SCADA/ICS Security Specialist Level 1-5

Full Time

Job Description

Job Information

Job Title: SCADA/ICS Security Specialist Levels 1-5

Salary Range: Level 1: Min: $66,127 Mid: $88,169.50 Max: $110,212

Level 2: Min: $69,256 Mid: $92,341 Max: $115,426

Level 3: Min: $74,597 Mid: $99,463 Max: $124,329

Level 4: Min: $79,023 Mid: $105,364 Max: $131,075

Level 5: Min: $86,653 Mid: $115,537.50 Max: $144,422

Points: Level 1: 282

Level 2: 323

Level 3: 393

Level 4: 451

Level 5: 551

Dept/Div: IT/Office of Cyber Security Services

Supervisor: Director, IT Security ICS/SCADA

Location: 2 Broadway and other locations as required

Hours of Work: 9:00 AM -5:30 PM (7.5 hours/day) or as required

In order to protect our employees and continue to provide safe and reliable service to our communities, as of November 14, 2021 we are requiring all new MTA hires to be fully vaccinated against COVID-19 prior to their start date. MTA will consider exceptions for religious and medical reasons, where appropriate. "Fully vaccinated" means you must have both doses of a 2-dose vaccine and two weeks have elapsed since the second dose, or have received 1 dose of a 1-dose vaccine and two weeks have elapsed since the dose. Proof of your vaccination status in the form of a CDC vaccine card must be submitted prior to your start date.

Summary

Supervisory Control and Data Acquisition/Industrial Control Systems (SCADAICS) Security Analyst responsibilities are to identify risks to the critical infrastructure of the MTA to protect against cyber threats from foreign state, hackers and internal sources. Additionally, the person is responsible for remediating the risks to the systems. This position will also assist in supporting tests of security controls to gauge their effectiveness and collaborating with the MTA Operating departments will determine the real and active threats.

Responsibilities

Level 1:
  • Assist in the analysis of MTA Agencies Supervisory Control and Data Acquisition / Industrial Control System (SCADA/ICS) to coordinate the efforts in the preparation of and response to cyber incidents that may significantly impact the critical infrastructure of the MTA and constituent agencies.
  • Assist in the identification of all agency SCADA/ICS critical infrastructure on a risk-based approach to where cyber security incident could reasonably result in a catastrophic effect on the MTA and the public.
  • Assist in the analysis of a threat and vulnerability assessment, identify the mitigation impact of cyber security framework with associated security measures or controls on business confidentially, availability to protect MTA from unauthorized access ensuring MTA assets are protected.
  • Maintain a cybersecurity framework to provide a prioritized, flexible performance based assessment, risk mitigation and cost effective approach, including information security measures and controls to assist Industrial Control Systems and (SCADA/ICS) owners to identify, assess and manage cyber security.
  • Analyze and maintain a process to coordinate improvements to the cyber security of critical infrastructure in a collaborative process with critical infrastructure owners to determine if current cyber security requirements are sufficient given current and projected risks.
  • Assist in conducting the incident response planning and implementation as well as the investigation and monitoring of security breaches, Internet/Intranet security intrusion assessment while assisting with investigative and legal matters associated with such breaches as necessary as required by NYS, APTA and Executive Order
  • Maintain on-going communication with all MTA-IT Directors, Managers, business units, agency stakeholders and security staff to provide vital input for the planning of new SCADA/ICS applications, hardware, and rolling stock in support of the MTA operating system strategy to ensure future SCADA/ICS assets are protected.

Level 2

Same as Level 1 with the following additional responsibilities:
  • Analyze MTA Agencies Supervisory Control and Data Acquisition / Industrial Control System (SCADA/ICS) to coordinate the efforts in the preparation of and response to cyber incidents that may significantly impact the critical infrastructure of the MTA and constituent agencies.
  • Identify all agency SCADA/ICS critical infrastructure on a risk-based approach to where cyber security incident could reasonably result in a catastrophic effect on the MTA and the public.
  • Knowledge of various transportation ICS/SCADA technologies is highly desirable.
  • Analyze, manage a threat and vulnerability assessment, identify the mitigation impact of cyber security framework with associated security measures or controls on business confidentially, availability to protect MTA from unauthorized access ensuring MTA assets are protected.
  • Develop and coordinate the MTA-IT SCADA/ICS preparedness, in a standardized coordinated approach through the agencies critical SCADA/ICS systems as directed by NYS, FRA, APTA, etc. cyber security procedures escalation, funding and resources to develop uniformity by agencies on cyber security preparedness and incident response.

