Senior Cybersecurity Analyst Critical Assets & Incident Response CERT

Description

Job Title: Senior Cybersecurity Analyst Critical Assets & Incident Response CERT
Salary Range: $130,245 - $153,731
Hay points: 551
Dept/Div: MTA Information Technology/ Office of IT Cyber Security
Supervisor: Manager Cybersecurity
Location: 2 Broadway, New York, NY 10004
Hours of Work: 9:00am-5:30pm (7.5 hours/day)

This position is eligible for telework. New Hires are eligible to apply 30 days after their effective date of hire.

About Us

The MTA transportation network has very large systems and infrastructure for financial, business, automated train, transportation, power, and physical security. The MTA IT Department is centrally responsible for providing a full range of Information and Operational Technology services to the MTA agencies and administrative units through its operating and support units. Services are provided on a 7/24/365 basis in support of the MTA organization and its ridership.

The MTA IT Cybersecurity organization, is responsible for identifying, developing, implementing, and integrating cybersecurity-related processes internal and third-party supplier organizations to reduce the operational risks, reputational risks and financial risks. The organization also has robust cybersecurity operations functions designed to protect the MTA in real-time on a 7/24/365 basis.

Summary of Job

This role provides critical technical expertise in managing and analyzing cybersecurity critical assets and incident response functions. The Cybersecurity Analyst will be responsible for all steps of the Incident Response lifecycle including preparation, detection, containment, eradication, recovery, and lessons learned. The cybersecurity analyst shall possess extensive knowledge and experience of host base as well as network forensics. This position also interfaces with the technologies, people, and processes which serve critical operational & public-facing services. This position is a Tier 3 SOC position and as such will include on-call responsibilities commensurate with Cybersecurity Incident Response functions. The cybersecurity analyst will need to recognize the unique challenges associated with securing business-critical technologies and recommending solutions for a highly complex and diverse 24/7 environment.

Responsibilities:

• Incident Response for a variety of systems including Windows, Linux, MAC, and custom operating systems.
• Responds to computer security incidents according to the computer security incident response policy and procedures.
• Incident response functions include mitigating actions to contain, remediate, and recover from cyber incident while minimizing operational impact as well as facilitate forensics analysis when necessary.
• Validates and maintains incident response plans and processes to address potential threats.
• Performs root-cause analysis to document findings and participate in root-cause elimination activities as required.
• Communicates investigation findings to relevant business units to help improve the information security posture.
• Identifies the tactics, techniques, and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks.
• Interface with Third Party Risk Management group where appropriate.
• Maintain Chain of Custody (CoC) requirements.
• Distinguish and prioritize escalations as false-positives or true-positives.
• Researching emerging threats and vulnerabilities to aid in the identification of network incidents, and supports the creation of new architecture, policies, standards, and guidance to address them.
• Develop technical incident reports summarizing notable investigative findings from relevant forensic artifact and logs.
• Provides timely and relevant updates to appropriate stakeholders and decision makers including technical and executive reports.
• Compiles and analyzes data for management reporting and metrics.
• Analyzes potential impact of new threats and communicates risks back to detection engineering functions.
• Uses judgment to form conclusions that may challenge conventional wisdom.
• Hypothesizes new threats and indicators of compromise.
• Monitors threat intelligence feeds to identify a range of threats, including indicators of compromise and advanced persistent threats (APTs)
• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.
• Assist in development and maintenance of incident response plans across different systems.
• Assist in development and delivery of table-top exercises.
• Travel may be required to other MTA locations or other external sites.
• May need to work outside of normal work hours supporting 24/7 operations (i.e., evenings and weekends).
• Performs other duties and tasks as assigned.
• May mentor less experienced staff.
• Observing the work performed by the contractor.
• Reviewing invoices and approving them if the work has contractual standards.
• Addressing performance issues with the contractor when possible; and
• Escalating issues to other parties as needed.

Qualifications:

Education and Experience

• Education: bachelor's degree
• Experience: At least 5 years of relevant experience. An equivalent combination of education and experience may be considered in lieu of a degree.
• Must possess at least one of the following professional certifications in subject domain including but not limited to: Certified Information Security Professional (CISSP), or Global Information Assurance Certification (GIAC), or Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA), or other related certification(s)

Technical Skills:

• Must possess an expert/highly proficient in deep understanding of technology and cybersecurity domain principles within the context of Operational Technologies, Signaling Systems and Rolling Stock.
• Expert/Highly Proficient in system forensics across Windows, Mac OSX, and Linux operating systems. Ability to analyze various systems artifact to identify vector of intrusion, indicators of compromise, and all relevant findings.
• Expert/Highly Proficient in examination of firewall, web, database, and other log sources to identify evidence of malicious activities
• Expert/Highly Proficient in closed as well as open-source forensic tools to assist in forensic investigation.
• Experience in effectively conducting large-scale cyber incidents including but not limited to DDOS, malicious insider, web application, ransomware, data exfiltration, vendor compromise, PFI, and business email compromise.
• A liaison between the SOC, impacted agencies, and technical teams during an incident.
• Expert/Highly Proficient proven ability to manage projects and initiatives.
• Expert/Highly Proficient ability to fit in with the constant shifting needs and demands of the business Departments.

Behavior Skills:

• Must possess active listening, attention to detail, customer service, prioritization, and problem-solving skills.
• Ability to work independently and strategically.
• Demonstrated expertise in identifying and analyzing risks and developing effective mitigation strategies.
• Strong technical knowledge and diverse skillset to understand various technologies, systems, and potential risks.
• Excellent critical thinking, problem-solving, and decision-making skills.
• Strong interpersonal and verbal and written communication skills, with the ability to effectively collaborate with both technical and non-technical peers.
• Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.
• Extensive hands-on experience with related tools.
• Solid working knowledge of IT domains.
• Ability to work under pressure and meet deadlines individually and collaboratively. Think logically, assess problems, and be results-oriented.
• Ability to identify complex business and technology risks and associated vulnerabilities. Prioritize multiple tasks and switch between tasks quickly.
• Ability to communicate effectively, both orally and in writing, to interact with team members, customers, management, and support personnel (technical and non-technical).
• Ability to establish and maintain effective working relationships with employees at all levels within the organization, and with both internal and external customers.

Competencies:

• Collaborates: Building partnerships and working collaboratively with others to meet shared objectives
• Cultivates Innovation: Creating new and better ways for the organization to be successful.
• Customer Focus: Building strong customer relationships and delivering customer-centric solutions.
• Communicates Effectively: Developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences.

General:

• May need to work outside of normal work hours (i.e., evenings and weekends)
• Travel may be required to other MTA locations or other external sites

Pursuant to the New York State Public Officers Law & the MTA Code of Ethics, all employees who hold a policymaking position must file an Annual Statement of Financial Disclosure (FDS) with the NYS Commission on Ethics and Lobbying in Government (the "Commission").

MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.

The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.