Security Administrator 3

Description

JOB TITLE: Security Administrator - Level 3-5

SALARY RANGE: Level 3 - Min.: $69,092Max.: $94,703

Level 4 - Min.: $76,601 Max.: $108,573

Level 5 - Min.: $86,703 Max.: $123,862

DEPT/DIV: MTA Information Technology/ IT Security

SUPERVISOR: Cybersecurity Officer/Manager

LOCATION: 2 Broadway and other locations as required

HOURS OF WORK: 9:00 am - 5:00 pm/8 hrs. or as required.

DURATION: Open Until Filled

The Metropolitan Transportation Authority is North America's largest transportation network, serving a population of 15.3 million people across a 5,000-square-mile travel area surrounding New York City, Long Island, southeastern New York State, and Connecticut. The MTA network comprises the nation's largest bus fleet and more subway and commuter rail cars than all other U.S. transit systems combined. MTA strives to provide a safe and reliable commute, excellent customer service, and rewarding opportunities.

Summary:

This position is responsible for the administration of access to the railroad's computer systems on all computing platforms, administration of the various firewall and network technologies utilized to protect the perimeter of the network from intrusion. This includes resolving complex security problems, researching and implementing new security technology, providing firewall and network security solutions for large-scale initiatives, recommending policy changes to management, and developing security procedures, policies and documentation for the IT Department and the end user community.

Responsibilities:

Level 3

• Provide first level security support for all IT related technical problems and services to ensure that all MTA application and systems availability targets are met.
• The implementation, administration, and monitoring of data security procedures on all computing platforms, ensuring appropriate documentation.
• Work with IT staff and customers to ensure awareness of security concerns, mitigation techniques and assist in following procedures or implementing controls as necessary.
• Implementation, administration, and monitoring of physical security procedures within the IT Department and the associated documentation.
• Install, configure, and troubleshoot complex hardware and/or software solutions supporting critical business functions and customer facing services.
• Maintain compliance with PCI-DSS Controls.
• Participate in the evaluation of new security products and security related technologies.
• Assist and back up other Security Administrators.
• Recommend solutions for security problems to management.
• Recommend and draft security policies and procedures for MTA computing platforms and coordinate with other MTA agencies as necessary.
• Implement and maintain compliance with PCI-DSS Controls.
• Perform and coordinate electronic data discoveries, maintaining confidentiality and meeting required deliverable time frames.
• Identify security problems and review them with other Security Administrators.

Level 4

Same as Level 3 with the following additional responsibilities:

• Identify security problems and recommend solutions to management.
• Participate in the evaluation of new security products and security related technologies.
• Plan, design, and engineer solutions and projects to be implemented within the security section.
• Perform security related project management tasks.
• Assist and back up other Security Administrators.
• Guide less senior technicians and staff in the performance of their tasks.

Level 5

Same as Level 4 with the following additional responsibilities:

• Lead the planning and coordination of security tasks and activities in support of IT related projects and initiatives.
• Assume complete ownership of the firewall and network security elements of a project or the implementation of any large-scale system.
• Lead and participate in all technical and non-technical tasks, such as procurement, while ensuring that milestones are met according to plan and that the quality of the final product is high.
• Design, implement, and maintain compliance with PCI-DSS controls. Communicate the importance of controls to less senior Security Administrators and other IT personnel.

Qualifications:

Level 3:

• Supports ticket handling for privileged account vaulting, MFA setup, and SSO onboarding.
• Troubleshoots user access issues and monitors system dashboards.
• 1-3 years of IT support or IAM experience and basic knowledge of AD, Azure AD, SSO, MFA, and cloud concepts.
• Basic Knowledge of Endpoint Detection and Response Technologies
• Basis Knowledge of Antivirus, Data Loss Prevention (DLP), Encryption, and USB Protection.
• Basic knowledge and familiarity with installing and maintaining various components of an information security system, including firewalls, authentication protocols, encryption software, remote access systems, and commercial off the shelf security products.
• Basic knowledge of troubleshooting methodologies appropriate to the implementation platform, e.g., servers, desktops, laptops, or mobile devices on a large scale.
• Basic knowledge and familiarity with internet technologies and computer networking.
• Ability to plan and schedule the installation of new or modified hardware, operating systems, and application software on various endpoint platforms.
• Ability to plan, schedule and maintain, and deploy endpoint security software to systems on a large scale.
• Ability to troubleshoot and support technical issues both remotely and on-site using standard MTA tools and techniques.
• Ability to read and understand schematic diagrams, technical manuals, and documentation such that supported equipment and software can be maintained with minimal training.
• Strong oral and written communication skills.
• Strong analytical skills.
• Strong people skills.
• Must be able to move 25 lbs of equipment such as monitors, keyboards, CPUs, laptops, firewalls, etc.
• Must possess a valid driver's license.
• Proven knowledge and familiarity with installing, maintaining and troubleshooting security resources, including, but not limited to, MS Active Directory, Checkpoint security software, Encryption software, remote access solutions, commercial off the shelf security software, with the ability to support this software on servers, desktops, laptops, and mobile devices.
• Proven knowledge of and familiarity with installing and maintaining various components of an information security system, including firewalls, authentication protocols, encryption software, remote access systems, and commercial-off-the-shelf security products.
• Research, identify, and drive the implementation of innovative approaches to system administration tasks with a focus on automation, error reduction, and service improvement.
• Knowledge of troubleshooting methodologies appropriate to the implementation platform, e.g., servers, desktops, laptops, or mobile devices on a large scale.
• Demonstrated knowledge of and familiarity with internet technologies and computer networking.
• Strong critical thinking skills.
• Ability to guide less senior staff in the performance of their tasks.
• Strong knowledge of and familiarity with installing and maintaining various components of an information security system, including firewalls, authentication protocols, encryption software, remote access systems, and commercial-off-the-shelf security products.
• Strong knowledge of and familiarity with internet technologies and computer networking.
• Ability to provide technical direction to less senior staff members, and to guide new lower level staff members who enter the security team.
• Ability to perform electronic data recovery and computer forensics efficiently, utilizing industry standard tools.
• Ability to recommend and draft effective security policies and procedures.
• Ability to perform research and recommend solutions for security problems to management.

