MTA, Inc.
Cybersecurity Engineer - Security Specialty OT (Level 5)
MTA, Inc., New York, New York, us, 10261
Cybersecurity Engineer – Security Specialty OT (Level 5)
Job ID: 9642
Business Unit: MTA Headquarters
Location: New York, NY, United States
Regular/Temporary: Regular
Department: IT CISO
Date Posted: Nov 21, 2024
Description
JOB TITLE: Cybersecurity Engineer – Security Specialty OT (Level 5)
SALARY RANGE: $114,537 - $153,731
HAY POINTS: 551
DEPT/DIV: Information Technology / Cybersecurity
SUPERVISOR: Cybersecurity Manager, IT Cyber Security
LOCATION: Various/ 2 Broadway New York, NY 10004
HOURS OF WORK: 9:00 am - 5:30 pm (7.5 hours or as required)
APPLICATION DEADLINE: November 29, 2024
This position is eligible for telework which is currently two day per week. New hires are eligible to apply 30 days after their effective date of hire.
About us:
The MTA transportation network has very large systems and infrastructure for financial, business, automated train, transportation, power, and physical security. The MTA IT Department, is centrally responsible for providing a full range of Information and Operational Technology services to the MTA agencies and administrative units through its operating and support units.
The MTA IT Cybersecurity organization, is responsible for identifying, developing, implementing, and integrating cybersecurity-related processes internal and third-party supplier organizations to reduce the operational risks, reputational risks and financial risks. The organization also has robust cybersecurity operations functions designed to protect the MTA in real-time on a 7/24/365 basis.
Summary of Job
The purpose of this position is to provide technical expertise in managing and analyzing cybersecurity risks. Cybers ecurity Engineer will be responsible for design, building and maintaining infrastructure, applications technology to support a secure cybersecurity posture. These include systems that support cybersecurity directly and/or the business operations for Information and Operational Technology disciplines. Secure building and configuration of systems (applications, infrastructure, wireless, carrier systems, cloud, operational technology, IOT, etc.) from the outset reduces risk to MTA. Specialized and focused skillets in various technology domains assist with the overall risk reduction for the MTA. The configuration, hardening, guidance, response, and analysis of these systems aide in reduction and containment of Cyber Security risk. Risk assessments, data analytics tools, operational process reviews, and collaboration with security engineers, architects, developers, vendors, business units to constantly improve the overall security of the MTA
Responsibilities
Researching emerging threats and vulnerabilities to aid in the identification of network incidents, and supports the creation of new architecture, policies, standards, and guidance to address them
Knowledge and practical implementation of secure system configuration and hardening standards
Design, configure and integrated secure solutions in the technology domains assigned
Provide incident response support, including mitigating actions to contain activity and facilitating forensics analysis, system hardening and recovery when necessary
Provides installation, system configuration, hardening and optimization for infrastructure, application, and security components and systems such as servers, workstations, mobile devices, directory services, operating systems, middleware, IOT, web and next generation firewalls, machine and human behavior learning tools, host-based security system, security event and incident monitoring systems, virtual, physical, and cloud platforms.
Identifies configuration gaps independently and/or with vendors to reduce cybersecurity risks
Reviews alerts and data from sensors and documents formal, technical incident reports
Tests new systems and manage cybersecurity risks and remediation system testing, baseline, and best practices
Responds to computer security incidents according to the computer security incident response policy and procedures
Provides technical guidance to first responders for handling information security incidents
Provides timely and relevant updates to appropriate stakeholders and decision makers
Communicates investigation findings to relevant business units to help improve the information security posture
Validates and maintains incident response plans and processes to address potential threats
Compiles and analyzes data for management reporting and metrics
Monitors relevant information sources to stay up to date on current attacks and trends
Analyzes potential impact of new threats and communicates risks back to detection analyst, architect, technology SME, and management functions
Performs root-cause analysis to document findings, and participate in root-cause elimination activities as required
Uses judgment to form conclusions that may challenge conventional wisdom
Hypothesizes new threats and indicators of compromise
Monitors threat intelligence feeds to identify a range of threats, including indicators of compromise and advanced persistent threats (APTs)
Identifies the tactics, techniques and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks.
Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate
The role will provide a proactive approach to cybersecurity while also performing investigation of security incidents related to MTA operations related to Cyber Security.
Level 5
Provides more advanced analytical capability in several security domains.
Adds new components to a roadmap, documents them effectively, and directs the testing and implementation of changes.
When provided with an objective to improve security in their security domain(s) and related technology, develops and implements action plans needed to effect the change.
Researches new technologies/products and their impact on the infrastructure, prepares a preliminary evaluation of technologies/products and associated costs, and develops and presents recommendations to support anticipated future business needs.
Receives security and performance data and analyzes the baselines and efficacy of installed technologies. Proposes and implements any required changes, including identifying and planning for any resulting impacts on other technologies to optimize system availability and continuity.
Provides ongoing support and troubleshooting for incidents, correlations and reporting to more junior analysts to resolve immediate security threats and/or customer needs.
Provides technical leadership to project teams in their area of expertise and/or leads teams to complete projects specific to their area(s) of expertise to maximize and share learning.
Provides guidance and technical coaching to less experienced staff to support effective workflow and develop technical talent.
Performs other duties and tasks as assigned.
Observing the work performed by the contractor.
Reviewing invoices and approving them if the work has contractual standards.
Addressing performance issues with the contractor when possible.
Escalating issues to other parties as needed.
Oversee rigorous quality assurance processes to deliver reliability, performance, safety objectives
Oversees staff workload and quality of work, addressing performance issues when needed.
Qualifications:
Education and experience:
Bachelor’s Degree and minimum 5 year of relevant experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.).
An equivalent combination of education and experience may be considered in lieu of a degree.
Must possess at least one of the following professional certifications in subject domain including but not limited to: Certified Information Security Professional (CISSP), or Global Information Assurance Certification (GIAC), or Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA), or other related certification(s)
Bachelor’s degree in Computer Science or related fields preferred.
Progressive cybersecurity related accomplishments.
Requires broad technical knowledge of multiple technologies, or an in-depth knowledge of one technology including its impact on other technologies.
Proven ability to analyze and/or conduct a security risk assessment.
Advanced understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.
Some scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.
Competencies:
Management Level
Proficiency Level
Standard Competencies
Level 5
Advanced
Communicates Effectively
Values Diversity
Collaborates
Adept
Tech Savvy Technical Skills
Cultivates Innovation
Customer Focus
Preferred Technical Skills:
Strong cybersecurity experience and a deep understanding of technology and cybersecurity domain principles.
Strong experience working specifically on securing OT/ICS systems.
Operational Technology (Thorough Knowledge/Fully Proficient)
PLC network protocols (Thorough Knowledge/Fully Proficient).
Expert ability to conduct and analyze a security risk assessment.
Proficient in monitoring network traffic of critical infrastructure to identify threats & vulnerabilities.
Proficient in Network Engineering/Architecture.
Demonstrated ability in implementing/solutioning cybersecurity tools/systems (firewalls, IAM, SIEM, etc.)
Experience in scripting or programming skills (PERL, Python, PowerShell, etc.).
Proficient in productivity tools (PowerPoint, Excel, Visio, etc.).
Experience in programming/securing PLC/HMI’s.
Familiarity with multiple ICS/SCADA equipment manufacturers, system platform architectures, PTC & HMI programming, and OT network communications protocols.
Industrial Control System (ICS) network segmentation design experience and familiarity with the Purdue Model / IEC-62443.
Soft Skills:
Strong team player with excellent communication and documentation skills.
Ambition to learn and willingness to improvise and compromise based on stakeholder/project resources and needs, project limitations, and stakeholder capabilities.
Demonstrated ability to work independently and navigate organizational ambiguity.
Excellent critical thinking, problem-solving, and decision-making skills.
Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.
GENERAL:
May need to work outside of normal work hours (i.e., evenings and weekends)
Travel may be required to other MTA locations or other external sites
Pursuant to the New York State Public Officers Law & the MTA Code of Ethics, all employees who hold a policymaking position must file an Annual Statement of Financial Disclosure (FDS) with the NYS Commission on Ethics and Lobbying in Government (the “Commission”).
MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.
The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.
Job ID: 9642
Business Unit: MTA Headquarters
Location: New York, NY, United States
Regular/Temporary: Regular
Department: IT CISO
Date Posted: Nov 21, 2024
Description
JOB TITLE: Cybersecurity Engineer – Security Specialty OT (Level 5)
SALARY RANGE: $114,537 - $153,731
HAY POINTS: 551
DEPT/DIV: Information Technology / Cybersecurity
SUPERVISOR: Cybersecurity Manager, IT Cyber Security
LOCATION: Various/ 2 Broadway New York, NY 10004
HOURS OF WORK: 9:00 am - 5:30 pm (7.5 hours or as required)
APPLICATION DEADLINE: November 29, 2024
This position is eligible for telework which is currently two day per week. New hires are eligible to apply 30 days after their effective date of hire.
About us:
The MTA transportation network has very large systems and infrastructure for financial, business, automated train, transportation, power, and physical security. The MTA IT Department, is centrally responsible for providing a full range of Information and Operational Technology services to the MTA agencies and administrative units through its operating and support units.
The MTA IT Cybersecurity organization, is responsible for identifying, developing, implementing, and integrating cybersecurity-related processes internal and third-party supplier organizations to reduce the operational risks, reputational risks and financial risks. The organization also has robust cybersecurity operations functions designed to protect the MTA in real-time on a 7/24/365 basis.
Summary of Job
The purpose of this position is to provide technical expertise in managing and analyzing cybersecurity risks. Cybers ecurity Engineer will be responsible for design, building and maintaining infrastructure, applications technology to support a secure cybersecurity posture. These include systems that support cybersecurity directly and/or the business operations for Information and Operational Technology disciplines. Secure building and configuration of systems (applications, infrastructure, wireless, carrier systems, cloud, operational technology, IOT, etc.) from the outset reduces risk to MTA. Specialized and focused skillets in various technology domains assist with the overall risk reduction for the MTA. The configuration, hardening, guidance, response, and analysis of these systems aide in reduction and containment of Cyber Security risk. Risk assessments, data analytics tools, operational process reviews, and collaboration with security engineers, architects, developers, vendors, business units to constantly improve the overall security of the MTA
Responsibilities
Researching emerging threats and vulnerabilities to aid in the identification of network incidents, and supports the creation of new architecture, policies, standards, and guidance to address them
Knowledge and practical implementation of secure system configuration and hardening standards
Design, configure and integrated secure solutions in the technology domains assigned
Provide incident response support, including mitigating actions to contain activity and facilitating forensics analysis, system hardening and recovery when necessary
Provides installation, system configuration, hardening and optimization for infrastructure, application, and security components and systems such as servers, workstations, mobile devices, directory services, operating systems, middleware, IOT, web and next generation firewalls, machine and human behavior learning tools, host-based security system, security event and incident monitoring systems, virtual, physical, and cloud platforms.
Identifies configuration gaps independently and/or with vendors to reduce cybersecurity risks
Reviews alerts and data from sensors and documents formal, technical incident reports
Tests new systems and manage cybersecurity risks and remediation system testing, baseline, and best practices
Responds to computer security incidents according to the computer security incident response policy and procedures
Provides technical guidance to first responders for handling information security incidents
Provides timely and relevant updates to appropriate stakeholders and decision makers
Communicates investigation findings to relevant business units to help improve the information security posture
Validates and maintains incident response plans and processes to address potential threats
Compiles and analyzes data for management reporting and metrics
Monitors relevant information sources to stay up to date on current attacks and trends
Analyzes potential impact of new threats and communicates risks back to detection analyst, architect, technology SME, and management functions
Performs root-cause analysis to document findings, and participate in root-cause elimination activities as required
Uses judgment to form conclusions that may challenge conventional wisdom
Hypothesizes new threats and indicators of compromise
Monitors threat intelligence feeds to identify a range of threats, including indicators of compromise and advanced persistent threats (APTs)
Identifies the tactics, techniques and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks.
Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate
The role will provide a proactive approach to cybersecurity while also performing investigation of security incidents related to MTA operations related to Cyber Security.
Level 5
Provides more advanced analytical capability in several security domains.
Adds new components to a roadmap, documents them effectively, and directs the testing and implementation of changes.
When provided with an objective to improve security in their security domain(s) and related technology, develops and implements action plans needed to effect the change.
Researches new technologies/products and their impact on the infrastructure, prepares a preliminary evaluation of technologies/products and associated costs, and develops and presents recommendations to support anticipated future business needs.
Receives security and performance data and analyzes the baselines and efficacy of installed technologies. Proposes and implements any required changes, including identifying and planning for any resulting impacts on other technologies to optimize system availability and continuity.
Provides ongoing support and troubleshooting for incidents, correlations and reporting to more junior analysts to resolve immediate security threats and/or customer needs.
Provides technical leadership to project teams in their area of expertise and/or leads teams to complete projects specific to their area(s) of expertise to maximize and share learning.
Provides guidance and technical coaching to less experienced staff to support effective workflow and develop technical talent.
Performs other duties and tasks as assigned.
Observing the work performed by the contractor.
Reviewing invoices and approving them if the work has contractual standards.
Addressing performance issues with the contractor when possible.
Escalating issues to other parties as needed.
Oversee rigorous quality assurance processes to deliver reliability, performance, safety objectives
Oversees staff workload and quality of work, addressing performance issues when needed.
Qualifications:
Education and experience:
Bachelor’s Degree and minimum 5 year of relevant experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.).
An equivalent combination of education and experience may be considered in lieu of a degree.
Must possess at least one of the following professional certifications in subject domain including but not limited to: Certified Information Security Professional (CISSP), or Global Information Assurance Certification (GIAC), or Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA), or other related certification(s)
Bachelor’s degree in Computer Science or related fields preferred.
Progressive cybersecurity related accomplishments.
Requires broad technical knowledge of multiple technologies, or an in-depth knowledge of one technology including its impact on other technologies.
Proven ability to analyze and/or conduct a security risk assessment.
Advanced understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.
Some scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.
Competencies:
Management Level
Proficiency Level
Standard Competencies
Level 5
Advanced
Communicates Effectively
Values Diversity
Collaborates
Adept
Tech Savvy Technical Skills
Cultivates Innovation
Customer Focus
Preferred Technical Skills:
Strong cybersecurity experience and a deep understanding of technology and cybersecurity domain principles.
Strong experience working specifically on securing OT/ICS systems.
Operational Technology (Thorough Knowledge/Fully Proficient)
PLC network protocols (Thorough Knowledge/Fully Proficient).
Expert ability to conduct and analyze a security risk assessment.
Proficient in monitoring network traffic of critical infrastructure to identify threats & vulnerabilities.
Proficient in Network Engineering/Architecture.
Demonstrated ability in implementing/solutioning cybersecurity tools/systems (firewalls, IAM, SIEM, etc.)
Experience in scripting or programming skills (PERL, Python, PowerShell, etc.).
Proficient in productivity tools (PowerPoint, Excel, Visio, etc.).
Experience in programming/securing PLC/HMI’s.
Familiarity with multiple ICS/SCADA equipment manufacturers, system platform architectures, PTC & HMI programming, and OT network communications protocols.
Industrial Control System (ICS) network segmentation design experience and familiarity with the Purdue Model / IEC-62443.
Soft Skills:
Strong team player with excellent communication and documentation skills.
Ambition to learn and willingness to improvise and compromise based on stakeholder/project resources and needs, project limitations, and stakeholder capabilities.
Demonstrated ability to work independently and navigate organizational ambiguity.
Excellent critical thinking, problem-solving, and decision-making skills.
Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.
GENERAL:
May need to work outside of normal work hours (i.e., evenings and weekends)
Travel may be required to other MTA locations or other external sites
Pursuant to the New York State Public Officers Law & the MTA Code of Ethics, all employees who hold a policymaking position must file an Annual Statement of Financial Disclosure (FDS) with the NYS Commission on Ethics and Lobbying in Government (the “Commission”).
MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.
The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.