Job Details

ID #44769815
State New York
City New york city
Job type Permanent
Salary USD TBD TBD
Source MTA New York City Transit
Showed 2022-08-11
Date 2022-08-10
Deadline 2022-10-09
Category Et cetera
Create resume

Security Specialist Levels 3-5

New York, New york city, 10004 New york city USA

Vacancy expired!

Job Information

Job Title: Security Specialist, Levels 3-5

Salary Range: Level 3 - Min: $74,597 Mid: $99,463.00 Max: $124,329

Level 4 - Min: $79,023 Mid: $105,364 Max: $131,705

Level 5 - Min: $86,653 Mid: $115,537.50 Max: $144,422

HAT Points: Level 3 - 393

Level 4 - 451

Level 5 - 551

Dept/Div: MTA IT/ Office of IT Cyber Security Services

Supervisor: Lead IT Threat Intelligence

Location: 2 Broadway, New York, NY 10004

Hours of Work: 8 :30 AM - 5:00 PM (7.5 hours) or as required

Deadline: Open Until Filled

In order to protect our employees and continue to provide safe and reliable service to our communities, as of November 14, 2021 we are requiring all new MTA hires to be fully vaccinated against COVID-19 prior to their start date. MTA will consider exceptions for religious and medical reasons, where appropriate. "Fully vaccinated" means you must have both doses of a 2-dose vaccine and two weeks have elapsed since the second dose, or have received 1 dose of a 1-dose vaccine and two weeks have elapsed since the dose. Proof of your vaccination status in the form of a CDC vaccine card must be submitted prior to your start date.

Summary

With the heightened focus of cybersecurity across all Industries including the Transportation Sector, it is paramount for the MTA to possess the capability of preventing, detecting, responding, and mitigating cyber security breaches and incidents in a short amount of time. Securing the MTA's employee and customer PII, financial information, enterprise network, intellectual property, transportation assets, and safeguarding public is a top priority. This job is accountable for providing both strategic and tactical support for cyber security incident response and investigation activities related to the Cyber Security Operation Center (CSOC). This position is a highly skilled technical position which requires an individual with up-to-date expert cyber security knowledge of Enterprise Networks, Applications, Endpoints, Cloud assets, and Security infrastructure. Individual should possess advance knowledge of software development, coding and scripting languages, network communications, AV/EDR, internet security systems, SIEM, Firewalls, Intrusion Protection Systems, Remote Access VPN, Proxy, Wireless Security, NAC, Enterprise ID Management systems, Databases, computer systems, Operating systems, Programming, Active Directory, Office365, Cloud Computing, security event analysis and forensic investigation techniques. Candidate should have industry standard security information on current trends, and evolving security of vendor products utilized in enterprise security.

Utilizing this experience, this position will assist MTA Management with efficiently maintaining and contributing to the IT Threat Intelligence catalog within the MTA-IT CSOC. More specifically, this position is part of the team charged with (including but not limited to) performing digital forensic investigations, processing and contributing threat intelligence products, properly handling evidence and forensic artifacts, supporting internal and external investigative units including law enforcement, maintaining cyber incident response plans, developing effective countermeasures, and organizing and running cyber security table top exercises. This position will also operate in conjunction with the Cyber Security Monitoring team to provide cyber security threat landscape & vulnerability awareness to CSOC management with respect to current infrastructure security events, reporting, investigation monitoring, and day to day security operations.

Responsibilities

Level 3:
  • Perform computer and network forensic examinations and investigations regarding all types of digital media including, but not limited to, computers, cameras, cell phones, flash or thumb drives, and networking devices using proprietary methodologies and cutting-edge forensic tools.
  • Obtain / collect malware samples during cyber forensic investigations, perform reverse engineering and decipher the underlying programing code using in house and open source tools.
  • Review and analyze escalated CSOC level 1 (MSSP) and 2 monitoring team (or other sources) identified cyber incidents and events
  • Perform IR tasks including validation artifacts, determine root cause, performing containment if needed, manage recovery by working with SMEs and Stake holders, document lessons learned and reporting to MTA Management
  • Develop countermeasures and security recommendations based on escalated events
  • Work with partners, vendors, departments, and law enforcement agencies to maintain an understanding of security threats, vulnerabilities, and exploits that could impact MTA systems, networks, and assets.
  • Work with IT staff, SMEs, Stake holders and other MTA business units (Agencies) to ensure awareness of security concerns, mitigation techniques and assist in following procedures or implementing controls as necessary.
  • Ability to utilize all associated cyber security tools and services which includes but are not limited to Splunk, Crowd Strike EDR, Palo Alto, Zscaler Proxy, AD, Intelligence Sources for security Incident investigation.
  • Assist and serve as backup to other staff members in supporting Cyber Security Operation Center 24x7x365
  • Tracking and dissemination of Threat landscape news and intelligence and ensure MTA is not impacted
  • Participate in on-call after hours support, nights, weekends, and holidays

Level 4:

