Broxer
Join
New York City Department of Consumer and Worker Protection

Cyber Security Analyst

New York City Department of Consumer and Worker Protection

New York City Metropolitan Area · Full Time

Be the first to apply

Experience
1–5 yrs
Salary
Openings
1
Posted
5 hours ago

Where you'll work

Job description

About the role

The New York City Department of Consumer and Worker Protection (DCWP) is looking for a Cyber Security Analyst Level II to join its IT Services Division. Reporting to the Executive Director of Infrastructure, this position helps put cybersecurity policies, standards, directives, and guidelines into practice, with a strong emphasis on citywide security requirements used across New York City agencies.

This role focuses on defending agency systems from cyber threats, spotting incidents early, analyzing what happened, communicating findings clearly, and supporting containment and recovery. The work combines routine operational monitoring with projects tied to strengthening the agency’s security posture.

About DCWP

DCWP works to protect and improve the daily economic lives of New Yorkers. The agency licenses more than 51,000 businesses across more than 40 industries, enforces consumer protection, licensing, and workplace laws, and helps resolve complaints while promoting fair marketplace practices. It also supports consumers and working families through outreach, financial empowerment services, labor policy work, research, and public policy advocacy.

Through the Office of Labor Policy & Standards, DCWP serves as a major municipal labor standards office focused on workplace protections, research, outreach, and enforcement. Its Office of Financial Empowerment helps low-income and immigrant New Yorkers build financial stability through counseling, banking access, and support for tax credit utilization.

Responsibilities

  • Support coordination with the NYC Office of Technology and Innovation to make sure security risks are addressed quickly and appropriately.
  • Monitor alerts and events closely and respond to anything that could weaken the agency’s security environment.
  • Review network traffic and server or cloud performance indicators to detect unusual behavior or possible threats.
  • Carry out patching across workstations, servers, and network devices such as switches, routers, and voice gateways.
  • Examine malicious activity to understand the method, impact, and scope of attacks against agency systems and applications.
  • Work with OTI to review commercial software for safe deployment at DCWP.
  • Assist IT operations teams with reimaging or restoring devices to a previously trusted state after an incident.
  • Investigate, validate, and help resolve incidents or trouble tickets escalated from OTI.
  • Track whether staff are completing required cybersecurity training.
  • Make sure new software and cloud or on-premises CRM systems follow citywide security standards, SDLC requirements, and security accreditation processes.
  • Follow up on incident reports and application scan results to ensure mitigation steps are completed in a timely way.
  • Perform monitoring and intrusion detection using tools such as IDS/IPS, firewalls, and host-based security systems, and revise access control lists when needed.
  • Use log-based and endpoint-based detection methods to identify and stop threats from multiple sources.
  • Correlate data across endpoints, networks, applications, and both on-premises and cloud environments to identify suspicious patterns.
  • Help build and test business continuity and disaster recovery plans, publish test outcomes, and support remediation of gaps.
  • Research new threats and vulnerabilities to support incident identification and response.
  • Provide incident response support to users, including containment actions and assistance with forensic review when needed.
  • Test security standards against computers and other IT equipment before implementation to confirm compliance.
  • Coordinate with OTI and ITOPS on IT inventory, security audits, comptroller audits, and CJIS directive audits.

Requirements

  • This opportunity is limited to permanent employees in the title and candidates who are reachable on the civil service list.
  • A bachelor’s degree from an accredited college with at least 24 semester credits in computer science or a related field, plus one year of satisfactory full-time computer software experience in areas such as systems development and analysis, programming, database administration, support, systems programming, data communications, mainframe development, mobile development, or web development and design; or
  • A high school diploma or equivalent, plus five years of satisfactory full-time computer software experience in the areas listed above; or
  • Equivalent education and/or experience, provided every candidate still has at least a four-year high school diploma or equivalent and at least one year of the experience described above.
  • College study may replace up to two years of the required experience under the stated conversion rules.
  • A certificate of at least 625 hours in computer programming from an accredited post-secondary technical school may substitute for one year of experience under the stated conditions.
  • Preferred background includes work in IT audit, enterprise risk management, penetration testing, red teaming, incident response, or junior security operations analysis.
  • Experience with security and compliance frameworks such as ISO 27000-1 or 27000-2, COBIT, and NIST 800-53 or 800-171 is preferred.
  • Strong judgment, the ability to influence others, mission-focused thinking, and solid problem-solving and troubleshooting skills are preferred.
  • Security credentials such as CISSP, CISA, or CISM are preferred.
  • Knowledge of privileged access management for servers, preferably Delinea/Centrify, is preferred.
  • Familiarity with CISA Binding Operational Directives is preferred.
  • Experience with tools and platforms such as Trellix, McAfee, CrowdStrike, Rapid7, and Azure is preferred.

Eligibility

This role is open to qualified people with disabilities who are eligible for the 55-a Program. Candidates who want to be considered through that program should note it at the top of their resume and cover letter.

New York City residency is not required for this position.

Additional information

As a City of New York employee, you may be eligible for federal Public Service Loan Forgiveness and state repayment assistance programs.

The City of New York is committed to equal opportunity, diversity, inclusion, and a workplace free from discrimination and harassment based on any legally protected status or characteristic.

Skills

Cloud security Technical troubleshooting Vulnerability management Log Analysis Business Continuity Planning Network Traffic Analysis Endpoint Security Monitoring Information Security Compliance Intrusion detection and prevention Cybersecurity incident response Security patch management Disaster recovery testing

Leave it if you'd like a reply — we won't use it for anything else.

Click to browse, drag & drop, or paste a screenshot

PNG, JPG, GIF, MP4, WebM, MOV · Max 20MB each · Up to 5 files