IT Security Operations

Role: IT Security Operations 

Location: 3 Days per week onsite 2 days remote- NYC, NY

Experience: 4-6 years

One of 3 shifts a day in a 24/7 operation (*consultant needs to be flexible enough to fill any of the 3 shifts as needed):
Shift 1 = 12am – 8:30am
Shift 2 = 8am – 4:30pm
Shift 3 = 3:30pm – 12am

SUMMARY OF THE FUNCTION/ROLE:
The IT Cyber Security Operations Monitoring Team is seeking consultants to perform Tier 2 SOC follow-up and remediation activity on escalated incidents. The Tier 2 level Analyst (Senior Analyst) should have the ability to respond to a wide range of escalated Incidents and follow through with incident lifecycle through completion. Some of the areas we are looking for candidates to have experience in include but are not limited to:

Critical Key requirements:
• Critical Thinker & Analytical Aptitude
• SIEM Experience (Splunk)
• Tier II SOC Incident Handling & Investigation
• 24/7 Security Operation Center Experience
• Threat Detection & Response Experience
• Threat Detection Technologies Experience

RESPONSIBILITIES:
a. SIEM: The ability to conduct correlated searches and analysis utilizing a Security Incident & Event Management system.
b. Network: The ability to Analyze and dissect packets and validate threat signatures
c. Endpoint: Ability to perform basic static forensic analysis of Systems and Files
d. Email: Demonstrated ability to analyze email attributes such as Headers, and the ability to apply appropriate countermeasures to enhance email defense
e. Cloud: The ability to analyze anomalous detected traffic based on defined attack policies, ability to validate the treat and then determine remediation steps and present findings)
f. User & Entity Behavior Analytics: demonstrated capability to recognize and respond to various anomalous patterns of User’s and Entity’s activity to detect malicious intent.
g. Web Application: familiarity with various types of code-based attacks and the ability to detect and respond to them
h. Data Loss Prevention: Demonstrated capability to analyze DLP events and the ability to detect Data exfiltration through covert channels.
i. Document As-Is and To-Be playbooks for existing and future processe.
j. Coordinate and facilitate meetings such as process reviews, requirements, and various status reports

RISKS (required by MTA Risk Management):
• All work when On MTA premises will be desk work only performed within the Cyber Security Operation Center (CSOC) Environment.

QUALIFICATIONS EXPERIENCE & EDUCATION:
• Knowledge of Enterprise Networks & Security infrastructure, Communication and internet security systems, Firewalls, Intrusion Protection Systems, Remote Access VPN, Proxy, Wireless Security, NAC, Enterprise ID Management systems, Database, computer systems, security event analysis and forensic investigations.
• Organizational, decision making, and communications skills.
• Knowledge of network security operations with a solid understanding of the technology and attention to detail.
• Creative problem-solving abilities, coupled with a desire to take on responsibility.
• Strong team player with the ability to engage and promote a cohesive unit.
• Ability to handle multiple tasks in a fast-paced environment and prioritize highly varied work in order to maintain required productivity levels.
• Ability to communicate technical' info and ideas so others will understand.
• Ability to make appropriate decisions considering the relative costs and benefits of potential actions.
• Ability to apply collaborative skills and traits that create solutions and results to unexpected situations.
• Bachelor’s degree in Computer Science, Cyber Security, Information Technology or related discipline OR a satisfactory equivalent with 4-6 years of Information Technology experience.