Address
Form of workJob Description
Job title : Computer Emergency Response Team
Location: Flushing, NY (or remotely, if agreed to by the PM)
Duration : 12+ months
Type : Contract
Note: 35 hours/week
Job Description:
DEP requires two (2) CERT Specialists Mandatory Experience required:
Desirable Skills and Experience:
Location: Flushing, NY (or remotely, if agreed to by the PM)
Duration : 12+ months
Type : Contract
Note: 35 hours/week
Job Description:
- The Computer Emergency Response Team (CERT) resource function provides essential support to the DEP's Cyber Security team in its ability to defend City systems from cyber threat, including direct support of life safety, revenue generating, and operational technology.
- The CERT resource function is the escalation point for high-profile cybersecurity incidents impacting DEP, responsible for coordinating response activities among NYC Cyber Command and state, federal, and private partners.
- Ensuring the CERT has the capacity to handle the enormous scope of protecting all DEP's infrastructure and responding to high severity incidents is critical to providing protection for all New Yorkers.
- Lack of these resources would result in increased likelihood of high severity cyber incidents that could cause significant disruptions to DEP's cybersecurity operations and may require costly remediation efforts.
- The CERT Specialist will perform security event and incident detection and handle multiple operational environments working with various cyber intelligence teams.
DEP requires two (2) CERT Specialists Mandatory Experience required:
- Minimum four (4) years of experience in Threat Management/SOC/Incident Response environment performing security event and incident detection and handling in an operational environment.
- Knowledge of and experience with packet analysis, IDS/IPS technology, and experience reviewing and analyzing security events from monitoring and logging sources.
Desirable Skills and Experience:
- Excellent verbal and written communication skills;
- Previous experience working as a part of an IT Security team;
- Formal education or a strong background in Computer Science, Computer Engineering or similar experience;
- Incident response experience;
- Active knowledge of current trends in computer security, software/hardware vulnerabilities;
- Active interest in current security research;
- Ability to work as part of a CERT which may require rotational weekday/weekend on-call coverage;
- Strong sense of teamwork, an inquisitive mind, and the desire to share knowledge;
- Ability to understand and implement technical vulnerability corrections;
- Experience in website and web application security assessment or penetration testing;
- Experience conducting malware analysis;
- Experience with automation, scripting (Python, Perl, Ruby, etc.);
- Understanding of intrusion analysis;
- Security product assessments;
- Host and network forensics;
- Development of security tools.
- Engage in malware analysis, digital forensics, and campaign assessments; and harmonize
- response activities among NYC Cyber Command (NYC3), City departments, and state,
- federal, and private partners.
- Reach out to end user to investigate, troubleshoot.
- Assist DEP to improve cyber incident response.
- Design and participate in cyber tabletop exercises with DEP's departments to identify capability gaps, procedural weaknesses, and critical infrastructure.
- Design, build and enhance cyber-incident detection tools and capabilities.
- Work with DEP cyber security teams to identify new cyber threats and campaigns and proactively deploy countermeasures.
- Serve as the escalation point for high-profile cybersecurity incidents.
- Prioritize incident response activities and coordinate response efforts among City departments and external partners.
- Investigate cybersecurity incidents through log, file, and malware analysis.
- Perform memory, network, and disk forensics.
- Devise appropriate remediation strategies and assist in containing, eradicating, and recovering from cybersecurity incidents.
- Develop post-incident action plans to improve Mean Time to Recover/Restore.
- Maintain knowledge of current cyber threat campaigns and tradecraft.
- Participate in on-call rotation.
