Security Specialist Levels 1-5

Full Time

Job Description

Job Information

Job Title: Security Specialist Levels 1-5

Salary Range: Level 1 - Min: $66,127 Mid: $88,169.50 Max:$110,212

Level 2 - Min: $69,256 Mid: $92,341 Max: $115,426

Level 3 - Min: $74,597 Mid: $99,463 Max: $124,329

Level 4 - Min: $79,023 Mid: $105,364 Max: $131,705

Level 5 - Min: $86,321 Mid: $115,537.50 Max: $144,422

Points: Level 1 - 282

Level 2 - 323

Level 3 - 393

Level 4 - 451

Level 5 - 551

Dept/Div: MTA IT/ Office of IT Cyber Security Services

Supervisor: Lead Cyber Security Operations

Location: 2 Broadway and other locations as required

Hours of Work: 9:00 AM - 5:30 PM (7.5 hours/day) or as required

In order to protect our employees and continue to provide safe and reliable service to our communities, as of November 14, 2021 we are requiring all new MTA hires to be fully vaccinated against COVID-19 prior to their start date. MTA will consider exceptions for religious and medical reasons, where appropriate. "Fully vaccinated" means you must have both doses of a 2-dose vaccine and two weeks have elapsed since the second dose, or have received 1 dose of a 1-dose vaccine and two weeks have elapsed since the dose. Proof of your vaccination status in the form of a CDC vaccine card must be submitted prior to your start date.

Summary

It is extremely critical for the MTA to detect any cyber security breaches and incidents in a short amount of time to secure the MTA's person, financial and transportation assets. This job is accountable for providing tier 1 and tier 2 support for Security Operations to reduce risk and support activities related to the Cyber Security Operation Center (CSOC). This position at the MTA is highly skilled technical position which requires individual with up-to-date expert security knowledge of Enterprise Network, Applications, Endpoint and Security infrastructure. Individual should possess advance knowledge of network communications, internet security systems, SIEM, Firewalls, Intrusion Protection Systems, Remote Access VPN, Proxy, Wireless Security, NAC, Enterprise ID Management systems, Database, computer systems, Operating systems, Programming, Active Directory, security event analysis and forensic investigation etc. Candidate should have industry standard security information on current trends, and evolving security of vendor products utilized in enterprise security.

Utilizing this experience, this position will assist the CSOC Management in effectively maintaining an efficient Security Operation Center at the MTA. More specifically, this position is part of the team charged with real time monitoring, analytics and alerting on events occurring across the MTA Enterprise Network & Security Infrastructure utilizing various Security Information and Event Management tools. This position will operate as part of a Cyber Security Monitoring team within MTA IT Security Operations unit and provide cyber security threat & vulnerability awareness to CSOC management with respect to current infrastructure security events, reporting, and investigation monitoring and day to day security operation.

Responsibilities

Level 1:

  • Provide first level security support for all IT related technical problems and services to ensure that all MTA application and systems availability targets are met .
  • Assist with the implementation, administration, and monitoring of data security procedures on all computing platforms, ensuring appropriate documentation.
  • Work with IT staff and customers to ensure awareness of security concerns, mitigation techniques and assist in following procedures or implementing controls as necessary.
  • Assist in planning and coordinating security tasks and activities in support of IT related projects and initiatives.
  • Provide support for the firewall and network security elements of a project or the implementation of any large-scale system.
  • Identify security problems and recommend solutions for to management.
  • Assist and serve as backup to other staff members in supporting Cyber Security Operation Center 24x7x365.

Level 2:

Same as Level 1 with the following additional responsibilities:
  • Review and analyze Analyst level 1 identified incidents and report on security incidents trends occurring in the perimeter/internal infrastructure utilizing security event analysis tools such as Splunk.
  • Assist the forensic investigation team with on-going cyber security investigations.
  • Provide Tier one and two security support to all MTA users.
  • Maintain and coordinate compliance with PCI-DSS/PPSI Controls and risk assessment.

Level 3:

Same as Level 2 with the following additional responsibilities:
  • Mentor and Assist Analyst 1 and 2 in proper investigation techniques of security incidents occurring in the perimeter/internal infrastructure utilizing security event analysis tools such as Splunk.
  • Work with partners, vendors, departments, and law enforcement agencies to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assets.