    Level 3

    Same as Level 2 with the following additional responsibilities:
  • Demonstrated ability to work with the stakeholders and the technical team to manage short or long term ICS/SCADA project is required.
  • Provide and update senior management analysis of MTA SCADA/ICS portfolio current risk based methodologies for security assessments and recommend security solutions for SCADA/ICS systems.
  • Analyze, manage a threat and vulnerability assessment, identify the mitigation impact of cyber security framework with associated security measures or controls on business confidentially, availability to protect MTA from unauthorized access ensuring MTA assets are protected.
  • Assist and conduct the incident response planning and implementation as well as the investigation and monitoring of security breaches, Internet/Intranet security intrusion assessment while assisting with investigative and legal matters associated with such breaches as necessary as required by NYS, APTA and Executive Order.

    Level 4

    Same as Level 3 with the following additional responsibilities:
  • Maintain a cybersecurity framework to provide a prioritized, flexible performance-based assessment, risk mitigation and cost effective approach, including information security measures and controls to assist Industrial Control Systems and (SCADA/ICS) owners to identify, assess and manage cyber security.
  • Analyze and maintain a process to coordinate improvements to the cyber security of critical infrastructure in a collaborative process with critical infrastructure owners to determine if current cyber security requirements are sufficient given current and projected risks.
  • Work with senior staff and SCADA/ICS owners to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology. Maintain internal and external relationships including other related government agencies to disseminate critical SCADA/ICS information to operating agencies.
  • Maintain on-going communication with all MTA-IT Directors, Managers, business units, agency stakeholders and security staff to provide vital input for the planning of new SCADA/ICS applications, hardware, and rolling stock in support of the MTA operating system strategy to ensure future SCADA/ICS assets are protected.

    Level 5

    Same as level 4 with the following additional responsibilities:
  • Develop incident response procedure for security breaches in the transportation systems.
  • Technical knowhow to integrate various ICS/SCADA systems into the existing detection and prevention systems.
  • Provide and update senior management analysis of MTA SCADA/ICS portfolio current risk based methodologies for security assessments and recommend security solutions for SCADA/ICS systems.
  • Analyze, manage a threat and vulnerability assessment, identify the mitigation impact of cyber security framework with associated security measures or controls on business confidentially, availability to protect MTA from unauthorized access ensuring MTA assets are protected.

Qualifications

Level 1
  • Good troubleshooting and problem-solving skills.
  • Strong technical and analytical abilities.
  • Strong oral and written communications skills.
  • Well-organized and highly motivated.
  • Must be able to move and lift up to 25 lbs. of equipment such as monitors, keyboards, CPU's, laptops, firewalls, etc.
  • Must possess a valid driver's license.
  • The incumbent in the position is required to be "on call" in the 24-hour, 365-day operating environment to ensure the availability and delivery of technology services in support of MTA corporate business goals and objectives.

    Level 2

    Same as level 1 with the following additional qualifications:
  • Knowledge of Industrial control protocols and systems

Level 3

Same as level 2 with the following additional qualifications:
  • Good leadership skills
  • Project Management experience

    Level 4

    Same as level 3 with the following additional qualifications:
  • Knowledge of industry best practices
  • Proficiency in risk assessment methodologies

    Level 5

    Same as level 4 with the following additional qualifications:
  • Strong leadership skills.
  • Strong troubleshooting and problem-solving skills.
  • Strong ability to motivate and develop personnel.
  • Represent the SCADA/ICS Manager in their absence.
  • Experience interacting with all levels of the organization.
  • Ability to lead highly technical personnel.
  • Project Management and security certifications are a plus
  • Expertise in risk assessment and mitigation methodologies is preferred

Education and Experience

Level 1:

A Bachelor's degree in Computer Science, Business Administration, Engineering, Finance, and Information Services (or the equivalent of education and progressive responsible experience).

