Metropolitan Transportation Authority
Cybersecurity Analyst SOC Levels 3-5
Metropolitan Transportation Authority, New York, New York, us, 10261
Description
Position at MTA Headquarters
Job Information
Job Title: Cybersecurity Analyst SOC Levels 3-5
Salary Range:
Level 3: $95,929 - $127,050
Level 4: $102,760 - $139,755
Level 5: $114,537 - $153,731
POINTS:
Level 3 - 393
Level 4 - 451
Level 5 - 551
DEPT/DIV:
MTA Information Technology/ Office of IT Cyber Security Services
SUPERVISOR:
Cyber Security Officer, Monitoring
LOCATION:
2 Broadway, New York, NY 10004
HOURS OF WORK:
12:00am - 8:30am (7.5hours/day)
8:00am - 4:30pm (7.5hours/day)
3:30pm - 12:00am (7.5hours/day)
This position is eligible for telework which is currently 2 days per week. New Hires are eligible to apply 30 days after their effective date of hire.
Summary
The purpose of this position is to provide critical technical expertise in the detection, analysis and response to cybersecurity events. Cybersecurity Analyst will be responsible for early and accurate detection, prevention response, containment, and guidance to remediation of threats directed against the MTA on a 24/7 basis. The analysis is conducted through technology risk assessments, data analytics tools, business processes reviews and collaborate with security engineers, architects, developers, vendors, business units to constantly improve the overall security of the MTA. The cybersecurity analyst will focus on specific domains and specialties within cybersecurity with a great degree of specialty to detect, protect and advise the organization proactively and reactively.
The Cybersecurity Analyst will be a member of the Cyber Security Operation Center "CSOC". This role will conduct real-time 24/7 security monitoring and intrusion detection analysis using a Security Incident & Event Management system "SIEM" along with various technology and analytic tools, such as web and next generation firewalls, machine and human behavior learning tools, host-based security system, security event and incident monitoring systems, virtual, physical, and cloud platforms, user endpoint (laptop, desktop, mobile, and internet of things/IOT) systems, etc. The Analyst will research emerging threats and vulnerabilities to aid in the identification and analysis of network incidents, and supports the creation or improvement of security controls, policies, standards, and guidance to address them.
Desired SkillsAbility to perform analysis and remediation actions on threats from various attack vectors such as: malware, viruses, ransomware, phishing, SQL Injection, compromised credentials, DDOS etc.Ability to provide incident response supportAbility to mitigate actions to contain activityAbility to facility forensic analysisResponsibilities:
Conducts security monitoring and intrusion detection analysis using various technology and analytic tools, such as web and next generation firewalls, machine and human behavior learning tools, host-based security system, security event and incident monitoring systems, virtual, physical, and cloud platforms, user endpoint (laptop, desktop, mobile, and internet of things/IOT) systems, etc.Correlates events and activities across systems to identify trends of unauthorized use.Reviews alerts and data from sensors and documents formal, technical incident reports.Tests new systems and manage cybersecurity risks and remediation through analysis.Responds to computer security incidents according to the computer security incident response policy and procedures.Provides technical guidance to first responders for handling information security incidents.Provides timely and relevant updates to appropriate stakeholders and decision makers.Communicates investigation findings to relevant business units to help improve the information security posture.Validates and maintains incident response plans and processes to address potential threats.Compiles and analyzes data for management reporting and metrics.Monitors relevant information sources to stay up to date on current attacks and trends.Analyzes potential impact of new threats and communicates risks back to detection engineering functions.Performs root-cause analysis to document findings and participate in root-cause elimination activities as required.Works with data sets to identify patterns.Understands data automation and analysis techniques.Uses judgment to form conclusions that may challenge conventional wisdom.Anticipate new threats and indicators of compromise.Hypothesizes new threats and indicators of compromise.Monitors threat intelligence feeds to identify a range of threats, including indicators of compromise and advanced persistent threats (APTs)Identifies the tactics, techniques, and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks.Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.Perform Contract management and supply management functions appropriate to reduce security risks.The role will provide a proactive approach to cybersecurity while also performing investigation of security incidents related to MTA operations related to Cyber Security.Level 3
