Security Specialist Level 1-5- Palo Alto Admin

Job Information

• Provide first level security support for all IT related technical problems and services to ensure that all MTA application and systems availability targets are met .
• Assist with the implementation, administration, and monitoring of data security procedures on all computing platforms, ensuring appropriate documentation.
• Work with IT staff and customers to ensure awareness of security concerns, mitigation techniques and assist in following procedures or implementing controls as necessary.
• Assist in planning and coordinating security tasks and activities in support of IT related projects and initiatives.
• Provide support for the firewall and network security elements of a project or the implementation of any large-scale system.
• Identify security problems and recommend solutions for to management.
• Assist and serve as backup to other staff members in supporting Cyber Security Operation Center 24x7x365.

• Assist the forensic investigation team with on-going cyber security investigations.
• Provide Tier one and two security support to all MTA users.
• Maintain and coordinate compliance with PCI-DSS/PPSI Controls and risk assessment.

• Mentor and Assist Analyst 1 and 2 in proper investigation techniques of security incidents occurring in the perimeter/internal infrastructure utilizing security event analysis tools such as Splunk.
• Work with partners, vendors, departments, and law enforcement agencies to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assets.
• Knowledge of all associated Security tools which includes but are not limited to SIEM, Palo Alto, CrowdStrike IDS/IPS, DLP, Proxy, AD, Remote Access / VPN, Wireless etc.

• In depth knowledge of Enterprise Network/Security Infrastructure, Mentor and Assist Analyst 1 and 2 in proper investigation techniques of security incidents occurring in the perimeter/internal infrastructure utilizing security event analysis tools such as Splunk.
• Research and develop techniques for incident analysis, evidence collection and protection utilizing MTA owned and maintained hardware and software.

• Maintain security and networking devices and upgrade, as necessary.
• Provide support for other engineers on Palo Alto network equipment and application
• Understanding of routing, switching and security technologies
• A high-level Palo Alto expertise in design, configuration, migrations, tuning and customization of features.
• Understanding of Zones and virtual routers - ability to understand and troubleshoot routing issues
• knowledge of Panorama, Wildfire, and other Palo Alto features including but not limited to SSL decryption
• Lead the planning and coordination of security tasks and activities in support of IT related projects and initiatives.
• Assume complete ownership of the firewall and network security elements of a project or the implementation of any large-scale system.
• Maintain and enhance forensic infrastructure (hardware and software), processes and procedures, along with supporting documentation, based on industry best practices.
• Coordinate across MTA, including various departments and Cyber Security Operations Center, in operations and the revision of processes and technology.
• Research and develop evidence collection, protection, and analysis techniques for MTA owned and maintained hardware and software.
• Provide real time monitoring and alerting analytics and security incident investigation on perimeter/internal infrastructure and applications security events across the MTA Enterprise Environment.
• Examine malicious software (bots, worms, and Trojans) to understand the nature of the threats. Perform reverse engineering to examine how the program interacts with the environment and document the attack capabilities, understand the characteristics, and define signatures to detect malware.
• Work with partners, vendors, departments, and law enforcement agencies to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assets. Liaise with legal staff efficiently and effectively, provide evidence, and testify as required.
• Oversees and perform administration of all associated Security devices & tools which includes but are not limited to Palo Alto firewall, Remote Access / VPN, Wireless etc. for all MTA network 24x7x365 to make sure all MTA critical (PCI) and non-critical infrastructure and applications are secure.
• Escalate complex issues to next level security support and report it to CSOC lead and organize, participate in and, if required, chair post incident reviews for presentation to the senior management.
• Responsible to provide 24x7x365 security operation support as it relates to all security technologies managed by Cyber Security Operation Center at MTA and assist, train, mentor and serve as backup to other staff members including union staff in supporting Cyber Security Operation Center.

