Incident response Analyst

New Position: Incident response Analyst

Duration: one year

HYBRID: Work Location

Hybrid: Work location & Remote {3 days in office/2 days remote)

11 Metrotech, Brooklyn, NY 11201

Open Rate: experience 4+ years

Job Description/ Justification

The resource function is essential to NYC3's ability to defend City systems from cyber threat including direct support of life safety, and revenue generating operations. Ransomware authors are routinely targeting critical infrastructure. The Analyst will contribute to NYC3's ability to respond to citywide cybersecurity incidents and conduct investigations. Lack of resources would result in increased likelihood of cyber events that may require costly remediation efforts.

Assignment Number and Title

7-858-0721A Cyber Command Forensic Analyst (RI 7-858-0707A)

Work Location

Hybrid: Work location & Remote {3 days in office/2 days remote)

11 Metrotech, Brooklyn, NY 11201

Projected Assignment Start Date: 1/13/2026

Projected Assignment End Date: 1/12/2028

Total Estimated Assignment Hours: 3640

Normal Business Hours, Monday through Friday (not including a mandatory unpaid meal break after 6 hours of work), 35 work hours per week. If the consultant works more than 35 hours per week, the consultant must request overtime in the Agency's timekeeping system

and the project manager must approve those hours worked above the weekly maximum.

SCOPE OF SERVICES

The forensics Analyst will investigate network intrusions and other cyber incidents to determine cause, extent and consequences of the breach.

TASKS:

• Research and develop new techniques, and procedures to continually improve the digital forensics process.
• Produce high quality written work product presenting complex technical issues clearly and concisely.
• Managing and maintaining the analysis labs and forensics tools leveraged for investigations.
• Ensuring data is collected and preserved within industry standard best practices and in alignment evidence integrity requirements.
• Assisting the Cyber Emergency Response Team during critical incidents.
• Investigate network intrusions and other cybersecurity incidents to determine the cause and extent of the breach. Includes ability to perform host-based and network-based forensic analysis.

MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will

not be considered.

• Minimum 4 years of experience in Threat Management/Forensics Investigations/Incident Response environment
• Proficient in performing digital forensic investigations on a variety of platforms and operating systems with a deep understanding of digital forensics processes and tools.

DESIRABLE SKILLS/EXPERIENCE:

• Experience with a wide range of forensic tools (FTK, X-Ways, SIFT, AXIOM, Encase, etc.)
• Experience with memory analysis tools (i.e. Volatility, MemProcFS)
• Experience with Linux and open source tools
• Experience investigating intrusions on Windows and Linux/Unix operating systems
• Experience with performing forensics collections in cloud environments (AWS, Azure, Google Cloud Platform)
• Knowledge of gathering, accessing, and assessing evidence from computer systems and electronic devices
• Knowledge of virtual environments
• Knowledge of forensic imaging techniques
• Knowledge of Microsoft Windows operating system and Windows artifacts
• Knowledge of Linux/UNIX operating systems and artifacts
• Knowledge of macOS operating system and forensics artifacts
• Knowledge of file systems
• Strong analytical skills

SPECIALI REQUIREMENTS:

• Recruiter confirms certificates and degrees of final candidate prior to onboarding.