Senior Cybersecurity Operations Center Analyst

The New York Independent System Operator (NYISO) applies cutting-edge technology to operating a reliable electricity system, managing competitive markets for wholesale electricity, and planning for the Empire State's energy future.  The NYISO’s Information Technology department invites applications for a full-time Senior Cybersecurity Operations Center Analyst.

The NYISO Cybersecurity Operation Center’s (CSOC) mission is to provide a central point for 24x7x365 continuous security monitoring of NYISO’s computing environments and for responding to cyber threats, vulnerabilities and incidents that can disrupt and/or compromise the mission and operation of the NYISO.

Cybersecurity Operations Center (CSOC) Senior Analyst performs a wide range of technical cybersecurity services with a focus on responding to cyber threats and incidents. CSOC Senior Analysts provide overall team leadership, operational oversight and development of NYISO’s 24x7x365 Cybersecurity Operations Center functions for continuous monitoring of threat, and incident management. The CSOC Senior Analyst is responsible for overseeing processes to ensure strong situational awareness and maintain an ability to respond effectively to security threats. The Senior Analyst supports operational activities during cybersecurity incidents by quickly and decisively responding to ensure impact is contained and protective steps are taken to prevent similar incidents from occurring again. The CSOC Senior Analysts also oversees and performs tasks in support of threat and vulnerability management, log analysis, reporting & metrics, system scanning, and forensic analysis. The CSOC Senior Analysts applies knowledge of security infrastructure (including firewalls, intrusion prevention systems, proxy servers, SIEM, endpoint protection, antivirus) to detect and respond to operational situations.

This position involves critical duties and responsibilities that must continue to be performed during crisis situations and contingency operations. Senior Analyst may be required to work shift rotations to support around the clock (24x7x365) coverage of the CSOC.

DUTIES AND RESPONSIBILITIES

• Provide advanced monitoring, analysis, and response to cyber security events and trends of security log data.
• Develop incident response processes ensuring readiness of the cybersecurity incident response team (CSIRT).
• Development and support of incident response exercises.
• Provide advanced incident handling and analysis response when required as part of the CSIRT.
• Provides quality assurance of security operations cyber intelligence reports. Ensures materials are inspected for information requiring a response from the CSOC or distribution to the organization.
• Manages contextualizing threat trending for Security Operations and situational awareness.
• Develops and leads threat intelligence briefings and threat evaluation studies
• Remain knowledgeable about new threats. Analyze attacker tactics, techniques and procedures (TTPs)
• Work closely with stakeholders to enable the implementation of security recommendations.
• Performs threat hunting within the environment to detect or discover malicious activity.
• Develop security use-case monitoring and alerting based on best practice and threat trending. Ensures effective transition to analysts for operational response.
• Provides project support where required to ensure security requirements are defined and transitioned successfully to continuous monitoring.
• Leads threat modeling collaboration with other members of the IT security team.
• Identifies and uses automation and orchestrate solutions (SOAR) to automate repetitive tasks and mature monitoring and response capabilities.
• Leads CSOC threat research by assessing event data collected by systems both inside and outside of the CSOC.
• Develop reporting and metrics to aid security operations effectiveness.
• Provides operational maintenance of security platforms operated by security including IDS/IPS, SIEM, Threat Intelligence Platforms, AV, etc. This includes updating new signatures, tuning event volumes to acceptable levels, minimizing false positives, and maintaining up/down health status of sensors and data feeds. Understand monitoring needs so the CSOC keeps pace with constantly evolving threats. This capability may involve scripting to move data around and to integrate tools and data feeds.

QUALIFICATIONS

• Bachelor's Degree (BS) in Cybersecurity, Computer Science, Computer Information Systems, or similar fields required. In lieu of degree requirements, significant security and/or industry experience may be considered
• At least 7 years of experience in progressively responsible information technology and/or IT security positions is required, along with an in-depth understanding of information security best practices, and expertise with related technologies and tools.
• Experience working with various network technologies, operating systems, databases, cloud environments (AWS, Azure) and secure coding standards.
• Knowledgeable in Python, Bash, Powershell, or other scripting languages
• Knowledge of various security methodologies and processes, and technical security solutions (firewall, intrusion detection systems, and Security Information and Event Management (SIEM) platforms).
• Working knowledge of network communications and routing protocols (e.g., TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g., SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.)
• Experience working with various event logging systems and be proficient with security event log analysis. Previous experience with Security Information and Event Monitoring (SIEM) platforms that perform log collection, analysis, correlation, and alerting is also desired.
• Experience administering various operating systems (e.g., Windows, OS X, Linux, etc.) commonly deployed in enterprise networks.
• Understanding of Windows Active Directory.
• Experience in analyzing net flow data and packet capture (PCAP).
• Ability to multi-task, prioritize, and manage time effectively.
• Strong attention to detail.
• Excellent interpersonal skills and professional demeanor.
• Excellent verbal and written communication skills.
• Excellent customer service skills.
• Experience with SerivceNow Incident Response module, and related SOAR capabilities a plus.

CERTIFICATES, LICENSES, REGISTRATIONS

GCIA, GCIH, GIAC, CISSP, CISA, CEH, or similar certification preferred. DHS Secret Clearance or above preferred.

ADDITIONAL REQUIREMENTS

• Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures, and governmental regulations. Ability to write reports, business correspondence and procedure manuals. Ability to write presentations and articles for publication that conform to prescribed style and format. Ability to effectively communicate security and risk-related concepts to technical and non-technical audiences.
• Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
• Performs moderately complex work with minimal or no supervision; performs advanced and/or highly complex work with minimal guidance.

PHYSICAL DEMANDS

While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand, walk, sit, and use hands to perform routine office tasks. The employee is occasionally required to reach with hands and arms. The employee must occasionally lift and/or move up to 15 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

WORK ENVIRONMENT

The noise level in the work environment is usually moderate. Contact with staff and the public will occur. Travel may be required to attend and/or conduct meetings, conferences and training. This position may require work on nights, weekends or holidays. Department supports a 24-hour business operation every day of the year and staff will be required to rotate on-call coverage.

The NYISO takes pride in recruiting, developing and retaining highly talented individuals. In addition to competitive salaries, we offer a comprehensive benefits package and innovative reward programs.

The NYISO offers the flexibility to work both in the office and remotely, providing our employees with an enhanced work life balance. While the majority of the responsibilities of this role can be performed remotely, in most cases, employees will have periodic on-site requirements based on business needs.

All offers of employment will be made contingent upon the successful completion of a drug screening and background check.

The NYISO is an Equal Opportunity Employer and as such, does not discriminate in its hiring or employment practices.