Cybersecurity Analyst SOC Levels 3-5
Metropolitan Transportation Authority, New York, NY, United States
Cybersecurity Analyst – SOC Levels 3 - 5
SALARY RANGE:
Level 3: $98,807 - $130,862
Level 4: $105,843 - $143,948
Level 5: $117,973 - $158,343
DEPT/DIV:
Information Technology
SUPERVISOR:
Cyber Security Officer, Monitoring
LOCATION :
2 Broadway, New York, NY 10004
HOURS OF WORK:
12:00 am – 8:30 am (7.5hours/day)
8:00 am – 4:30 pm (7.5hours/day)
3:30 pm – 12:00 am (7.5hours/day)
This position is eligible for teleworking, which is currently 2 days per week. New hires are eligible to apply 30 days after their effective date of hire.
Summary
The purpose of this position is to provide critical technical expertise in the detection, analysis, and response to cybersecurity events. Cybersecurity Analyst will be responsible for early and accurate detection, prevention, response, containment, and guidance to remediation of threats directed against the MTA on a 24/7 basis. The analysis is conducted through technology risk assessments, data analytics tools, business processes reviews, and collaboration with security engineers, architects, developers, vendors, and business units to constantly improve the overall security of the MTA. The cybersecurity analyst will focus on specific domains and specialties within cybersecurity with a great degree of specialization to detect, protect, and advise the organization proactively and reactively. Responsibilities
Researching emerging threats and vulnerabilities to aid in the identification of network incidents, and supports the creation of new architecture, policies, standards, and guidance to address them Provide incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary Conducts security monitoring and intrusion detection analysis using various technologies and analytic tools, such as web and next-generation firewalls, machine and human behavior learning tools, host-based security systems, security event and incident monitoring systems, virtual, physical, and cloud platforms, user endpoint (laptop, desktop, mobile, and internet of things/IOT) systems, etc. Correlates events and activities across systems to identify trends of unauthorized use Reviews alerts and data from sensors and documents formal, technical incident reports Test new systems and manage cybersecurity risks and remediation through analysis Responds to computer security incidents according to the computer security incident response policy and procedures Provides technical guidance to first responders for handling information security incidents Provides timely and relevant updates to appropriate stakeholders and decision makers Communicates investigation findings to relevant business units to help improve the information security posture Validates and maintains incident response plans and processes to address potential threats Compiles and analyzes data for management reporting and metrics Monitors relevant information sources to stay up to date on current attacks and trends Analyzes potential impact of new threats and communicates risks back to detection engineering functions Performs root-cause analysis to document findings and participate in root-cause elimination activities as required Works with data sets to identify patterns Understands data automation and analysis techniques Uses judgment to form conclusions that may challenge conventional wisdom Hypothesizes new threats and indicators of compromise Monitors threat intelligence feeds to identify a range of threats, including indicators of compromise and advanced persistent threats (APTs) Identifies the tactics, techniques, and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate. Perform Contract management and supply management functions to reduce security risks Required Qualifications
Ability to perform analysis and remediation actions on threats from various attack vectors such as malware, viruses, ransomware, phishing, SQL Injection, compromised credentials, DDOS, etc. Ability to provide incident response support Ability to mitigate actions to contain activity Ability to facilitate forensic analysis Education & Experience
Level 3
Bachelor’s Degree and minimum 1 year of relevant experience. An equivalent combination of education and experience may be considered in lieu of a degree. Bachelor’s degree in Computer Science or related fields preferred. CISSP or other advanced security-related certification preferred but not required. Certifications in technology subdomains preferred but not required ( i.e., Cloud, Applications, Infrastructure, Security Technology, etc.) Requires prior experience with installing, maintaining, and troubleshooting technology systems. Proven ability to troubleshoot and support technical issues using standardized procedures. Proven ability to analyze a security risk assessment or conduct one with guidance Understanding of Operating Systems and Hardware Understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7). Scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed. 1 year of experience in a specific (Cloud, Applications, Infrastructure, Security Technology, etc.) cybersecurity subdomain is preferred Proficiency Level
Level 3
Adept Values Diversity Capable Customer Focus Communicates Effectively Tech Savvy Technical Skills Level 4
Bachelor’s Degree and a minimum of 3 years of relevant experience. An equivalent combination of education and experience may be considered in lieu of a degree. 3+ years of relevant experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.). Prefer at least one certification in the current platform/domain/technical skills Bachelor’s degree in Computer Science or related fields preferred. Current CISSP or other advanced security-related certification preferred but not required. Certifications in technology subdomains preferred but not required (i.e., Cloud, Applications, Infrastructure, Security Technology, etc.) Proven ability to independently evaluate and resolve most problems within an area of infrastructure, applications within a security domain context. Proven ability to analyze and/or conduct a security risk assessment Understanding of Operating Systems and Hardware Advanced understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7). Scripting or programming skills (PERL, Python, PowerShell, etc.). Proficiency Level
Level 4
Adept Communicates Effectively Values Diversity Capable Customer Focus Tech Savvy Technical Skills Level 5
Bachelor’s degree required. An equivalent combination of education and experience may be considered in lieu of a degree. 5+ years of relevant experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.) Must possess at least one of the following professional certifications in subject domain including but not limited to: Certified Information Security Professional (CISSP), or Global Information Assurance Certification (GIAC), or Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA), or other related certification(s) Bachelor’s degree in Computer Science or related fields preferred. Progressive cybersecurity related accomplishments Requires broad technical knowledge of multiple technologies, or an in-depth knowledge of one technology, including its impact on other technologies. Proven ability to analyze and/or conduct a security risk assessment Understanding of Operating Systems and Hardware Advanced understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7). Scripting or programming skills (PERL, Python, PowerShell, etc.) as needed Proficiency Level
Level 5
Advanced Communicates Effectively Values Diversity Adept Tech Savvy Technical Skills Customer Focus General
May need to work outside of normal work hours (i.e., evenings and weekends) Travel may be required to other MTA locations or other external sites Other Information
MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities. The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.