Ability to perform basic event analysis and validation of security incidents.Performs basic analysis while following established procedures to ensure security of systems, contractor, and/or process.Assists in executing tests and reporting on system security parameters to support security of system, contractor, and/or vendor.Performs basic troubleshooting and escalates issues as appropriate to ensure effective resolution of security baseline deviations and risks.Reviews and correlates system logs/events utilizing a Security Information & Event Management and provides support.Participates on project teams, providing information and documentation and executing well defined changes under guidance to ensure the infrastructure meets organization needs.Provides routine analysis on assigned technologies, following established procedures to ensure safety and security of systems, vendor performance, or processes.Reviews and correlates system logs to identify potential cybersecurity and technical issues.Provides proactive monitoring and analysis for a domain of the cybersecurity to ensure systems security baseline targets are met.Implements changes to one or more cybersecurity related domain technologies, executing tests and reporting on security baselines, violations/anomalies, to meet requested needs.Troubleshoot and investigate cybersecurity incidents and issues by analyzing a chain of events and applying technical knowledge following established procedures and standards to resolve immediate customer needs.Maintains and updates existing documentation and standard operating procedures to ensure accurate and timely information is available for assigned systems.Works with more experienced colleagues and other IT technical resources to improve coordination of cybersecurity requirements and analyze issues as they arise.Participate in the evaluation of new products and technologies, under the direction and guidance of senior colleagues, relevant to assigned cybersecurity area to enhance cybersecurity posture and reduce risk to the MTA while achieving objectives.Level 4
Same as Level 3 with the following additional qualifications:
Executes to the defined product lifecycle, manages the product lifecycle for a component of the infrastructure, proposes changes for implementation, gathers data and analyzes capacity and performance to assure operational availability.Analyzes the current state of the infrastructure and identifies opportunities for improvement to ensure systems meet business needs. Contributes to changes to established roadmaps, documents them effectively and executes the implementation of changes in their area(s) of responsibility.Provides ongoing support and troubleshooting for installed technical solutions by analyzing a chain of events and applying technical knowledge, following established procedures and standards to resolve immediate customer needs.Investigates, evaluates, and tests new products and technologies relevant to assigned infrastructure subsets to enhance cybersecurity analytics and overall security posture. Implements and/or supports the implementation of new technologies for their area of the cybersecurity that affects infrastructure, applications and/or processes.Promotes security standards and supports efforts to expand and migrate to future security architecture to improve security and share learning.Level 5
Same as Level 4 with the following additional qualifications:
Provides more advanced analytical capability in several security domains.Adds new components to a roadmap, documents them effectively, and directs the testing and implementation of changes.When provided with an objective to improve security in their security domain(s) and related technology, develops and implements action plans needed to effect the change.Research new technologies/products and their impact on the infrastructure, prepares a preliminary evaluation of technologies/products and associated costs, and develops and presents recommendations to support anticipated future business needs.Receives security and performance data and analyzes the baselines and efficacy of installed technologies. Proposes and implements any required changes, including identifying and planning for any resulting impacts on other technologies to optimize system availability and continuity.Provides ongoing support and troubleshooting for incidents, correlations and reporting to more junior analysts to resolve immediate security threats and/or customer needs.Provides technical leadership to project teams in their area of expertise and/or leads teams to complete projects specific to their area(s) of expertise to maximize and share learning.Provides guidance and technical coaching to less experienced staff to support effective workflow and develop technical talent.Education & Experience
Level 3
