Senior Cyber Incident Response & Forensics Specialist

Duties Description The incumbent of this position will report to the Cyber Incident Response Team Unit within the Office of Counter Terrorism. Description The incumbent of this position will report to the Cyber Incident Response Team Unit within the Office of Counter Terrorism. Duties Include But Are Not Limited To The Following Serve as a subject matter expert in cybersecurity incident response. Provide cyber incident response support, including digital forensics and root cause analysis, for confirmed actionable incidents such as detected cyber‑attacks, malware infections, or ransomware events. Determine root cause(s) of a cyber incident and provide affected entities with actionable recommendations to contain, eradicate, and mitigate threats. Respond to reported cyber incidents swiftly and ensure all incidents are documented accurately in the tracking system in a timely manner. Escalate and brief leadership on cyber incidents, especially those that could have an impact to health, safety, and state operations. Maintain clear and consistent communication with cyber partners across New York State throughout the incident response process. Use incident data to identify specific vulnerabilities and provide recommendations to help strengthen the affected entities security posture and prevent future threats. Continuously develop, review, and update digital forensics and incident response policies, procedures, and user guides to support program growth and improvement. Manage the digital forensics and incident response lab functions, including managing tools, resources, and workflows to stay current and prepared. Effectively communicate cybersecurity details and technical analysis to audiences within an organization to ensure appropriate actions are taken by decision‑makers. Communicate cyber threats and vulnerabilities clearly and concisely, both verbally and in writing, to state and local officials, ensuring they are informed and able to take appropriate action. Maintain up‑to‑date technical knowledge of cybersecurity issues and emerging trends to stay ahead of potential risks and support proactive security development. Assist in developing and distributing actionable strategic, technical, and tactical cyber information and intelligence to non‑executive agencies, local governments, and public authorities through weekly, monthly, or ad‑hoc reports, briefings, and presentations. Support cybersecurity meetings, presentations, seminars, etc., to foster information‑sharing and raise awareness across relevant stakeholders. Support training exercises targeting non‑executive agencies, local governments, and public authorities focusing on cybersecurity best practices. Support the adjacent DHSES CIRT cyber programs and ad‑hoc initiatives. Occasional travel may be required (no more than 20%), including evening and weekends, depending on mission and assignment. Possession and maintenance of a valid Driver’s License issued by the Department of Motor Vehicle is required, or otherwise demonstrate the capacity to meet the transportation needs of the job. Qualifications Minimum Qualifications

NON‑COMPETITIVE

Six years of information technology, cybersecurity, or information assurance experience, including one year at the supervisory level. Substitutions An associate degree with 15 semester credit hours in computer science or related field may substitute for one year of required experience. Candidates in a bachelor’s degree program with at least 15 semester credit hours in computer science or related field may substitute such credits for one year of required experience. A bachelor's or higher‑level degree in any field including or supplemented by 15 semester credit hours in computer science or related field substitutes for three years of required experience; any bachelor’s substitutes for two years of required experience. A master’s degree or higher in computer science or related field substitutes for one year of required experience. Desired Certifications SANS Global Information Assurance Certification (GIAC) Penetration Tester (GPEN) Certified Incident Handler (GCIH) Web Application Penetration Tester (GWAPT) Global Certified Forensic Analyst (GCFA) Global Certified Forensic Examiner (GCFE) GIAC Cloud Forensic Responder (GCFR) GIAC Enterprise Incident Response (GEIR) Global Network Forensic Analysis (GNFA) GIAC Reverse Engineering Malware (GREM) Additional Comments NOTE: Support of operations during times of emergency and disaster from State Emergency Operations Center (EOC), state field offices and/or local deployments may be required, which would result in a change and/or increase in working hours, locations and/or duties. NOTE ON TELECOMMUTING: Employees are required to apply and obtain approval through management to telecommute according to the agency's Telecommuting Program Guidelines. The Division of Homeland Security and Emergency Services (DHSES) is an equal opportunity employer. In accordance with the NYS Human Rights Law, DHSES does not discriminate based upon age, race, creed, color, national origin, sexual orientation, gender identity or expression, religion, military or veteran status, sex, disability (including pregnancy‑related conditions), predisposing genetic characteristics, familial status, marital status or status as a victim of domestic violence, or other applicable legally protected characteristics. DHSES is committed to fostering diversity, inclusion, and accessibility in the workplace and is committed to providing our programs and services without discrimination. In support of Executive Order 31, all qualified individuals with disabilities are encouraged to apply. #J-18808-Ljbffr NYS Division of Homeland Security & Emergency Services