Job Details

Job Description Justification: The resource function is essential to NYC3's ability to defend City systems from cyber threat including direct support of life safety, and revenue generating operations. Ransomware authors are routinely targeting critical infrastructure. The Analyst will contribute to NYC3's ability to respond to citywide cybersecurity incidents and conduct investigations. Lack of resources would result in increased likelihood of cyber events that may require costly remediation efforts.
Work Location:
x Hybrid: Work location & Remote (3 days in office/2 days remote)
11 Metrotech, Brooklyn, NY 11201
Monday- Friday; 9-5
Scheduled Work Hours: Normal business hours Monday-Friday 35 hours/week (not including mandatory unpaid meal break after 6 hours of work).
Assignment Start: 1/13/2026
Assignment End Date: 1/12/2028
Note: Normal Business Hours, Monday through Friday (not including a mandatory unpaid meal break after 6 hours of work), 35 work hours per week. If the consultant works more than 35 hours per week, the consultant must request overtime in the Agency's timekeeping system and the project manager must approve those hours worked above the weekly maximum.

SCOPE OF SERVICES
The forensics Analyst will investigate network intrusions and other cyber incidents to determine cause, extent and consequences of the breach.
TASKS:
• Research and develop new techniques, and procedures to continually improve the digital forensics process.
• Produce high quality written work product presenting complex technical issues clearly and concisely.
• Managing and maintaining the analysis labs and forensics tools leveraged for investigations.
• Ensuring data is collected and preserved within industry standard best practices and in alignment evidence integrity requirements.
• ssisting the Cyber Emergency Response Team during critical incidents.
• Investigate network intrusions and other cybersecurity incidents to determine the cause and extent of the breach. Includes ability to perform host-based and network-based forensic analysis.
MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will
not be considered
• Minimum 4 years of experience in Threat Management/Forensics Investigations/Incident Response environment
• Proficient in performing digital forensic investigations on a variety of platforms and operating systems with a deep understanding of digital forensics processes and tools.
DESIRABLE SKILLS/EXPERIENCE:
• Experience with a wide range of forensic tools (FTK, X-Ways, SIFT, AXIOM, EnCase, etc.)
• Experience with memory analysis tools (i.e. Volatility, MemProcFS)
• Experience with Linux and open source tools
• Experience investigating intrusions on Windows and Linux/Unix operating systems
• Experience with performing forensics collections in cloud environments (AWS, Azure, GCP)
• Knowledge of gathering, accessing, and assessing evidence from computer systems and electronic devices
• Knowledge of virtual environments
• Knowledge of forensic imaging techniques
• Knowledge of Microsoft Windows operating system and Windows artifacts
• Knowledge of Linux/UNIX operating systems and artifacts
• Knowledge of macOS operating system and forensics artifacts
• Knowledge of file systems
• Strong analytical skills