• Basic knowledge and familiarity with various components of an information security systems, including firewalls, authentication protocols, encryption software, remote access systems, and commercial off the shelf security products.
• Basic knowledge of analyzing, monitoring, investigating and troubleshooting methodologies appropriate to the implementation platform, e.g., servers, desktops, laptops, or mobile devices and various operating systems.
• Basic knowledge and familiarity with internet technologies and computer networking.
• Basic knowledge of troubleshooting and supporting technical issues both remotely and on-site using standard MTA tools and techniques.
• Ability to read and understand schematic diagrams, technical manuals and documentation such that supported equipment and software can be maintained with minimal training.
• Strong oral and written communications skills.
• Strong analytical skills.
• Strong people skills.
• Must be able to move and lift up to 25lbs of equipment such as monitors, keyboards, CPUs, laptops, firewalls, etc.
• Must possess a valid driver's license.

• Proven knowledge and familiarity with various components of information security systems, maintaining and troubleshooting security resources including, but not limited to Firewall software, Encryption software, remote access solutions, SIEM, Authentication and commercial off the shelf security software with the ability to support this software on servers, desktops, laptops, and mobile devices and various operating systems.
• Demonstrated knowledge of analyzing, monitoring and investigating various internet security technologies and computer networking.
• Strong critical thinking skills.
• Ability to troubleshoot and support technical issues both remotely and on-site using standard MTA tools and techniques.
• Knowledge of all associated Security tools which includes but are not limited to SIEM, Firewall, Antivirus, IDS/IPS, DLP, Proxy, AD, Remote Access / VPN, Wireless etc.
• Basic understanding of security Incident handling lifecycle

• Strong knowledge of and familiarity with various components of an information security system, including firewalls, authentication protocols, encryption software, remote access systems, and commercial-off-the-shelf security products. Knowledge of troubleshooting methodologies appropriate to the implementation platform, e.g., servers, desktops, laptops, or mobile devices.
• Strong knowledge of and familiarity with internet technologies and computer networking.
• Ability to investigate, troubleshoot and support technical issues both remotely and on-site using standard MTA tools and techniques.
• Ability to provide technical direction to staff members, and to guide new lower-level staff members that enter the security team.
• Ability to perform electronic data recovery and computer forensics efficiently utilizing industry standard tools.
• Ability to recommend and draft effective security policies and procedures.
• Ability to perform research and recommend solutions for security problems to management.

• Advanced knowledge of and familiarity with various components of an information security system, including firewalls, authentication protocols, encryption software, remote access systems, and commercial-off-the-shelf security products. Knowledge of troubleshooting methodologies appropriate to the implementation platform, e.g., servers, desktops, laptops, or mobile devices.
• Advanced knowledge of and familiarity with internet technologies and computer networking.
• Ability to perform research and recommend solutions for security problems to management.
• Ability to plan, design and engineer solutions and projects for the security team.
• Ability to perform project management tasks related to solutions and projects for the security team.

• Expert knowledge of and familiarity with various components of an information security system, including Palo Alto firewalls, Wireless, authentication protocols, encryption software, remote access systems, and commercial-off-the-shelf security products. Knowledge of troubleshooting methodologies appropriate to the implementation platform, e.g., servers, desktops, laptops, or mobile devices.
• Expert knowledge of and familiarity with internet technologies and computer networking
• Demonstrated ability to investigate, troubleshoot, lead and support technical issues both remotely and on-site using standard MTA tools and techniques.
• Demonstrated ability to read, understand and develop schematic diagrams, technical manuals and documentation such that supported equipment and software can be maintained with minimal training.
• Experience with forensic investigations of diverse platforms including Windows, Linux Android, OSX, etc.
• Knowledge of Domain structures, user authentication and authorization, encryption and networking
• Experience with escalation, notification, and after-action review processes for security incident management and recovery.
• An advanced degree and/or professional certification is desirable.
• Ability to reverse engineer binaries of various types
• Expert understanding of Microsoft Windows Internals
• Ability to analyze shell code
• Understanding of software exploits
• Ability to analyze packed and obfuscated code
• Capable of identifying host- and network-based indicators
• Experience mitigating anti-reverse engineering techniques
• Demonstrated leadership and people skills.
• Demonstrated ability to provide technical direction to other staff members.
• Demonstrated ability to recommend and draft security policies and procedures.
• Demonstrated ability to perform research and recommend solutions for security problems to management.
• Demonstrated ability to plan, design and engineer solutions and projects for the security team.
• Demonstrated ability to perform project management tasks related to solutions and projects for the security team.
• Demonstrated ability to be able to lead the planning and coordination of security tasks and activities within the security team.
• Demonstrated ability to perform all technical and non-technical tasks, such as procurement, while ensuring that security tasks are completed on time and within budget.
• Must demonstrate highly developed knowledge of current industry standard information security and market trends.
• Demonstrated ability to plan, present and apply complex technology solutions to solve critical business requirements effectively and efficiently.
• Proven experience working with senior level staff contributing to both short and long-term technology related planning strategies.