Level 4:

Same as Level 3 with the following additional responsibilities:
  • Research and develop techniques for incident analysis, evidence collection and protection utilizing MTA owned and maintained hardware and software.

Level 5:

Same as Level 4 with the following additional responsibilities:
  • Maintain security and networking devices and upgrade, as necessary.
  • Provide support for other engineers on Palo Alto network equipment and application
  • Lead the planning and coordination of security tasks and activities in support of IT related projects and initiatives.
  • Assume complete ownership of the firewall and network security elements of a project or the implementation of any large-scale system.
  • Maintain and enhance forensic infrastructure (hardware and software), processes and procedures, along with supporting documentation, based on industry best practices.
  • Coordinate across MTA, including various departments and Cyber Security Operations Center, in operations and the revision of processes and technology.
  • Research and develop evidence collection, protection, and analysis techniques for MTA owned and maintained hardware and software.
  • Provide real time monitoring and alerting analytics and security incident investigation on perimeter/internal infrastructure and applications security events across the MTA Enterprise Environment.
  • Examine malicious software (bots, worms, and Trojans) to understand the nature of the threats. Perform reverse engineering to examine how the program interacts with the environment and Document the attack capabilities, understand the characteristics, and define signatures to detect malware.
  • Work with partners, vendors, departments, and law enforcement agencies to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assets. Liaise with legal staff efficiently and effectively, provide evidence, and testify as required.
  • Oversee and perform administration of all associated Security devices & tools which includes but are not limited to Palo Alto firewall, Remote Access / VPN, Wireless etc. for all MTA network 24x7x365 to make sure all MTA critical (PCI) and non-critical infrastructure and applications are secure.
  • Escalate complex issues to next level security support and report it to CSOC lead and organize, participate in and, if required, chair post incident reviews for presentation to the senior management.
  • Responsible to provide 24x7x365 security operation support as it relates to all security technologies managed by Cyber Security Operation Center at MTA and assist, train, mentor and serve as backup to other staff members including union staff in supporting Cyber Security Operation Center.

Qualifications

Level 1:
  • Basic knowledge and familiarity with various components of an information security systems, including firewalls, authentication protocols, encryption software, remote access systems, and commercial off the shelf security products.
  • Basic knowledge of analyzing, monitoring, investigating and troubleshooting methodologies appropriate to the implementation platform, e.g., servers, desktops, laptops, or mobile devices and various operating systems.
  • Basic knowledge and familiarity with internet technologies and computer networking.
  • Basic knowledge of troubleshooting and supporting technical issues both remotely and on-site using standard MTA tools and techniques.
  • Ability to read and understand schematic diagrams, technical manuals and documentation such that supported equipment and software can be maintained with minimal training.
  • Strong oral and written communications skills.
  • Strong analytical skills.
  • Strong people skills.
  • Must be able to move and lift up to 25lbs of equipment such as monitors, keyboards, laptops, firewalls, etc.
  • Must possess a valid driver's license.

Level 2:

Same as Level 1 with the following additional qualifications:
  • Proven knowledge and familiarity with various components of information security systems, maintaining and troubleshooting security resources including, but not limited to Firewall software, Encryption software, remote access solutions, SIEM, Authentication and commercial off the shelf security software with the ability to support this software on servers, desktops, laptops, and mobile devices and various operating systems.
  • Demonstrated knowledge of analyzing, monitoring and investigating various internet security technologies and computer networking.
  • Strong critical thinking skills.
  • Ability to troubleshoot and support technical issues both remotely and on-site using standard MTA tools and techniques.
  • Knowledge of all associated Security tools which includes but are not limited to SIEM, Firewall, Antivirus, IDS/IPS, DLP, Proxy, AD, Remote Access / VPN, Wireless etc.
  • Basic understanding of security Incident handling lifecycles.

Level 3:

Same as Level 2 with the following additional qualifications:
  • Strong knowledge of and familiarity with various components of an information security system, including firewalls, authentication protocols, encryption software, remote access systems, and commercial-off-the-shelf security products. Knowledge of troubleshooting methodologies appropriate to the implementation platform, e.g., servers, desktops, laptops, or mobile devices.
  • Strong knowledge of and familiarity with internet technologies and computer networking.
  • Knowledge of all associated Security tools which includes but are not limited to SIEM, Palo Alto, CrowdStrike IDS/IPS, DLP, Proxy, AD, Remote Access / VPN, Wireless etc.
  • Ability to investigate, troubleshoot and support technical issues both remotely and on-site using standard MTA tools and techniques.
  • Ability to provide technical direction to staff members, and to guide new lower level staff members that enter the security team.
  • Ability to perform electronic data recovery and computer forensics efficiently utilizing industry standard tools.
  • Ability to recommend and draft effective security policies and procedures.
  • Ability to perform research and recommend solutions for security problems to management.

