SCADA/ICS Security Specialist Level 1-5

Job Information

• Assist in the analysis of MTA Agencies Supervisory Control and Data Acquisition / Industrial Control System (SCADA/ICS) to coordinate the efforts in the preparation of and response to cyber incidents that may significantly impact the critical infrastructure of the MTA and constituent agencies.
• Assist in the identification of all agency SCADA/ICS critical infrastructure on a risk-based approach to where cyber security incident could reasonably result in a catastrophic effect on the MTA and the public.
• Assist in the analysis of a threat and vulnerability assessment, identify the mitigation impact of cyber security framework with associated security measures or controls on business confidentially, availability to protect MTA from unauthorized access ensuring MTA assets are protected.
• Maintain a cybersecurity framework to provide a prioritized, flexible performance based assessment, risk mitigation and cost effective approach, including information security measures and controls to assist Industrial Control Systems and (SCADA/ICS) owners to identify, assess and manage cyber security.
• Analyze and maintain a process to coordinate improvements to the cyber security of critical infrastructure in a collaborative process with critical infrastructure owners to determine if current cyber security requirements are sufficient given current and projected risks.
• Assist in conducting the incident response planning and implementation as well as the investigation and monitoring of security breaches, Internet/Intranet security intrusion assessment while assisting with investigative and legal matters associated with such breaches as necessary as required by NYS, APTA and Executive Order
• Maintain on-going communication with all MTA-IT Directors, Managers, business units, agency stakeholders and security staff to provide vital input for the planning of new SCADA/ICS applications, hardware, and rolling stock in support of the MTA operating system strategy to ensure future SCADA/ICS assets are protected.

• Analyze MTA Agencies Supervisory Control and Data Acquisition / Industrial Control System (SCADA/ICS) to coordinate the efforts in the preparation of and response to cyber incidents that may significantly impact the critical infrastructure of the MTA and constituent agencies.
• Identify all agency SCADA/ICS critical infrastructure on a risk-based approach to where cyber security incident could reasonably result in a catastrophic effect on the MTA and the public.
• Knowledge of various transportation ICS/SCADA technologies is highly desirable.
• Analyze, manage a threat and vulnerability assessment, identify the mitigation impact of cyber security framework with associated security measures or controls on business confidentially, availability to protect MTA from unauthorized access ensuring MTA assets are protected.
• Develop and coordinate the MTA-IT SCADA/ICS preparedness, in a standardized coordinated approach through the agencies critical SCADA/ICS systems as directed by NYS, FRA, APTA, etc. cyber security procedures escalation, funding and resources to develop uniformity by agencies on cyber security preparedness and incident response.
  Level 3
  Same as Level 2 with the following additional responsibilities:
• Demonstrated ability to work with the stakeholders and the technical team to manage short or long term ICS/SCADA project is required.
• Provide and update senior management analysis of MTA SCADA/ICS portfolio current risk based methodologies for security assessments and recommend security solutions for SCADA/ICS systems.
• Analyze, manage a threat and vulnerability assessment, identify the mitigation impact of cyber security framework with associated security measures or controls on business confidentially, availability to protect MTA from unauthorized access ensuring MTA assets are protected.
• Assist and conduct the incident response planning and implementation as well as the investigation and monitoring of security breaches, Internet/Intranet security intrusion assessment while assisting with investigative and legal matters associated with such breaches as necessary as required by NYS, APTA and Executive Order.
  Level 4
  Same as Level 3 with the following additional responsibilities:
• Maintain a cybersecurity framework to provide a prioritized, flexible performance-based assessment, risk mitigation and cost effective approach, including information security measures and controls to assist Industrial Control Systems and (SCADA/ICS) owners to identify, assess and manage cyber security.
• Analyze and maintain a process to coordinate improvements to the cyber security of critical infrastructure in a collaborative process with critical infrastructure owners to determine if current cyber security requirements are sufficient given current and projected risks.
• Work with senior staff and SCADA/ICS owners to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology. Maintain internal and external relationships including other related government agencies to disseminate critical SCADA/ICS information to operating agencies.
• Maintain on-going communication with all MTA-IT Directors, Managers, business units, agency stakeholders and security staff to provide vital input for the planning of new SCADA/ICS applications, hardware, and rolling stock in support of the MTA operating system strategy to ensure future SCADA/ICS assets are protected.
  Level 5
  Same as level 4 with the following additional responsibilities:
• Develop incident response procedure for security breaches in the transportation systems.
• Technical knowhow to integrate various ICS/SCADA systems into the existing detection and prevention systems.
• Provide and update senior management analysis of MTA SCADA/ICS portfolio current risk based methodologies for security assessments and recommend security solutions for SCADA/ICS systems.
• Analyze, manage a threat and vulnerability assessment, identify the mitigation impact of cyber security framework with associated security measures or controls on business confidentially, availability to protect MTA from unauthorized access ensuring MTA assets are protected.

• Good troubleshooting and problem-solving skills.
• Strong technical and analytical abilities.
• Strong oral and written communications skills.
• Well-organized and highly motivated.
• Must be able to move and lift up to 25 lbs. of equipment such as monitors, keyboards, CPU's, laptops, firewalls, etc.
• Must possess a valid driver's license.
• The incumbent in the position is required to be "on call" in the 24-hour, 365-day operating environment to ensure the availability and delivery of technology services in support of MTA corporate business goals and objectives.
  Level 2
  Same as level 1 with the following additional qualifications:

• Knowledge of Industrial control protocols and systems

• Good leadership skills
• Project Management experience
  Level 4
  Same as level 3 with the following additional qualifications:

• Knowledge of industry best practices
• Proficiency in risk assessment methodologies
  Level 5
  Same as level 4 with the following additional qualifications:

• Strong leadership skills.
• Strong troubleshooting and problem-solving skills.
• Strong ability to motivate and develop personnel.
• Represent the SCADA/ICS Manager in their absence.
• Experience interacting with all levels of the organization.

• Ability to lead highly technical personnel.

• Project Management and security certifications are a plus
• Expertise in risk assessment and mitigation methodologies is preferred