#J-18808-Ljbffr
The purpose of this position is to provide critical technical expertise in the detection, analysis, and response to cybersecurity events. Cybersecurity Analyst will be responsible for early and accurate detection, prevention, response, containment, and guidance to remediation of threats directed against the MTA on a 24/7 basis. The analysis is conducted through technology risk assessments, data analytics tools, business processes reviews, and collaboration with security engineers, architects, developers, vendors, and business units to constantly improve the overall security of the MTA. The cybersecurity analyst will focus on specific domains and specialties within cybersecurity with a great degree of specialization to detect, protect, and advise the organization proactively and reactively. Responsibilities
Researching emerging threats and vulnerabilities to aid in the identification of network incidents, and supports the creation of new architecture, policies, standards, and guidance to address them Provide incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary Conducts security monitoring and intrusion detection analysis using various technologies and analytic tools, such as web and next-generation firewalls, machine and human behavior learning tools, host-based security systems, security event and incident monitoring systems, virtual, physical, and cloud platforms, user endpoint (laptop, desktop, mobile, and internet of things/IOT) systems, etc. Correlates events and activities across systems to identify trends of unauthorized use Reviews alerts and data from sensors and documents formal, technical incident reports Test new systems and manage cybersecurity risks and remediation through analysis Responds to computer security incidents according to the computer security incident response policy and procedures Provides technical guidance to first responders for handling information security incidents Provides timely and relevant updates to appropriate stakeholders and decision makers Communicates investigation findings to relevant business units to help improve the information security posture Validates and maintains incident response plans and processes to address potential threats Compiles and analyzes data for management reporting and metrics Monitors relevant information sources to stay up to date on current attacks and trends Analyzes potential impact of new threats and communicates risks back to detection engineering functions Performs root-cause analysis to document findings and participate in root-cause elimination activities as required Works with data sets to identify patterns Understands data automation and analysis techniques Uses judgment to form conclusions that may challenge conventional wisdom Hypothesizes new threats and indicators of compromise Monitors threat intelligence feeds to identify a range of threats, including indicators of compromise and advanced persistent threats (APTs) Identifies the tactics, techniques, and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate. Perform Contract management and supply management functions to reduce security risks Required Qualifications
Ability to perform analysis and remediation actions on threats from various attack vectors such as malware, viruses, ransomware, phishing, SQL Injection, compromised credentials, DDOS, etc. Ability to provide incident response support Ability to mitigate actions to contain activity Ability to facilitate forensic analysis Education & Experience
Level 3
Bachelor’s Degree and minimum 1 year of relevant experience. An equivalent combination of education and experience may be considered in lieu of a degree. Bachelor’s degree in Computer Science or related fields preferred. CISSP or other advanced security-related certification preferred but not required. Certifications in technology subdomains preferred but not required ( i.e., Cloud, Applications, Infrastructure, Security Technology, etc.) Requires prior experience with installing, maintaining, and troubleshooting technology systems. Proven ability to troubleshoot and support technical issues using standardized procedures. Proven ability to analyze a security risk assessment or conduct one with guidance Understanding of Operating Systems and Hardware Understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7). Scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed. 1 year of experience in a specific (Cloud, Applications, Infrastructure, Security Technology, etc.) cybersecurity subdomain is preferred Proficiency Level
Level 3
Adept Values Diversity Capable Customer Focus Communicates Effectively Tech Savvy Technical Skills Level 4
Bachelor’s Degree and a minimum of 3 years of relevant experience. An equivalent combination of education and experience may be considered in lieu of a degree. 3+ years of relevant experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.). Prefer at least one certification in the current platform/domain/technical skills Bachelor’s degree in Computer Science or related fields preferred. Current CISSP or other advanced security-related certification preferred but not required. Certifications in technology subdomains preferred but not required (i.e., Cloud, Applications, Infrastructure, Security Technology, etc.) Proven ability to independently evaluate and resolve most problems within an area of infrastructure, applications within a security domain context. Proven ability to analyze and/or conduct a security risk assessment Understanding of Operating Systems and Hardware Advanced understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7). Scripting or programming skills (PERL, Python, PowerShell, etc.). Proficiency Level
Level 4
Adept Communicates Effectively Values Diversity Capable Customer Focus Tech Savvy Technical Skills Level 5
Bachelor’s degree required. An equivalent combination of education and experience may be considered in lieu of a degree. 5+ years of relevant experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.) Must possess at least one of the following professional certifications in subject domain including but not limited to: Certified Information Security Professional (CISSP), or Global Information Assurance Certification (GIAC), or Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA), or other related certification(s) Bachelor’s degree in Computer Science or related fields preferred. Progressive cybersecurity related accomplishments Requires broad technical knowledge of multiple technologies, or an in-depth knowledge of one technology, including its impact on other technologies. Proven ability to analyze and/or conduct a security risk assessment Understanding of Operating Systems and Hardware Advanced understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7). Scripting or programming skills (PERL, Python, PowerShell, etc.) as needed Proficiency Level
Level 5
Advanced Communicates Effectively Values Diversity Adept Tech Savvy Technical Skills Customer Focus General
May need to work outside of normal work hours (i.e., evenings and weekends) Travel may be required to other MTA locations or other external sites Other Information
MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities. The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.
#J-18808-Ljbffr