ABOUT NEW YORK CITY CYBER COMMAND
New York City Cyber Command (NYC3) is committed to protecting City systems that provide vital services to New Yorkers from cyber threats, and helping residents become safer in their digital lives.
As the organization defending the largest municipality in the country, NYC3 is charged with directing citywide incident response, setting citywide cybersecurity policies and standards and working with city agencies to strengthen their cyber defenses.
The mission of the NYC3 is to Prevent, Detect, Respond and Recover from cyber threats against the data and infrastructure of the City of New York, in collaboration with public and private sector partners. Computer Emergency Response Team (CERT) Analysts within NYC Cyber Command perform many critical functions within the Threat Management discipline. As a CERT Analyst, you will work closely with the CERT, Security Operations Center (SOC), Counter Threat Automation (CTA) team, and Cyber Intelligence team on triaging, responding, remediating and recovering from high severity incidents involving over 140 agencies of the City of New York. The spring intern will assist in incident response projects to improve the detection and response capabilities of the city.
Responsibilities will include:
Build detection rules with the log management solution to alert on anomalous behavior indicative of a malicious threat actor.
Deliver recommendations and actions to improve the detection, escalation, containment and resolution of incidents.
Maintain knowledge of the current security threats and actors and their relevance to the City by monitoring reports and intel sources.
Build metrics utilizing a data security approach to gain insight into attacks and responses to incidents within the City of New York.
Assist in root cause analysis of high severity incidents.
Work with NYC3 Data Sciences team to ensure accuracy of the alerts being generated from their machine learning algorithms in relation with the threats observed and correlation.
An active knowledge of current trends in computer security, software/hardware vulnerabilities.
A general knowledge on security fundamentals and an inquiring mind.
An active interest in current security research.
Knowledge in network analysis, host analysis and IDS/IPS technology.
Experience reviewing and correlating logs from various sources.
Familiarity with Cyber Kill Chain, MITRE ATT&CK techniques.
Due to the ongoing COVID-19 pandemic, this opportunity will be remote. The internship is unpaid and interns must show proof of eligibility for academic credit or funding from their institution or authorized third party. The length of this internship will be no longer than 12 weeks.