Incident Response Analyst

NYSTEC is a nonprofit technology consulting company, advising agencies, organizations, institutions, and businesses since 1996. We're independent and vendor-neutral, so we have our clients' best interests at heart. At NYSTEC, we know that we succeed when individuals and teams flourish personally and professionally, so our benefits and perks support that mindset.

The incident response analyst is responsible for assisting the deputy chief information security officer (DCISO) in overseeing and directing the development and execution of NYSTEC's incident response, business continuity, and disaster recovery initiatives. This role involves coordinating with staff and management at all levels of NYSTEC, as well as engaging with external business partners, to ensure the security, resilience, and continuity of critical business functions and systems.

The incident response analyst will lead and support efforts related to incident detection, response, recovery, and continuity planning, ensuring that security best practices are followed while mitigating risks, minimizing disruptions, and maintaining operational efficiency.

• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures).
• Gather and analyze intrusion artifacts (e.g., malware samples, malicious code, and other indicators of compromise) to support mitigation efforts and enhance the organization's cybersecurity defenses.
• Collaborate with cross-functional teams to provide technical expertise and support in identifying, analyzing, and resolving cybersecurity incidents affecting the organization's mission and operations.
• Coordinate and collaborate with the incident response team to ensure an effective and efficient response to cybersecurity incidents.
• Continuously monitor external threat intelligence sources (e.g., cybersecurity vendors, industry security forums) to stay informed on emerging cyber threats and assess their potential impact on the organization's security posture.
• Conduct trend analysis and reporting to identify patterns, emerging threats, and areas for proactive improvement.
• Develop and publish after-action reports to document incident response efforts, lessons learned, and recommendations for strengthening cybersecurity posture.
• Create and disseminate cybersecurity guidance, best practices, and incident reports to relevant stakeholders to enhance awareness and preparedness.
• Assist in the development, implementation, and testing of business continuity and disaster recovery plans to ensure NYSTEC can maintain critical operations during and after security incidents, disruptions, or disasters. Collaborate with stakeholders to identify key business functions, assess risks, and establish recovery strategies that align with industry best practices.
• Create, refine, and regularly update incident response playbooks to ensure a structured and efficient approach to identifying, containing, eradicating, and recovering from security incidents.
• Assist in planning, facilitating, and evaluating tabletop exercises to test and enhance the organization's incident response capabilities.
• Develop reports on key security metrics, incidents, and response activities over a defined period. Provide insights into trends, lessons learned, and areas for improvement to the Incident Response Team.
• Review and assess AI-generated inputs and outputs to ensure alignment with organizational policies, regulatory requirements, and security best practices. Identify potential risks, biases, or anomalies that could lead to security incidents or policy violations, and work with relevant teams to mitigate any identified concerns.
• Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes, and the development of new attacks or threat outbreaks. This should include continuation of education and certifications to maintain compliance with regulatory requirements and guidelines.
• Demonstrate the NYSTEC Core Values and Behaviors.
• All other duties as assigned.

• Knowledge of security best practices across multiple platforms, such as Microsoft Windows, Microsoft Office365, and Cisco Internetwork Operating System (IOS).
• Understanding of how sharing and permissions work within Microsoft SharePoint.
• Familiar with open-source intelligence sites and applying them to perform security analyses.
• Excellent written and verbal communication skills, time-management skills, and the ability to prioritize tasks efficiently.
• Employs good organizational skills to maintain documentation and evidence gathering for reporting and incident analysis.
• Displays confidence in asking questions and bringing attention to concerns that may arise.
• Exercises a high degree of confidentiality and integrity.
• Team-oriented and skilled in working within a collaborative environment.
• Champions NYSTEC's mission, brand mindsets, core values, and can put the behaviors into practice.

• Computing Technology Industry Association (CompTIA) Security+, certified information systems security professional (CISSP), or similar certification in information security preferred.

• A bachelor's degree, preferably in cybersecurity or a similar discipline, and two years of experience with security management frameworks (e.g., National Institute of Standards and Technology [NIST], SysAdmin, Audit, Network, and Security [SANS]).

The salary range for this position is $79,793.00 to $109,716.00 per year.

It is NYSTEC's policy to provide equal employment opportunity (EEO) to all individuals, regardless of actual or perceived race, color, creed, religion, sex, or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), age, national origin, ancestry, citizenship status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, military service and veteran status, sexual orientation, marital status, or any other characteristic protected by local, state, or federal laws and ordinances. NYSTEC is strongly committed to this policy and believes in the concept and spirit of the law.

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact recruitment@nystec.com if you require a reasonable accommodation to apply for or to perform this job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

Applicants must be authorized to work in the United States without the need for visa sponsorship now or in the future.

Learn more about NYSTEC by visiting www.nystec.com.