Level 4:

Same as level 3 with the following additional qualifications:
  • Advanced knowledge of and familiarity with various components of an information security system, including firewalls, authentication protocols, encryption software, remote access systems, and commercial-off-the-shelf security products. Knowledge of troubleshooting methodologies appropriate to the implementation platform, e.g., servers, desktops, laptops, or mobile devices.
  • Advanced knowledge of and familiarity with internet technologies and computer networking.
  • Ability to perform research and recommend solutions for security problems to management.
  • Ability to plan, design and engineer solutions and projects for the security team.
  • Ability to perform project management tasks related to solutions and projects for the security team.

Level 5:

Same as Level 4 with the following additional qualifications:
  • Expert knowledge of and familiarity with various components of an information security system, including Palo Alto firewalls, Wireless, authentication protocols, encryption software, remote access systems, and commercial-off-the-shelf security products. Knowledge of troubleshooting methodologies appropriate to the implementation platform, e.g., servers, desktops, laptops, or mobile devices.
  • Expert knowledge of and familiarity with internet technologies and computer networking
  • Demonstrated ability to investigate, troubleshoot, lead and support technical issues both remotely and on-site using standard MTA tools and techniques.
  • Demonstrated ability to read, understand and develop schematic diagrams, technical manuals and documentation such that supported equipment and software can be maintained with minimal training.
  • Experience with forensic investigations of diverse platforms including Windows, Linux Android, OSX, etc.
  • Knowledge of Domain structures, user authentication and authorization, encryption and networking
  • Experience with escalation, notification, and after-action review processes for security incident management and recovery.
  • Ability to reverse engineer binaries of various types
  • Expert understanding of Microsoft Windows Internals
  • Ability to analyze shell code
  • Understanding of software exploits
  • Ability to analyze packed and obfuscated code
  • Capable of identifying host- and network-based indicators
  • Experience mitigating anti-reverse engineering techniques
  • Demonstrated leadership and people skills.
  • Demonstrated ability to provide technical direction to other staff members.
  • Demonstrated ability to recommend and draft security policies and procedures.
  • Demonstrated ability to perform research and recommend solutions for security problems to management.
  • Demonstrated ability to plan, design and engineer solutions and projects for the security team.
  • Demonstrated ability to perform project management tasks related to solutions and projects for the security team.
  • Demonstrated ability to be able to lead the planning and coordination of security tasks and activities within the security team.
  • Demonstrated ability to perform all technical and non-technical tasks, such as procurement, while ensuring that security tasks are completed on time and within budget.
  • Must demonstrate highly developed knowledge of current industry standard information security and market trends.
  • Demonstrated ability to plan, present and apply complex technology solutions to solve critical business requirements effectively and efficiently.
  • Proven experience working with senior level staff contributing to both short and long-term technology related planning strategies.
  • Knowledge of Panorama, WildFire, and other Palo Alto features including but not limited to SSL decryption
  • Understanding of Zones and virtual routers - ability to understand and troubleshoot routing issues
  • A high-level Palo Alto expertise in design, configuration, migrations, tuning and customization of features.
  • Understanding of routing, switching and security technologies

Education and Experience

Level 1:
  • Bachelor's degree in Computer Science, Information Services or IT Security related field or a related field from an accredited college or an equivalent combination of education from an accredited college and experience may be considered in lieu of a degree.
  • Minimum of 1 years' experience installing, maintaining and supporting security technologies in an office environment.

Level 2:
  • Bachelor's degree in Computer Science, Information Services or IT Security related field -Or- A satisfactory equivalent with at least 2 years of Information Technology experience.
  • 1 - 2 years of experience Tier 1 & 2 support for cyber security operation center. Experienced with performing network security administration such as firewalls, IPS, Proxy, VPN, Wireless Security, NAC, security event correlation tools etc.
  • 1 - 2 years of experience with application security, data encryption, identity management, policy & procedure. Experience with Perform log correlation between security, network and application logs including troubleshooting and performing root cause analysis of complex IT solutions.
  • Must possess a minimum of 1 - 2 years' experience with security analysis and forensic investigation.