Bachelor's degree in computer science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.CISSP or other advanced security-related certification preferred but not required.Certifications in technology subdomains preferred but not required (ie. Cloud, Applications, Infrastructure, Security Technology, etc.)2+ years of relevant experience.Requires prior experience with installing, maintaining and troubleshooting technology systems.Proven ability to troubleshoot and support technical issues using standardized procedures.Proven ability to analyze a security risk assessment or conduct one with guidance.Understanding of Operating Systems and HardwareUnderstanding of TCP/IP (OSI Layers 1- 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.Scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.1 year of experience in a specific (Cloud, Applications, Infrastructure, Security Technology, etc.) cybersecurity subdomain is preferred.Level 4
Bachelor's degree in computer science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.3+ years of relevant experience or 18 months of experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.).Current CISSP or other advanced security-related certification preferred but not required.Certifications in technology subdomains preferred but not required (ie. Cloud, Applications, Infrastructure, Security Technology, etc.)Proven ability to independently evaluate and resolve most problems within an area of infrastructure, applications within a security domain context.Proven ability to analyze and/or conduct a security risk assessment.Understanding of Operating Systems and HardwareAdvanced understanding of TCP/IP (OSI Layers 1- 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.Scripting or programming skills (PERL, Python, PowerShell, etc.).Level 5
Bachelor's degree in computer science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.5+ years of relevant experience or 2.5 years of experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.)Current CISSP or other advanced security-related certification preferred.Certifications in technology subdomains preferred but not required (ie. Cloud, Applications, Infrastructure, Security Technology, etc.).Progressive cybersecurity related accomplishmentsRequires broad technical knowledge of multiple technologies, or an in-depth knowledge of one technology including its impact on other technologies.Proven ability to analyze and/or conduct a security risk assessment.Understanding of Operating Systems and HardwareAdvanced understanding of TCP/IP (OSI Layers 1- 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.Scripting or programming skills (PERL, Python, PowerShell, etc.) as needed.
Other Information
Please be advised that pursuant to MTA Code of Ethics and New York State Ethics Law, you have been designated as a policy maker. Therefore, you will be required to file an annual financial disclosure statement with the Commission on Ethics and Lobbying in Government. The Commission will notify you of this filing requirement via your work email. Upon receipt of notification from the Commission you will have 30 days to complete your financial disclosure statement.
Equal Employment Opportunity
MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.
The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.
Position at MTA Headquarters
Job Information
Job Title: Cybersecurity Analyst SOC Levels 3-5
Salary Range:
Level 3: $95,929 - $127,050
Level 4: $102,760 - $139,755
Level 5: $114,537 - $153,731
POINTS:
Level 3 - 393
Level 4 - 451
Level 5 - 551
DEPT/DIV:
MTA Information Technology/ Office of IT Cyber Security Services
SUPERVISOR:
Cyber Security Officer, Monitoring
LOCATION:
2 Broadway, New York, NY 10004
HOURS OF WORK:
12:00am - 8:30am (7.5hours/day)
8:00am - 4:30pm (7.5hours/day)
3:30pm - 12:00am (7.5hours/day)
This position is eligible for telework which is currently 2 days per week. New Hires are eligible to apply 30 days after their effective date of hire.
Summary
The purpose of this position is to provide critical technical expertise in the detection, analysis and response to cybersecurity events. Cybersecurity Analyst will be responsible for early and accurate detection, prevention response, containment, and guidance to remediation of threats directed against the MTA on a 24/7 basis. The analysis is conducted through technology risk assessments, data analytics tools, business processes reviews and collaborate with security engineers, architects, developers, vendors, business units to constantly improve the overall security of the MTA. The cybersecurity analyst will focus on specific domains and specialties within cybersecurity with a great degree of specialty to detect, protect and advise the organization proactively and reactively.
The Cybersecurity Analyst will be a member of the Cyber Security Operation Center "CSOC". This role will conduct real-time 24/7 security monitoring and intrusion detection analysis using a Security Incident & Event Management system "SIEM" along with various technology and analytic tools, such as web and next generation firewalls, machine and human behavior learning tools, host-based security system, security event and incident monitoring systems, virtual, physical, and cloud platforms, user endpoint (laptop, desktop, mobile, and internet of things/IOT) systems, etc. The Analyst will research emerging threats and vulnerabilities to aid in the identification and analysis of network incidents, and supports the creation or improvement of security controls, policies, standards, and guidance to address them.