Basic knowledge of a broad range of policy, standards and common risk management methodologies is preferred- for example, NIST, ISO 27001/27002, PCI/DSS, COBIT, ITIL, ISO 2000, etc.

Level 2:

A Bachelor's degree in Computer Science, Business Administration, Engineering, Finance, and Information Services (or the equivalent of education and progressive responsible experience) plus a minimum of 1 - 2 years of Information Technology or Operating Technology experience. Knowledge and experience of a broad range of policy, standards and common risk management methodologies - for example, NIST, ISO 27001/27002, PCI/DSS, COBIT, ITIL, ISO 2000, etc.

Level 3:

A Bachelor's degree in Computer Science, Business Administration, Engineering, Finance, and Information Services (or the equivalent of education and progressive responsible experience) plus a minimum of 3 - 4 years of Information Technology or Operating Technology experience or two years of direct experience in ICS/SCADA risk assessments.

Knowledge and experience of a broad range of policy, standards and common risk management methodologies - for example, NIST, ISO 27001/27002, PCI/DSS, COBIT, ITIL, ISO 2000, etc.

Level 4:

A Bachelor's degree in Computer Science, Business Administration, Engineering, Finance, and Information Services (or the equivalent of education and progressive responsible experience) plus a minimum of 5 - 6 years of Information Technology experience or 3 years of direct experience in ICS/SCADA systems assessments.

Knowledge and experience of a broad range of policy, standards and common risk management methodologies - for example, NIST, ISO 27001/27002, PCI/DSS, COBIT, ITIL, ISO 2000, etc.

Project Management experience is a plus
IT Security Certifications (CISSP, CISA, SANS, etc...) are a plus.

Level 5:

A Bachelor's degree in Computer Science, Business Administration, Engineering, Finance, and Information Services (or the equivalent of education and progressive responsible experience) plus a minimum of 7 - 8 years of Information Technology or Operating Technology experience or 4 years of direct experience in ICS/SCADA risk assessments and mitigation.

Knowledge and experience of a broad range of policy, standards and common risk management methodologies - for example, NIST, ISO 27001/27002, PCI/DSS, COBIT, ITIL, ISO 2000, etc.

Project Management experience is a plus

IT Security Certifications (CISSP, CISA, SANS, etc...) are a plus.

Other Information

As an employee of MTA Headquarters you may be required to complete an annual financial disclosure statement with the State of New York, if your position earns more than $101,379 (this figure is subject to change) per year or if the position is designated as a policy maker.

How To Apply

Qualified applicants can submit an online application by clicking on the 'APPLY NOW' button from either the CAREERS page or from the JOB DESCRIPTION page.

If you have previously applied on line for other positions, enter your User Name and Password. If it is your first registration, click on the CLICK HERE TO REGISTER hyperlink and enter a User Name and Password; then click on the REGISTER button.

Equal Employment Opportunity

MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.

The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.
Dice Id : 10516689
Position Id : 100004
Originally Posted : 3 months ago
Have a Job? Post it

Similar Positions

SCADA/ICS Security Specialist (Operations Technology) Levels 2-5
  • MTA New York City Transit
  • New York, NY, USA
Security Specialist Level 1-5- Palo Alto Admin
  • MTA New York City Transit
  • New York, NY, USA
Technical Infrastructure Engineer Specialist Level 1-5
  • MTA New York City Transit
  • New York, NY, USA
Application Security Specialist Level 3 - 5
  • MTA New York City Transit
  • New York, NY, USA
Lead ICS Security Assessment & Mitigation
  • MTA New York City Transit
  • New York, NY, USA
Application Security Architect
  • TITAN TECHNOLOGIES
  • Jersey City, NJ, USA
Application Security Architect/Engineer
  • Kani Solutions
  • Jersey City, NJ, USA
Security Administrator Levels 3-5 (Represented)
  • MTA New York City Transit
  • New York, NY, USA
Security Specialist Levels 3-5
  • MTA New York City Transit
  • New York, NY, USA
Application Development Specialist Levels 1-5
  • MTA New York City Transit
  • New York, NY, USA