Level 3:
  • Bachelor's degree in Computer Science, Information Services or IT Security related field -Or- A satisfactory equivalent with at least 3 years of Information Technology experience.
  • 3 - 4 years of experience Tier 1 & 2 support for cyber security operation center. Experienced with performing network security administration such as firewalls, IPS, Proxy, VPN, Wireless Security, NAC, security event correlation tools etc.
  • A minimum of 2 years of experience with application security, data encryption, identity management, policy & procedure. Experience with Perform log correlation between security, network and application logs including troubleshooting and performing root cause analysis of complex IT solutions.
  • Must possess a minimum of 2 years' experience with security analysis and forensic investigation.

Level 4:
  • Bachelor's degree in Computer Science, Information Services or IT Security related field -Or- A satisfactory equivalent with at least 3 years of Information Technology experience.
  • 4 to 5 years of experience Tier 1 & 2 support for cyber security operation center. Experienced with performing network security administration such as firewalls, IPS, Proxy, VPN, Wireless Security, NAC, security event correlation tools etc.
  • A minimum of 3 years of experience with application security, data encryption, identity management, policy & procedure. Experience with Perform log correlation between security, network and application logs including troubleshooting and performing root cause analysis of complex IT solutions.
  • Two or more years of demonstrated experience managing a high-performing, cohesive security response team preferred.
  • Must possess a minimum of 4 years' experience with security analysis and forensic investigation.

Level 5:
  • Bachelor's degree in Computer Science, Information Technology or related discipline OR equivalent experience with minimum of 5-6 years' experience of Information Technology.
  • Must possess a minimum of 4 years' experience with security analysis and forensic investigation.
  • 5 to 6 years of experience Tier 1 & 2 support for cyber security operation center. Experienced with performing network security administration such as Palo Alto firewalls, IPS, Proxy, VPN, Wireless Security, NAC, security event correlation tools , Protocol Analyzers, and open-source tools etc.
  • A minimum of 4 years of experience with application security, data encryption, identity management, policy & procedure. Experience with Perform log correlation between security, network and application logs including troubleshooting and performing root cause analysis of complex IT solutions.
  • This position will require 24x7 on call availability and working various shifts.
  • An advanced degree and/or professional certification is desirable.

Other Information

As an employee of MTA Headquarters, you may be required to complete an annual financial disclosure statement with the State of New York, if your position earns more than $101,379 (this figure is subject to change) per year or if the position is designated as a policy maker.

How To Apply

Qualified applicants can submit an online application by clicking on the 'APPLY NOW' button from either the CAREERS page or from the JOB DESCRIPTION page.

If you have previously applied on line for other positions, enter your User Name and Password. If it is your first registration, click on the CLICK HERE TO REGISTER hyperlink and enter a User Name and Password; then click on the REGISTER button.

Equal Employment Opportunity

MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.

The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.
Dice Id : 10516689
Position Id : 100361
Originally Posted : 2 months ago
Have a Job? Post it

Similar Positions

Security Specialist Levels 2-5
  • MTA New York City Transit
  • New York, NY, USA
Security Specialist Levels 3-5
  • MTA New York City Transit
  • New York, NY, USA
Security Specialist Level 1-5- Palo Alto Admin
  • MTA New York City Transit
  • New York, NY, USA
SCADA/ICS Security Specialist (Operations Technology) Levels 2-5
  • MTA New York City Transit
  • New York, NY, USA
SCADA/ICS Security Specialist Level 1-5
  • MTA New York City Transit
  • New York, NY, USA
Security Administrator Levels 3-5 (Represented)
  • MTA New York City Transit
  • New York, NY, USA
Technology Infrastructure Engineering Specialist Levels 5-7
  • MTA New York City Transit
  • New York, NY, USA
Technology Infrastructure Engineering Specialist Levels 5-7
  • MTA New York City Transit
  • New York, NY, USA
Application Development Specialist Levels 5-6
  • MTA New York City Transit
  • New York, NY, USA
Application Development Specialist Levels 3-5
  • MTA New York City Transit
  • New York, NY, USA