Cyber Threat Modeling Integration Engineer

Job Description

Justification: The resource will directly contribute to the Innovation's Cyber Threat Intelligence (CTI) initiatives, including enhancing prevention, detection, response and recovery efforts through various technical and operational methods; to reduce the mean time to detection and response of cybersecurity events experienced in municipal networks while improving process efficiencies. The resource will work with cyber professionals and information sharing partners to build tools and integrations that enable threat analysts and incident responders to more efficiently respond to various cyber security events. Without this resource, CTI will be unable to onboard any additional intelligence sources into its internal threat intelligence platform (ODIN) and, should existing connectors require updates, will be unable to continue using these parsers / connectors. As a result, CTI will be unable to meet certain BAU requirements and OOMs. Work Location: Select one and provide required details: Scheduled Work Hours: Normal business hours Monday-Friday 35 hours/week (not including mandatory unpaid meal break after 6 hours of work). Projected Assignment Start: 9/1/2025 Projected Assignment End Date: 8/31/2026 Note: Normal Business Hours, Monday through Friday (not including a mandatory unpaid meal break after 6 hours of work), 35 work hours per week. If the consultant works more than 35 hours per week, the consultant must request overtime in the Agency's timekeeping system and the project manager must approve those hours worked above the weekly maximum. On Site Work Location: Hybrid: Work location & Remote ( X days in office/ X days remote) X Remote: Monday- Friday; 9-5 SCOPE OF SERVICES TASKS: currently leverages contract engineers to develop and update custom parsers / connectors for the Operational Defense Intelligence Network (ODIN), CTI's primary threat intelligence platform and workbench. These parsers / connectors are used to automate the importation of data and reports into ODIN from our internal and external intelligence and data sources, which are critical to core CTI functions and workflows, including disseminating intelligence to its stakeholder-facing finished intelligence (FINTEL) platform, Threat Observables and Reports (ThOR). CTI requires development of several additional parsers / connectors to meet organizational requirements and support periodic updates and tuning of existing parsers / connectors. The access to shared threat intelligence and models enabled by these parsers / connectors provides a wider view into the network threat spectrum as provided by multiple threat models, vendors and industry partners.

• Designandimplementsolutionsthatenhancesthesecuritypostureoftoolsacrossmultiple
• DevelopsecuritycontentfortoolsandtechnologiesthattheThreatManagementteamrelies on to ensure business as usual functioning.
• Integrateinnovativeandcustomtechnologytoimproveaccuracyofalertsandnotifications received by teams within Threat Management.
• Createwelldocumentedandclearlyarticulatedcode,processandservices
• Understanding REST and SOAP API usage and implementing solutions utilizing APIs from CyberCommandutilizedsolutions,thatenhancedetectionandresponsecapabilitiesofthe OTI Threat Management.
• Work closely with Cyber Command Security Sciences team to ensure continuous improvementofthesecuritypostureofkeytoolsandtechnologiesthatprotecttheCityof New York.
• Handlespecialprojectsandinitiativesas

MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will not be considered Apply tot his job Apply To this Job