Find Your Next Job

Department of Finance logo Department of Finance

Security Operations Center Analyst

Posted on March 27, 2026

Manhattan, United States of America
91566.0 - 110000.0 USD (yearly)

Full Time

Tailor Your Resume for this Job

Security Operations Center Analyst

DEPARTMENT OF FINANCE

Posted On: 03/27/2026

Full-Time

Location

MANHATTAN

Exam May Be Required

Department

Cyber Security

Salary Range:

$91,566.00 – $110,000.00

Save

Job Description

IMPORTANT NOTE: ONLY CANDIDATES WHO HAVE A PERMANENT CYBER SECURITY ANALYST OR IN COMPARABLE CIVIL SERVICE TITLE WILL BE CONSIDERED FOR AN INTERVIEW. PLEASE INCLUDE YOUR EMPLOYEE IDENTIFICATION NUMBER (EIN) AND YOUR TITLE WHEN APPLYING.

NYC Department of Finance (DOF) is responsible for administering the tax revenue laws of the city fairly, efficiently, and transparently to instill public confidence and encourage compliance while providing exceptional customer service.

DOF’s Finance Information Technology (FIT) Division designs, builds, and supports all facets of DOF’s computer systems, including hardware, software, applications, infrastructure, telephone, and data security. FIT delivers and administers tax-related payment programs for the City of New York by providing the information technology solutions needed to achieve its mission of collecting revenue while ensuring an efficient and improved customer experience. FIT is also responsible for the systems and websites which enable citywide payments, land records, property assessment, parking adjudications, customer service, and the Sheriff’s public safety work.

As a member of the Finance Cyber Security Operations Center, the candidate will work within a multidisciplinary team to monitor security systems, identify potential threats, and support incident response activities. This position serves as a critical first line of defense against digital risks, helping safeguard networks and data while gaining hands-on experience and guidance from senior analysts.

Reporting to the Director of Cyber Security Operations, the selected candidate’s responsibilities will include, but not be limited to the following:

Monitor SIEM dashboards, endpoint detection tools, intrusion detection systems, email security platforms, and firewall alerts for indicators of compromise or anomalous activity.
Maintain situational awareness of the security posture by reviewing real time event feeds and scheduled reports.
Identify patterns or behaviors that may indicate malicious activity, policy violations, or system misuse.
Validate and classify alerts to determine severity, credibility, and potential impact.
Collect and analyze log data from multiple sources to establish context around events.
Differentiate between false positives and events requiring escalation, following established playbooks and procedures.
Document investigative steps, observations, and preliminary conclusions in the case management system.
Escalate confirmed or high risk events to senior analysts or incident responders in accordance with the Incident Response Plan.
Assist with containment actions under guidance, such as isolating endpoints or blocking malicious indicators.
Preserve relevant evidence to support further investigation or forensic analysis.
Reference threat intelligence sources to contextualize alerts, identify known indicators, and understand adversary tactics.
May serve as a subject matter expert on characterizing and analyzing network traffic to identify anomalous activity and potential threats to network resources.
Apply frameworks such as MITRE ATT&CK to categorize observed behaviors and support consistent analysis.
Report recurring false positives, tool anomalies, or gaps in visibility to support tuning and optimization efforts.
Verify log ingestion, sensor health, and alert functionality as part of routine operational checks.
May serve as a subject matter expert or Team Lead to coordinate with enterprise-wide cyber defense staff to validate network alerts.
Contribute to maintaining watchlists, detection rules, and operational documentation.
Participate in knowledge sharing sessions, tabletop exercises, and SOC training activities.
Develop foundational skills in networking, operating systems, authentication mechanisms, and common attack techniques.
Work closely with senior analysts, engineers, and incident responders to strengthen investigative capabilities.
May serve as a subject matter expert in the development of content for cyber defense tools.

Additional Information:

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

This position may be eligible for remote work up to 2 days per week, pursuant to the Remote Work Pilot Program agreed between the City and the Collective Bargaining Unit representing employees serving in the civil service title.

CYBER SECURITY ANALYST - 13633

Minimum Qualifications

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

Preferred Skills

- Familiarity with SIEM platforms such as Splunk, Sentinel, Qradar, or Elastic, including basic query creation and alert review. - Understanding of endpoint detection and response tools, intrusion detection systems, and common security monitoring technologies. - Knowledge of networking fundamentals, including TCP/IP, DNS, DHCP, routing, and common network services. - Basic proficiency with Windows and Linux operating systems, especially event logs, system processes, and authentication mechanisms. - Awareness of common attack techniques such as phishing, credential misuse, malware behavior, and lateral movement. - Exposure to cybersecurity frameworks, particularly MITRE ATT&CK, NIST CSF, or NIST 800 61 incident response concepts. - Ability to interpret log data from firewalls, servers, endpoints, and cloud environments. - Strong attention to detail when reviewing alerts, correlating data, and documenting findings. - Ability to identify patterns and anomalies in large volumes of data. - Critical thinking skills to differentiate false positives from legitimate threats. - Structured problem-solving approach aligned with SOC playbooks and standard operating procedures. - Clear written communication for documenting investigations, summarizing findings, and escalating incidents. - Effective verbal communication when coordinating with senior analysts, engineers, or incident responders. - Ability to follow established processes while asking clarifying questions when needed. - Eagerness to learn and adapt to evolving threats, tools, and SOC methodologies. - Ability to work in a fast paced, high tempo environment, including shift-based operations. - Strong sense of accountability and adherence to confidentiality and security policies. - Team oriented mindset with willingness to support peers and contribute to continuous improvement.

55a Program

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

Public Service Loan Forgiveness

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.

Residency Requirement

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.

Save

Job ID

774289

Posted until

04/26/2026

Title code

13633

Civil service title

CYBER SECURITY ANALYST

Title classification

Competitive-1

Business title