Same as Level 3 with the following additional responsibilities:
  • Oversight of CSOC MSSP team, Stake Holders, and SMEs on vulnerability mitigation and work arounds
  • Ensure MTA security tools and log sources are in compliance with the MITRE ATT&CK Framework
  • Utilize MTA logs in conjunction with the MITRE ATT&CK Framework for Threat Hunting
  • Organize and maintain Information Technology and Operation Technology (ICS-SCADA) Incident Response Plans
  • Plan, organize, and facilitate all cyber security incident response tabletop exercises.
    • Work with SMEs and Stake holders with follow-up actions on MTA Applications and Systems

Level 5:

Same as Level 3 and 4 with the following additional responsibilities:
  • Coordinate and supervise all forensic investigations, ensure incident response plans are being followed and in compliance with TSA Mandates, NYS-ITS Policies & Procedures, and NIST Framework
  • Maintain and enhance forensic infrastructure (hardware and software), processes and procedures, along with supporting documentation, based on industry best practices.
  • Coordinate across MTA, including various departments and Cyber Security Operations Center, in operations and the revision of processes and technology.
  • Research and develop evidence collection, protection, and analysis techniques for MTA owned and maintained hardware and software.
  • Maintain and perform administration of all Threat Intelligence security tools and Intelligence sources, validate and provide access to all Security stake holders
  • Liaise with IT Security stake holders within other IT and OT groups on coordination of security improvements, and the implementation of new technologies
  • Work with partners, vendors, departments, and law enforcement agencies to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assets. Liaise with legal staff efficiently and effectively, provide evidence, and testify as required.
  • Escalate complex issues to next level security support, vendors, integrators and report it to CSOC lead and organize, participate in and, if required, chair post incident reviews for presentation to the senior management.
  • Responsible to provide 24x7x365 security operation support as it relates to all security technologies managed by Cyber Security Operation Center at MTA and assist, train, mentor and serve as backup to other staff members including union staff in supporting Cyber Security Operation Center.
Qualifications

Level 3:
  • Bachelor's degree in Computer Science, Information Services, or IT Security related field -Or- A satisfactory equivalent with at least 3 years of Information Technology experience.
  • 3 - 4 years of experience Tier 1 & 2 support for cyber security operation center. Experienced with performing network security administration such as SIEM, firewalls, IPS, Proxy, VPN, Wireless Security, Anti-virus, EDR, NAC, security event correlation tools etc.
  • A minimum of 2 years of experience with application security, data encryption, identity management, policy & procedure. Experience with Perform log correlation between security, network and application logs including troubleshooting and performing root cause analysis of complex IT solutions.
  • Must possess a minimum of 2 years' experience with security analysis and forensic investigation.

Level 4:
  • Bachelor's degree in Computer Science, Information Services, or IT Security related field -Or- A satisfactory equivalent with at least 3 years of Information Technology experience.
  • 4 to 5 years of experience Tiers 1 & 2 support for cyber security operation center. Experienced with performing network security administration such as SIEM, firewalls, IPS, Proxy, VPN, Wireless Security, Anti-virus, EDR, NAC, security event correlation tools etc.
  • A minimum of 3 years of experience with application security, data encryption, identity management, policy & procedure. Experience with Perform log correlation between security, network and application logs including troubleshooting and performing root cause analysis of complex IT solutions.
  • Two or more years of demonstrated experience managing a high-performing, cohesive security response team preferred.
  • Must possess a minimum of 4 years' experience with security analysis and forensic investigation.

Level 5:
  • Bachelor's degree in Computer Science, Information Technology or related discipline OR equivalent experience with minimum of 5-6 years' experience of Information Technology.
  • Must possess a minimum of 4 years' experience with security analysis and forensic investigation.
  • 5 to 6 years of experience Tiers 1 & 2 support for cyber security operation center. Experienced with performing network security administration such as SIEM, firewalls, IPS, Proxy, VPN, Wireless Security, Anti-virus, EDR, NAC, security event correlation tools, Protocol Analyzers, SourceFire, CrowdStrike, and open source tools etc.
  • A minimum of 4 years of experience with application security, data encryption, identity management, policy & procedure. Experience with Perform log correlation between security, network and application logs including troubleshooting and performing root cause analysis of complex IT solutions.
  • This position will require 24x7 on call availability and working various shifts.
Other Information

As an employee of MTA Headquarters, you may be required to complete an annual financial disclosure statement with the State of New York, if your position earns more than $101,379 (this figure is subject to change) per year or if the position is designated as a policy maker.

How To Apply

Qualified applicants can submit an online application by clicking on the 'APPLY NOW' button from either the CAREERS page or from the JOB DESCRIPTION page.

If you have previously applied on line for other positions, enter your User Name and Password. If it is your first registration, click on the CLICK HERE TO REGISTER hyperlink and enter a User Name and Password; then click on the REGISTER button.

Equal Employment Opportunity

MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.

The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.

Vacancy expired!

Subscribe Report job