Metropolitan Transportation Authority
Job Location : Manhattan,NY, USA
Posted on : 2022-09-29T04:27:36Z
Job Description :
Job InformationJob Title: Security Specialist, Levels 3-5Salary Range: Level 3 Min: $74,597 Mid: $99,463.00 Max: $124,329 Level 4 Min: $79,023 Mid: $105,364 Max: $131,705 Level 5 Min: $86,653 Mid: $115,537.50 Max: $144,422HAT Points: Level 3 393 Level 4 451 Level 5 551Dept/Div: MTA IT/ Office of IT Cyber Security ServicesSupervisor: Lead IT Threat IntelligenceLocation: 2 Broadway, New York, NY 10004Hours of Work: 8:30 AM - 5:00 PM (7.5 hours) or as requiredDeadline: Open Until FilledIn order to protect our employees and continue to provide safe and reliable service to our communities, as of November 14, 2021 we are requiring all new MTA hires to be fully vaccinated against COVID-19 prior to their start date. MTA will consider exceptions for religious and medical reasons, where appropriate. Fully vaccinated means you must have both doses of a 2-dose vaccine and two weeks have elapsed since the second dose, or have received 1 dose of a 1-dose vaccine and two weeks have elapsed since the dose. Proof of your vaccination status in the form of a CDC vaccine card must be submitted prior to your start date.SummaryWith the heightened focus of cybersecurity across all Industries including the Transportation Sector, it is paramount for the MTA to possess the capability of preventing, detecting, responding, and mitigating cyber security breaches and incidents in a short amount of time. Securing the MTA s employee and customer PII, financial information, enterprise network, intellectual property, transportation assets, and safeguarding public is a top priority. This job is accountable for providing both strategic and tactical support for cyber security incident response and investigation activities related to the Cyber Security Operation Center (CSOC). This position is a highly skilled technical position which requires an individual with up-to-date expert cyber security knowledge of Enterprise Networks, Applications, Endpoints, Cloud assets, and Security infrastructure. Individual should possess advance knowledge of software development, coding and scripting languages, network communications, AV/EDR, internet security systems, SIEM, Firewalls, Intrusion Protection Systems, Remote Access VPN, Proxy, Wireless Security, NAC, Enterprise ID Management systems, Databases, computer systems, Operating systems, Programming, Active Directory, Office365, Cloud Computing, security event analysis and forensic investigation techniques. Candidate should have industry standard security information on current trends, and evolving security of vendor products utilized in enterprise security.Utilizing this experience, this position will assist MTA Management with efficiently maintaining and contributing to the IT Threat Intelligence catalog within the MTA-IT CSOC. More specifically, this position is part of the team charged with (including but not limited to) performing digital forensic investigations, processing and contributing threat intelligence products, properly handling evidence and forensic artifacts, supporting internal and external investigative units including law enforcement, maintaining cyber incident response plans, developing effective countermeasures, and organizing and running cyber security table top exercises. This position will also operate in conjunction with the Cyber Security Monitoring team to provide cyber security threat landscape & vulnerability awareness to CSOC management with respect to current infrastructure security events, reporting, investigation monitoring, and day to day security operations.ResponsibilitiesLevel 3:Perform computer and network forensic examinations and investigations regarding all types of digital media including, but not limited to, computers, cameras, cell phones, flash or thumb drives, and networking devices using proprietary methodologies and cutting-edge forensic tools.Obtain / collect malware samples during cyber forensic investigations, perform reverse engineering and decipher the underlying programing code using in house and open source tools.Review and analyze escalated CSOC level 1 (MSSP) and 2 monitoring team (or other sources) identified cyber incidents and eventsPerform IR tasks including validation artifacts, determine root cause, performing containment if needed, manage recovery by working with SMEs and Stake holders, document lessons learned and reporting to MTA ManagementDevelop countermeasures and security recommendations based on escalated eventsWork with partners, vendors, departments, and law enforcement agencies to maintain an understanding of security threats, vulnerabilities, and exploits that could impact MTA systems, networks, and assets.Work with IT staff, SMEs, Stake holders and other MTA business units (Agencies) to ensure awareness of security concerns, mitigation techniques and assist in following procedures or implementing controls as necessary.Ability to utilize all associated cyber security tools and services which includes but are not limited to Splunk, Crowd Strike EDR, Palo Alto, Zscaler Proxy, AD, Intelligence Sources for security Incident investigation.Assist and serve as backup to other staff members in supporting Cyber Security Operation Center 24x7x365Tracking and dissemination of Threat landscape news and intelligence and ensure MTA is not impactedParticipate in on-call after hours support, nights, weekends, and holidaysLevel 4:Same as Level 3 with the following additional