, and update digital forensics and incident response policies, procedures, and user guides to support program growth and improvement.
• Manage the digital forensics and incident response lab functions, including managing tools, resources, and workflows to stay current and prepared.
• Effectively communicate cybersecurity details and technical analysis to audiences within an organization to ensure appropriate actions are taken by decision-makers.
• Communicate cyber threats and vulnerabilities clearly and concisely, both verbally and in writing, to state and local officials, ensuring they are informed and able to take appropriate action.
• Maintain up-to-date technical knowledge of cybersecurity issues and emerging trends to stay ahead of potential risks and support proactive security development.
• Assist in developing and distributing actionable strategic, technical, and tactical cyber information and intelligence to non-executive agencies, local governments, and public authorities through weekly, monthly, or ad hoc reports, briefings, and presentations.
• Support cybersecurity meetings, presentations, seminars, etc., to foster information-sharing and raise awareness across relevant stakeholders.
• Support training exercises targeted to non-executive agencies, local governments, and public authorities focusing on cybersecurity best practices.
• Support other CIRT program areas as required.
• Travel is required
  
  

Non-competitive

Minimum Qualifications

Bachelor’s degree with at least 15 credit hours in cyber security, information assurance, or information technology; and three years of information technology experience including two years of information security or information assurance experience*.

• Experience solely in information security or information assurance may substitute for
  
  

the general information technology experience.

Substitution: bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of general information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis; an associate degree requires an additional two years of general information technology experience.

Additional Comments

Desired SANS Global Information Assurance Certifications:

Certified Incident Handler Certification

Certified Forensic Analyst

Certified Forensic Examiner

Cloud Forensics Responder

Enterprise Incident Responder

Network Forensic Analyst

Penetration Tester Certification

Reverse Engineering Malware

Web Application Penetration Tester

This position is eligible for location pay of $4,000.

Possession and maintenance of a valid Driver's License issued by the NYS Department of Motor Vehicle is required.

NOTE: Support of operations during times of emergency and disaster from State Emergency Operations Center (EOC), state field offices and/or local deployments may be required, which would result in a change and/or increase in working hours, locations and/or duties.

NOTE ON TELECOMMUTING: Employees are required to apply and obtain approval through management to telecommute according to the agency’s Telecommuting Program Guidelines.