Manager Information Technology Services 2 Information Security - 9860

Manager Information Technology Services 2 Information Security - 9860

Under the direction of senior leadership within the Office of Information Technology Services, Chief Information Security Office, Cyber Command Center, the incumbent will lead a team responsible for the ingestion and response to all forms of threat intelligence and vulnerability announcements received from many third parties such as vendors, DHS CISA, MS-ISAC, NYSP, and other sources of open-source intelligence. They will synthesize threat data from various sources and correlate it to produce targeted threat intelligence. The incumbent will perform threat hunting for threat actors in a multi-cloud/multi-OS environment and prototyping detection logic based on the output of those hunts. The candidate will also be able to emulate adversary behavior to assess the efficacy of the security controls. This position requires the incumbent to possess a solid understanding of the current cyber threat landscape, the tactics, techniques, tools, and procedures commonly leveraged, and the steps necessary to swiftly identify and contain a potential cyber threat. Additionally, this position requires an incumbent to act with a great deal of independence in alignment with agency and upper-level management strategic direction. Due to the nature of the work performed by the SOC, this position requires availability during off-shift hours to ensure appropriate response to security incidents or other critical activities as needed. This position is available and can be filled in any of the following NYSOC locations: Latham, Rochester, or New York City.

Specific duties include, but are not limited to:

• Direct and oversee the threat intelligence program and staff for NYSOC.
• Provide current, actionable threat intelligence to drive comprehensive detection coverage against threat vectors.
• Conduct research, analysis, and correlation across a wide variety of all source data sets such as IOCs, IOAs and warnings.
• Perform threat hunting across a multi-OS/multi-cloud environment to ensure a timely and effective response to new cyber threats. Identify tactics, techniques, and procedures (TTPs) for intrusion sets.
• Perform detection engineering prototyping and prioritization efforts and support red team/adversary emulation activities to assess efficacy of existing security controls.
• Work with the detection engineering team to translate repeatable hunts into alerts.
• Work with incident detection, incident response, cyber threat intelligence, and other teams to coordinate and create remediation plans.
• Review cases escalated by threat analysts to investigate, respond, and remediate.
• Plan and recommend modifications or adjustments based on testing results or system environment.
• Analyze identified malicious activity to determine vulnerabilities exploited, exploitation methods, and effects on system and data.
• Identify new use cases and playbooks that need to be developed based on incident reviews.
• Document and escalate incidents using information gathered from a variety of sources.
• Create daily, monthly, and yearly intelligence information in support of NYSOC business needs.
• Create technical reports and executive summaries related to cyber security incidents and events.
• Generate vulnerability notifications and cyber threat intelligence working with vendors and various stakeholders.
• Provide guidance and input on active projects to help identify and resolve issues/problems to ensure successful outcomes are achieved.
• Lead analysts to appropriately tune the detections and performance of multiple security tools such as firewall, intrusion detection/intrusion prevention systems (IDS/IPS), endpoint detection and response (EDR), sandbox tools, antivirus/antimalware, and security incident and event management (SIEM) to increase the quality of generated alerts.
• May supervise subordinate staff in the proper performance of their duties and perform the full range of administrative supervisory responsibilities.

Minimum Qualifications Non-competitive: Eight years of information technology, cybersecurity, or information assurance experience, including two years at the supervisory level.Substitutions:A bachelor's or higher-level degree in any field including or supplemented by 15 semester credit hours in computer science or related field substitutes for three years of required experience; any bachelor's substitutes for two years of required experience.An associate degree with 15 semester credit hours in computer science or related field may substitute for one year of required experience. Candidates in a bachelor's degree program with at least 15 semester credit hours in computer science or related field may substitute such credits for one year of required experience.A master's degree or higher in computer science or related field substitutes for one year of required experience.

Benefits of Working for NYS Generous benefits package, worth 65% of salary, including:Holiday & Paid Time Off- Thirteen (13) paid holidays annually- Up to Thirteen (13) days of paid vacation leave annually- Up to Five (5) days of paid personal leave annually- Up to Thirteen (13) days of paid sick leave annually for PEF.- Up to three (3) days of professional leave annually to participate in professional developmentHealth Care Benefits- Eligible employees and dependents can pick from a variety of affordable health insurance programs- Family dental and vision benefits at no additional costAdditional Benefits- New York State Employees' Retirement System (ERS) Membership- NYS Deferred Compensation- Access to NY 529 and NY ABLE College Savings Programs, as well as U.S. Savings Bonds- Public Service Loan Forgiveness (PSLF)- And many more.