responsibilities:Oversight of CSOC MSSP team, Stake Holders, and SMEs on vulnerability mitigation and work aroundsEnsure MTA security tools and log sources are in compliance with the MITRE ATT&CK FrameworkUtilize MTA logs in conjunction with the MITRE ATT&CK Framework for Threat HuntingOrganize and maintain Information Technology and Operation Technology (ICS-SCADA) Incident Response PlansPlan, organize, and facilitate all cyber security incident response tabletop exercises.Work with SMEs and Stake holders with follow-up actions on MTA Applications and SystemsLevel 5:Same as Level 3 and 4 with the following additional responsibilities:Coordinate and supervise all forensic investigations, ensure incident response plans are being followed and in compliance with TSA Mandates, NYS-ITS Policies & Procedures, and NIST FrameworkMaintain and enhance forensic infrastructure (hardware and software), processes and procedures, along with supporting documentation, based on industry best practices.Coordinate across MTA, including various departments and Cyber Security Operations Center, in operations and the revision of processes and technology.Research and develop evidence collection, protection, and analysis techniques for MTA owned and maintained hardware and software.Maintain and perform administration of all Threat Intelligence security tools and Intelligence sources, validate and provide access to all Security stake holdersLiaise with IT Security stake holders within other IT and OT groups on coordination of security improvements, and the implementation of new technologiesWork with partners, vendors, departments, and law enforcement agencies to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assets. Liaise with legal staff efficiently and effectively, provide evidence, and testify as required.Escalate complex issues to next level security support, vendors, integrators and report it to CSOC lead and organize, participate in and, if required, chair post incident reviews for presentation to the senior management.Responsible to provide 24x7x365 security operation support as it relates to all security technologies managed by Cyber Security Operation Center at MTA and assist, train, mentor and serve as backup to other staff members including union staff in supporting Cyber Security Operation Center.QualificationsLevel 3:Bachelor's degree in Computer Science, Information Services, or IT Security related field Or- A satisfactory equivalent with at least 3 years of Information Technology experience.3 - 4 years of experience Tier 1 & 2 support for cyber security operation center. Experienced with performing network security administration such as SIEM, firewalls, IPS, Proxy, VPN, Wireless Security, Anti-virus, EDR, NAC, security event correlation tools etc.A minimum of 2 years of experience with application security, data encryption, identity management, policy & procedure. Experience with Perform log correlation between security, network and application logs including troubleshooting and performing root cause analysis of complex IT solutions.Must possess a minimum of 2 years experience with security analysis and forensic investigation.Level 4:Bachelor's degree in Computer Science, Information Services, or IT Security related field Or- A satisfactory equivalent with at least 3 years of Information Technology experience.4 to 5 years of experience Tiers 1 & 2 support for cyber security operation center. Experienced with performing network security administration such as SIEM, firewalls, IPS, Proxy, VPN, Wireless Security, Anti-virus, EDR, NAC, security event correlation tools etc.A minimum of 3 years of experience with application security, data encryption, identity management, policy & procedure. Experience with Perform log correlation between security, network and application logs including troubleshooting and performing root cause analysis of complex IT solutions.Two or more years of demonstrated experience managing a high-performing, cohesive security response team preferred.Must possess a minimum of 4 years experience with security analysis and forensic investigation.Level 5:Bachelor s degree in Computer Science, Information Technology or related discipline OR equivalent experience with minimum of 5-6 years experience of Information Technology.Must possess a minimum of 4 years experience with security analysis and forensic investigation.5 to 6 years of experience Tiers 1 & 2 support for cyber security operation center. Experienced with performing network security administration such as SIEM, firewalls, IPS, Proxy, VPN, Wireless Security, Anti-virus, EDR, NAC, security event correlation tools, Protocol Analyzers, SourceFire, CrowdStrike, and open source tools etc.A minimum of 4 years of experience with application security, data encryption, identity management, policy & procedure. Experience with Perform log correlation between security, network and application logs including troubleshooting and performing root cause analysis of complex IT solutions.This position will require 24x7 on call availability and working various shifts.Other InformationAs an employee of MTA Headquarters, you may be required to complete an annual financial disclosure statement with the State of New York, if your position earns more than $101,379 (this figure is subject to change) per year or if the position is designated as a policy maker.How To ApplyQualified applicants can submit an online applicationEqual Employment OpportunityMTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.