Level 4

Same as Level 3 with the following additional qualifications:

• Manages PAM tasks independently, including onboarding apps to SSO, renewing secrets, and provisioning privileged software.
• Provides Tier 2 support and contributes to automation.
• 3-5 years in PAM/IAM, deep understanding of AD, Azure AD, SAML/OAuth/OIDC, scripting (PowerShell/Python), and PAM tools like CyberArk or BeyondTrust.
• Advanced knowledge of and familiarity with installing and maintaining various components of an information security system, including firewalls, authentication protocols, encryption software, remote access systems, and commercial-off-the-shelf security products. Knowledge of troubleshooting methodologies appropriate to the implementation platform, e.g., servers, desktops, laptops, or mobile devices.
• Advanced knowledge of and familiarity with internet technologies and computer networking.
• Ability to plan, design, and engineer solutions and projects for the security team.
• Ability to perform project management tasks related to solutions and projects for the security team.

Level 5

Same as level 4 with the following additional qualifications:

• Leads PAM strategy, cross-team integrations, and tooling optimization. Acts as SME for escalated incidents and collaborates with GRC/audit teams.
• 5+ years of expertise in PAM, hybrid identity, advanced SSO/MFA, and cloud IAM.
• Strong scripting, design, and leadership skills.
• Preferred certs: SC-300, CISSP, CyberArk, BeyondTrust.
• Expert knowledge of and familiarity with installing and maintaining various components of an information security system, including firewalls, authentication protocols, encryption software, remote access systems, and commercial-off-the-shelf security products. Knowledge of troubleshooting methodologies appropriate to the implementation platform, e.g., servers, desktops, laptops, or mobile devices.
• Expert knowledge of and familiarity with internet technologies and computer networking.
• Demonstrated ability to troubleshoot and support technical issues both remotely and on-site using standard MTA tools and techniques.
• Demonstrated ability to read, understand, and develop schematic diagrams, technical manuals, and documentation such that supported equipment and software can be maintained with minimal training.
• Demonstrated leadership and people skills.
• Demonstrated ability to provide technical direction to less senior staff members, and to train new lower level staff members who enter the security team.
• Ability to perform electronic data recovery and computer forensics efficiently, utilizing industry standard tools.
• Demonstrated ability to recommend and draft security policies and procedures.
• Demonstrated ability to perform research and recommend solutions for security problems to management.
• Demonstrated ability to plan, design, and engineer solutions and projects for the security team.
• Demonstrated ability to perform project management tasks related to solutions and projects for the security team.
• Demonstrated ability to be able to lead the planning and coordination of security tasks and activities within the security team.
• Demonstrated ability to perform all technical and non-technical tasks, such as procurement, while ensuring that security tasks are completed on time and within budget.
• Must demonstrate highly developed knowledge of current industry standard information security and market trends.
• Demonstrated ability to plan, present, and apply complex technology solutions to solve critical business requirements effectively and efficiently.
• Proven experience working with senior level staff contributing to both short- and long-term technology related planning strategies.
• Monitor security devices and applications for performance problems.
• Write and maintain documentation on process procedures, device statuses, firewall block lists, and other important technical areas.
• Manage projects related to implementing cybersecurity tools and products
• Create diagrams of network topologies and record details of troubleshooting processes.
• Follow policies and standards to support network security and regulatory requirements. As well as recommend changes to policies and standards as technology develops.
• Support and provide evidence and services to audit teams promptly.
• Enforce quality control and ensure output meets project requirements.

Education and Experience:

Level 3

• Bachelor's degree in Computer Science, Information Technology or related discipline; or a minimum of 7 years' experience installing, maintaining, and supporting security technologies in an office environment.
• Must possess a minimum of 5 years' experience maintaining and supporting security hardware, software, network resources, and protocols

Level 4

• Bachelor's degree in Computer Science, Information Technology, or related discipline; or a minimum of 10 years' experience installing, maintaining, and supporting security technologies in an office environment.
• Must possess a minimum of 8 years of experience maintaining and supporting security hardware, software, network resources, and protocols.

Level 5

• Bachelor's degree in Computer Science, Information Technology, or related discipline; or a minimum of 12 years' experience installing, maintaining, and supporting security technologies in an office environment.
• Must possess a minimum of 10 years' experience maintaining and supporting security hardware, software, network resources, and protocols.

OTHER INFORMATION:

This is a resume-based position in the collective bargaining unit represented by the Transportation Communications Union (TCU) and will be governed by the terms of the associated TCU collective bargaining agreement for IT employees. As such, candidates selected for this position will be represented by TCU and be on MTA payroll. In addition, candidates selected may be required to work at any MTA Agency location.

Pursuant to the New York State Public Officers Law & the MTA Code of Ethics, all employees who hold a policymaking position must file an Annual Statement of Financial Disclosure (FDS) with the NYS Commission on Ethics and Lobbying in Government (the "Commission").

Equal Employment Opportunity

MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.

The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.