Vacancy expired!
Job Information
Job Title: SCADA/ICS Security Specialist (Operations Technology) - Levels 2-5 Salary Range: Level 2 Min: $66,593 Mid:$88,791 Level 3: Min: $71,729 Mid: $95,639 Level 4: Min: $75,984 Mid: $101,312 Level 5: Min: $83,321 Mid: $111,095 Level 2 - 323 Points: Level 3 - 393 Level 4 - 451 Level 5 - 551 Dept/Div: IT/ Office of Cyber Security Services Supervisor: Director Office of IT Security ICS Location: 2 Broadway and other locations as required Hours of Work: 9:00 AM - 5:30 PM (7.5 hours/day) or as required Application Deadline: Posted Until Filled Summary The SCADA/ICS Security Specialist (Operations Technology) is responsible for identifying risks to the critical infrastructure of the MTA to protect against cyber threats from foreign state, hackers and internal sources. This position will actively work and coordinate with Operations Technology agency staff to integrate cybersecurity tools to identify, protect, detect, respond and recover from cybersecurity events. Additionally, the person is responsible for remediating the risks to the systems. his position will also assist in supporting tests of security controls to gauge their effectiveness and collaborating with the MTA Operating departments to determine the real and active threats. This position will integrate various ICS/SCADA systems to corporate security detection and prevention systems and will develop incident response procedure in case of a breach. Knowledge of various transportation ICS/SCADA assessment technologies and standards are a must. Responsibilities Level 2- Analyze MTA Agencies Supervisory Control and Data Acquisition / Industrial Control System (SCADA/ICS) to coordinate the efforts in the preparation of and response to cyber incidents that may significantly impact the critical infrastructure of the MTA and constituent agencies.
- Identify all agency SCADA/ICS critical infrastructure on a risk-based approach to where cyber security incident could reasonably result in a catastrophic effect on the MTA and the public.
- Knowledge of various transportation ICS/SCADA technologies is highly desirable.
- Analyze, manage a threat and vulnerability assessment, identify the mitigation impact of cyber security framework with associated security measures or controls on business confidentially, availability to protect MTA from unauthorized access ensuring MTA assets are protected.
- Maintain a cybersecurity framework to provide a prioritized, flexible performance based assessment, risk mitigation and cost effective approach, including information security measures and controls to assist Industrial Control Systems and (SCADA/ICS) owners to identify, assess and manage cyber security.
- Analyze and maintain a process to coordinate improvements to the cyber security of critical infrastructure in a collaborative process with critical infrastructure owners to determine if current cyber security requirements are sufficient given current and projected risks.
- Develop and coordinate the MTA-IT SCADA/ICS preparedness, in a standardized coordinated approach through the agencies critical SCADA/ICS systems as directed by NYS, FRA, APTA, etc. cyber security procedures escalation, funding and resources to develop uniformity by agencies on cyber security preparedness and incident response.
- Assist and conduct the incident response planning and implementation as well as the investigation and monitoring of security breaches, Internet/Intranet security intrusion assessment while assisting with investigative and legal matters associated with such breaches as necessary as required by NYS, APTA and Executive Order
- Maintain on-going communication with all MTA-IT Directors, Managers, business units, agency stakeholders and security staff to provide vital input for the planning of new SCADA/ICS applications, hardware, and rolling stock in support of the MTA operating system strategy to ensure future SCADA/ICS assets are protected.
- Candidate must be available 24/7/365.
- Demonstrated ability to work and partner with the stakeholders and the technical team to manage short- or long-term ICS/SCADA projects is required.
- Analyze security and monitor data collected including event logs and asset inventory from various cybersecurity tools and support the development of OT use cases.
- Provide and update senior management analysis of MTA Opertations Technology portfolio current risk-based methodologies for security assessments and recommend security solutions for SCADA/ICS systems.
- Analyze, manage a threat and vulnerability assessment, identify the mitigation impact of cyber security framework with associated security measures or controls on business confidentially, availability to protect MTA from unauthorized access ensuring MTA assets are protected.
- Work with senior staff and SCADA/ICS owners to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology. Maintain internal and external relationships including other related government agencies to disseminate critical SCADA/ICS information to operating agencies.
- Develop incident response procedure for security breaches in the transportation systems.
- Technical knowhow to integrate various ICS/SCADA systems into the existing detection and prevention systems.
- Good troubleshooting and problem solving skills.
- Strong technical and analytical abilities.
- Strong oral and written communication skills.
- Well-organized and highly motivated.
- Knowledge of Industrial control protocols and systems
- Must be able to move and lift up to 25 lbs. of equipment such as monitors, keyboards, CPU's, laptops, firewalls, etc.
- Must possess a valid driver's license.
- Good leadership skills.
- Good troubleshooting and problem-solving skills.
- Level 4
- Proficiency in risk assessment methodologies
- Strong leadership skills.
- Strong troubleshooting and problem-solving skills.
- Strong ability to motivate and develop personnel.
- Represent the SCADA/ICS Manager in their absence.
- Experience interacting with all levels of the organization.
- Ability to lead highly technical personnel.
- Knowledge of industry best practices.
- Expertise in risk assessment and mitigation methodologies is preferred
Vacancy expired!