Desired SkillsAbility to perform analysis and remediation actions on threats from various attack vectors such as: malware, viruses, ransomware, phishing, SQL Injection, compromised credentials, DDOS etc.Ability to provide incident response supportAbility to mitigate actions to contain activityAbility to facility forensic analysisResponsibilities:
Conducts security monitoring and intrusion detection analysis using various technology and analytic tools, such as web and next generation firewalls, machine and human behavior learning tools, host-based security system, security event and incident monitoring systems, virtual, physical, and cloud platforms, user endpoint (laptop, desktop, mobile, and internet of things/IOT) systems, etc.Correlates events and activities across systems to identify trends of unauthorized use.Reviews alerts and data from sensors and documents formal, technical incident reports.Tests new systems and manage cybersecurity risks and remediation through analysis.Responds to computer security incidents according to the computer security incident response policy and procedures.Provides technical guidance to first responders for handling information security incidents.Provides timely and relevant updates to appropriate stakeholders and decision makers.Communicates investigation findings to relevant business units to help improve the information security posture.Validates and maintains incident response plans and processes to address potential threats.Compiles and analyzes data for management reporting and metrics.Monitors relevant information sources to stay up to date on current attacks and trends.Analyzes potential impact of new threats and communicates risks back to detection engineering functions.Performs root-cause analysis to document findings and participate in root-cause elimination activities as required.Works with data sets to identify patterns.Understands data automation and analysis techniques.Uses judgment to form conclusions that may challenge conventional wisdom.Anticipate new threats and indicators of compromise.Hypothesizes new threats and indicators of compromise.Monitors threat intelligence feeds to identify a range of threats, including indicators of compromise and advanced persistent threats (APTs)Identifies the tactics, techniques, and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks.Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.Perform Contract management and supply management functions appropriate to reduce security risks.The role will provide a proactive approach to cybersecurity while also performing investigation of security incidents related to MTA operations related to Cyber Security.Level 3
Ability to perform basic event analysis and validation of security incidents.Performs basic analysis while following established procedures to ensure security of systems, contractor, and/or process.Assists in executing tests and reporting on system security parameters to support security of system, contractor, and/or vendor.Performs basic troubleshooting and escalates issues as appropriate to ensure effective resolution of security baseline deviations and risks.Reviews and correlates system logs/events utilizing a Security Information & Event Management and provides support.Participates on project teams, providing information and documentation and executing well defined changes under guidance to ensure the infrastructure meets organization needs.Provides routine analysis on assigned technologies, following established procedures to ensure safety and security of systems, vendor performance, or processes.Reviews and correlates system logs to identify potential cybersecurity and technical issues.Provides proactive monitoring and analysis for a domain of the cybersecurity to ensure systems security baseline targets are met.Implements changes to one or more cybersecurity related domain technologies, executing tests and reporting on security baselines, violations/anomalies, to meet requested needs.Troubleshoot and investigate cybersecurity incidents and issues by analyzing a chain of events and applying technical knowledge following established procedures and standards to resolve immediate customer needs.Maintains and updates existing documentation and standard operating procedures to ensure accurate and timely information is available for assigned systems.Works with more experienced colleagues and other IT technical resources to improve coordination of cybersecurity requirements and analyze issues as they arise.Participate in the evaluation of new products and technologies, under the direction and guidance of senior colleagues, relevant to assigned cybersecurity area to enhance cybersecurity posture and reduce risk to the MTA while achieving objectives.Level 4
Same as Level 3 with the following additional qualifications:
