Incident Commander

To apply for this job please sign in or enter your email below.

NYC Office of Technology and Innovation · Brooklyn, NY

Information Technology
Public Service & Civic Engagement
$80,931 - $200,000 Per Year
Posted 3 weeks ago

Report an Issue

Job Description


The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology, and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

The Incident Commander (IC) is responsible for management, supervision, and coordination of cyber security incidents as part of a 24x7 operation. As the ideal blend between a high-level executive and a technician, the IC maintains incident response playbooks, conducts cyber tabletop exercises, acts as a liaison on third party incidents, and communicates with Agency and City Hall stakeholder leadership. The IC conducts gap identification and program maturity recommendations to ensure that the Security Operations Center (SOC) is staffed 24/7, 365 with capable leadership who can take immediate actions upon notification of a cyber security incident.

Responsibilities for the Incident Commander position will include, but are not limited to, the following:
- Lead significant or high-profile incidents, including validating and escalating incidents, coordinating response activities across multiple city agencies in a 24x7 operational tempo;
- Rapid, independent decision making in stressful / fluid situations, including those that impact critical life safety and business systems;
- Provide strategic guidance on and tracking of tools/visibility/capabilities gaps affecting information security posture;
- Serve as a liaison between the SOC and the impacted agency or agencies business and technical teams during an incident;
- Coordinate and directing efforts among Security Operations team members throughout the incident response life cycle;
- Provide timely and relevant updates to appropriate executive stakeholders and Agency leadership;
- Conduct after action reporting (AAR) and provides relevant insights to guide improvements and adjustments to cyber security response processes;
- Test and update incident response plans and processes to address existing and emerging threats;
- Maintain strong working relationships across City technology and security teams;
- Perform special projects and initiatives as assigned.

Minimum Qualifications

1. A baccalaureate degree from an accredited college including or supplemented by 24 credits in the field of voice and/or data telecommunications or in a pertinent scientific, technical, electronic or related area, and four years of satisfactory fulltime experience in the performance of analytical, planning, operational, technical, or administrative duties in a voice and/or data telecommunications or closely related electronics planning, management, and/or service organization, one year of which must have been in a highly specialized capacity and 18 months must have been in an executive, managerial, or administrative capacity or in the supervision of staff performing work in the voice and/or data telecommunications field; or
2. An associate degree from an accredited college including or supplemented by 12 credits in the field of voice and/or data telecommunications or in a pertinent, scientific, technical, electronic or related area and five years of experience as described in "1" above; or
3. Education and/or experience equivalent to "1" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and one year of the specialized experience as described in "1" above and must possess the 18 months of executive, managerial, administrative or supervisory experience as described in "1" above.

Preferred Skills

The preferred candidate should possess the following: - Possess 7+ years of experience in information security incident handling and security operations - Possess 6+ years of experience supervising or managerial experience - Demonstrate experience in effectively managing large-scale and complex incidents of various types, including APT, DDOS, malicious insider, web and mobile applications, data exfiltration, etc - Exhibit the ability to independently analyze complex problems, extract relevant findings, and determine root causes - Possess comprehensive knowledge of technologies, systems, and networks, including an understanding of common gaps that may impact an organization's ability to detect and respond to cyber threats effectively - Demonstrate a strong understanding of adversary tactics, techniques, and procedures commonly employed - Hold a Bachelor's degree in Information Technology, a related discipline, or possess equivalent work experience - Possess exceptional communication skills to effectively convey complex and technical issues to diverse audiences, both orally and in writing, using an authoritative and actionable approach - Show proficiency in influencing others to modify their opinions, plans, or behaviors - Have a team-oriented mindset with proven abilities to collaborate effectively with diverse stakeholders - Demonstrate strong organizational skills, including the ability to manage multiple high-visibility issues concurrently - Possess relevant technical security certifications such as GCIA, GCIH, GCFA, GHFI, GNFA, GREM (a plus).
55a Program

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.
Public Service Loan Forgiveness

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at
Residency Requirement

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.
Additional Information


The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.

Related Jobs

View more open tech jobs in Brooklyn, NY
Be the first to see new Incident Commander jobs

Save this search to get an email when new jobs match this search.

Create Email Alert