• Bachelor's degree in Computer Science, Information Services or IT Security related field or a related field from an accredited college or an equivalent combination of education from an accredited college and experience may be considered in lieu of a degree.
• Minimum of 1 years' experience installing, maintaining and supporting security technologies in an office environment.

• Bachelor's degree in Computer Science, Information Services or IT Security related field -Or- A satisfactory equivalent with at least 2 years of Information Technology experience.
• 1 - 2 years of experience Tier 1 & 2 support for cyber security operation center. Experienced with performing network security administration such as firewalls, IPS, Proxy, VPN, Wireless Security, NAC, security event correlation tools etc.
• 1 - 2 years of experience with application security, data encryption, identity management, policy & procedure. Experience with Perform log correlation between security, network and application logs including troubleshooting and performing root cause analysis of complex IT solutions.
• Must possess a minimum of 1 - 2 years' experience with security analysis and forensic investigation.

• Bachelor's degree in Computer Science, Information Services or IT Security related field -Or- A satisfactory equivalent with at least 3 years of Information Technology experience.
• 3 - 4 years of experience Tier 1 & 2 support for cyber security operation center. Experienced with performing network security administration such as firewalls, IPS, Proxy, VPN, Wireless Security, NAC, security event correlation tools etc.
• A minimum of 2 years of experience with application security, data encryption, identity management, policy & procedure. Experience with Perform log correlation between security, network and application logs including troubleshooting and performing root cause analysis of complex IT solutions.
• Must possess a minimum of 2 years' experience with security analysis and forensic investigation.

• Bachelor's degree in Computer Science, Information Services or IT Security related field -Or- A satisfactory equivalent with at least 3 years of Information Technology experience.
• 4 to 5 years of experience Tier 1 & 2 support for cyber security operation center. Experienced with performing network security administration such as firewalls, IPS, Proxy, VPN, Wireless Security, NAC, security event correlation tools etc.
• A minimum of 3 years of experience with application security, data encryption, identity management, policy & procedure. Experience with Perform log correlation between security, network and application logs including troubleshooting and performing root cause analysis of complex IT solutions.
• Two or more years of demonstrated experience managing a high-performing, cohesive security response team preferred.
• Must possess a minimum of 4 years' experience with security analysis and forensic investigation.

• Bachelor's degree in Computer Science, Information Technology or related discipline OR equivalent experience with minimum of 5-6 years' experience of Information Technology.
• Must possess a minimum of 4 years' experience with security analysis and forensic investigation.
• 5 to 6 years of experience Tiers 1 & 2 support for cyber security operation center. Experienced with performing network security administration such as Palo Alto firewalls, IPS, Proxy, VPN, Wireless Security, NAC, security event correlation tools, Protocol Analyzers, and open-source tools etc.
• A minimum of 4 years of experience with application security, data encryption, identity management, policy & procedure. Experience with Perform log correlation between security, network and application logs including troubleshooting and performing root cause analysis of complex IT solutions.
• This position will require 24x7 on call availability and working various shifts.