Executes to the defined product lifecycle, manages the product lifecycle for a component of the infrastructure, proposes changes for implementation, gathers data and analyzes capacity and performance to assure operational availability.Analyzes the current state of the infrastructure and identifies opportunities for improvement to ensure systems meet business needs. Contributes to changes to established roadmaps, documents them effectively and executes the implementation of changes in their area(s) of responsibility.Provides ongoing support and troubleshooting for installed technical solutions by analyzing a chain of events and applying technical knowledge, following established procedures and standards to resolve immediate customer needs.Investigates, evaluates, and tests new products and technologies relevant to assigned infrastructure subsets to enhance cybersecurity analytics and overall security posture. Implements and/or supports the implementation of new technologies for their area of the cybersecurity that affects infrastructure, applications and/or processes.Promotes security standards and supports efforts to expand and migrate to future security architecture to improve security and share learning.Level 5
Same as Level 4 with the following additional qualifications:
Provides more advanced analytical capability in several security domains.Adds new components to a roadmap, documents them effectively, and directs the testing and implementation of changes.When provided with an objective to improve security in their security domain(s) and related technology, develops and implements action plans needed to effect the change.Research new technologies/products and their impact on the infrastructure, prepares a preliminary evaluation of technologies/products and associated costs, and develops and presents recommendations to support anticipated future business needs.Receives security and performance data and analyzes the baselines and efficacy of installed technologies. Proposes and implements any required changes, including identifying and planning for any resulting impacts on other technologies to optimize system availability and continuity.Provides ongoing support and troubleshooting for incidents, correlations and reporting to more junior analysts to resolve immediate security threats and/or customer needs.Provides technical leadership to project teams in their area of expertise and/or leads teams to complete projects specific to their area(s) of expertise to maximize and share learning.Provides guidance and technical coaching to less experienced staff to support effective workflow and develop technical talent.Education & Experience
Level 3
Bachelor's degree in computer science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.CISSP or other advanced security-related certification preferred but not required.Certifications in technology subdomains preferred but not required (ie. Cloud, Applications, Infrastructure, Security Technology, etc.)2+ years of relevant experience.Requires prior experience with installing, maintaining and troubleshooting technology systems.Proven ability to troubleshoot and support technical issues using standardized procedures.Proven ability to analyze a security risk assessment or conduct one with guidance.Understanding of Operating Systems and HardwareUnderstanding of TCP/IP (OSI Layers 1- 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.Scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.1 year of experience in a specific (Cloud, Applications, Infrastructure, Security Technology, etc.) cybersecurity subdomain is preferred.Level 4
Bachelor's degree in computer science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.3+ years of relevant experience or 18 months of experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.).Current CISSP or other advanced security-related certification preferred but not required.Certifications in technology subdomains preferred but not required (ie. Cloud, Applications, Infrastructure, Security Technology, etc.)Proven ability to independently evaluate and resolve most problems within an area of infrastructure, applications within a security domain context.Proven ability to analyze and/or conduct a security risk assessment.Understanding of Operating Systems and HardwareAdvanced understanding of TCP/IP (OSI Layers 1- 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.Scripting or programming skills (PERL, Python, PowerShell, etc.).Level 5
Bachelor's degree in computer science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.5+ years of relevant experience or 2.5 years of experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.)Current CISSP or other advanced security-related certification preferred.Certifications in technology subdomains preferred but not required (ie. Cloud, Applications, Infrastructure, Security Technology, etc.).Progressive cybersecurity related accomplishmentsRequires broad technical knowledge of multiple technologies, or an in-depth knowledge of one technology including its impact on other technologies.Proven ability to analyze and/or conduct a security risk assessment.Understanding of Operating Systems and HardwareAdvanced understanding of TCP/IP (OSI Layers 1- 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.Scripting or programming skills (PERL, Python, PowerShell, etc.) as needed.
Other Information
Please be advised that pursuant to MTA Code of Ethics and New York State Ethics Law, you have been designated as a policy maker. Therefore, you will be required to file an annual financial disclosure statement with the Commission on Ethics and Lobbying in Government. The Commission will notify you of this filing requirement via your work email. Upon receipt of notification from the Commission you will have 30 days to complete your financial disclosure statement.
Equal Employment Opportunity
MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.
The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.