Cyber Security Analyst

The New York City Employees’ Retirement System (NYCERS) seeks a Cyber Security Analyst. Under the direction of the Deputy
Director of Information and Cyber Security Programs, this position encompasses highly technical responsibilities for the analysis,
design, development, implementation, troubleshooting, enhancement, maintenance and security of NYCERS’ systems.

As a Cyber Security Analyst, the candidate will assist in the development, maintenance and architecture of security policies and
procedures in coordination with Information Security Assurance Manager.
Prepares status reports, performs security risk assessments and gap analysis scenarios to identify security weaknesses and propose
remediation controls. Conducts scheduled recertification of system and data access throughout the agency. Reviews event logs with
team on a scheduled basis or as generated to identify security violations or attempts and reports findings to team and Information
Security Assurance Manager.

Strong emphasis on Identity and Access Management design, development, testing, process identification, and implementation
activities related to scalable IAM solutions that meet business requirements, policies, and NYCERS Information Security standards.
Some of these responsibilities include, working with Internal Audit to remediate findings that could introduce deficiencies,
vulnerabilities, and compliance issues. Determine tactics, techniques, and procedures (TTPs) for intrusion sets. Assess and monitor
logs and reports to ensure employee access is granted at the minimum levels required to perform job duties. Oversee access re-
certifications processes and work with stakeholders to automate provisioning, deprovisioning, entitlement transfers with enterprise
identity governance and identity management solutions.

Maintain and support the Information Security Management Program for the agency systems. Monitors and Audits Access Control
procedures for agency authentication and authorization processes. Assist in conducting security audits and vulnerability assessments
to assess internal security procedures and compliance requirements.
Maintain logging and monitoring standards, technical investigative techniques and reporting. Maintain project scheduling and task
follow on security initiatives. Test and implements and supports information security solutions.



Preferred Skills and Experience:

  • A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber
security, network security, computer science.
  • Valid holder of any one of the following: Security , CISSP, CEH, CCSP, CSSLP.
  • Technical background in IPS/IDS and next generation firewalls, log management, network architecture, endpoint security,
encryption methodologies, experience with threat hunting, vulnerability management, and security incident response.
  • Minimum of 1 year of full time Cyber Security experience required.




Minimum Qualification Requirements:

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber
security, network security, computer science, computer programming, computer engineering, information technology,
information science, information systems management, network administration, or a pertinent scientific, technical or related
area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting
organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of
the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to
one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security,
network security, computer science, computer programming, computer engineering, information technology, information
science, information systems management, network administration, or a pertinent scientific, technical or related area; or a
certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be
substituted for one year of experience.

Note: This position is open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate on your
resume or cover letter if you would like to be considered for the position under the 55-a Program.

Any vacancy posted on this site comes from Indeed and it's network through the API. If you find this job is not supposed to be on this site, please report it on Indeed.