Cert Lead

Job Description

The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the city delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit oti.nyc.gov to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

New York City Cyber Command is seeking a Computer Emergency Response Team (CERT) Lead to serve the City of New York as a cybersecurity Digital Forensics and Incident Response (DFIR) practitioner whose expertise will guide the development, enhancement, and execution of Cyber Command's citywide incident response mandate through all phases of the incident response lifecycle. This team is the top-level technical escalation point for high-profile cybersecurity incidents impacting City agencies, particularly during identification, containment, and eradication.

The CERT team engages in malware analysis, digital forensics, campaign assessments, and threat hunts, harmonizing response activities among Cyber Command, City agencies, state/federal government, and private entities. The CERT Lead will work alongside internal teams such as the Cyber Threat Intelligence team, and data science teams to innovate detection, investigation, response, and remediation methods and capabilities.

Responsibilities include:
- Assist NYC agencies in improving cyber incident response;
- Serve as the escalation point for high-profile cybersecurity incidents, ensuring 24x7 operational readiness;
- Prioritize incident response activities and coordinate response efforts among City departments and external partners;
- Lead, mentor, and manage the CERT team personnel consisting of six DFIR specialists.
- Act as lead subject matter expert across the following:
o Investigate cybersecurity incidents through log, file, and malware analysis;
o Perform memory, network, and disk forensics;
o Lead investigations and incident response activities across enterprise cloud environments (AWS, Azure, Google Cloud Platform);
o Devise appropriate remediation strategies and assist affected City agencies in containing, eradicating, and recovering from cybersecurity incidents;
- Develop post-incident action plans to improve mean time to recover;
- Maintain knowledge of current cyber threat campaigns and tradecraft;
- Identify cyber-incident detection tools and capabilities;
- Work with cyber intelligence teams to identify new cyber threats and campaigns, and proactively deploy countermeasures;
- Handle special projects and initiatives as assigned.
- Design and participate in cyber tabletop exercises with City departments to identify capability gaps, procedural weaknesses, and critical infrastructure;
- Continuously improve and augment CERT's capabilities to stay abreast of the changing cyber security landscape;
- Handle special projects and initiatives as assigned.

HOURS/SHIFT
Day - Due to the necessary technical duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings.

WORK LOCATION
Brooklyn, NY

TO APPLY
* Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration

Please go to and search for Job ID #773685

SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW
APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL

OTI participates in E-Verify

IT SECURITY SPECIALIST - 95622

Minimum Qualifications

A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or,

Education and/or experience which is equivalent to "1" above.

Preferred Skills

The successful candidate should possess the following: - Strong communication and interpersonal skills, ensuring clarity and professionalism across teams during regular daily operations and under high stress critical incident response scenarios - Demonstrate leadership grounded in accountability and strategic thinking, with the ability to make informed decisions, set clear expectations, and drive teams toward measurable, mission-aligned outcomes - Foster a collaborative, inclusive, and growth-oriented environment, providing coaching, feedback, and support to help team members develop and perform at their best - Possesses one or more of the following: CISSP, GCFE, GCFA, GCIA, GCIH, GREM, GCFR - Deep technical expertise in incident response and threat detection including public cloud environments (Azure, AWS, Google Cloud Platform), and SaaS platforms (Office 365, Google Workspace) - Experience in performing security event detection and handling in an operational environment such as SOC, CSIRT, CERT, etc. - Experience reviewing and analyzing security events from various monitoring and logging sources - Hands-on experience with network packet analysis and IDS/IPS technologies to support detection and investigation workflow - Experience in website and web application security assessment or penetration testing - Formal education or a strong background in Computer Science, Computer Engineering or similar experience - Active knowledge of current trends in computer security, software/hardware vulnerabilities, and current security research - Must be available to coordinate CERT incident response activities 24x7. - Strong sense of teamwork, an inquisitive mind, and the desire to share knowledge - Experience conducting malware analysis - Experience with automation, scripting (Python, Bash, Powershell, etc.) - Understanding of intrusion analysis - Expertise in digital forensics and comprehensive understanding of multiple operating systems (Windows, Linux, OS X).

Public Service Loan Forgiveness

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education's website at ;br>
Residency Requirement

New York City Residency is not required for this position

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.