Important: If you applied for a position before March 24, 2023, please check the status of your application here. MTA employees, click here to check your job application status.

Join our Talent Network
Skip to main content
Back to job search

Cybersecurity Analyst Level 1-7, Threat Hunting and MITRE

Job ID: PS104370
Business Unit: MTA Headquarters
Location: New York, NY, United States
Regular/Temporary: Regular
Department: IT Cyber Security
Date Posted: Sep 22, 2023

Description

Job Title:        Cybersecurity Analyst Levels 1-7, Threat Hunting and MITRE

Salary Range:  Level 1: $82,857 - $105,000

                            Level 2: $87,685 - $115,500

                          Level 3: $95,929 - $127,050

                          Level 4: $102,760 - $139,755

                          Level 5: $114,537 - $153,731

                          Level 6: $124,311 - $169,104

                          Level 7: $140,917 - $186,014
POINTS:          

                           Level 1 - 282

                           Level 2 - 323

                           Level 3 - 393

                           Level 4 - 451

                           Level 5 – 551

                           Level 6 – 634

                           Level 7 – 775

DEPT/DIV:                        MTA Information Technology/ Office of IT Cyber Security Services

SUPERVISOR:                 Cybersecurity Officer - Threat, Intelligence & Forensics

LOCATION:                      2 Broadway, New York, NY 10004

HOURS OF WORK:         9:00am-530pm (7.5 hours/day) or as required.

 

This position is eligible for telework. New Hires are eligible to apply 30 days after their effective date of hire.

The purpose of this position is to provide critical technical expertise in threat hunting and automation functions. Cybersecurity Analyst will be tasked with remaining up to date on the latest risks and threats to the MTA as the threat landscape gradually evolves. This position will work in conjunction with the MTA’s SOC, MSSP, and other cybersecurity partners to perform effective threat hunting and anticipation. Upon developing effective threat hunting enterprise searches, the analyst must also assist in creating content detection / prevention rules. The analyst is part of a Tier 3 SOC function and must be able to create searches with high fidelity and minimize/negate potential false positives. This position will also work in conjunction with existing MITRE ATT&CK framework adherence efforts and must be capable of making recommendations for enterprise-level visibility gaps.

Responsibilities:

  • Administration of Threat Intelligence Platform (TIP)
  • Performs threat hunting searches across a variety of technologies that are on-prem, cloud-based, and hybrid.
  • Assesses existing MITRE ATT&CK detection capabilities.
  • Identifies the tactics, techniques, and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks.
  • Researching emerging threats and vulnerabilities to aid in the identification of network incidents, and supports the creation of new architecture, policies, standards, and guidance to address them.
  • Provide incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary.
  • Conducts security monitoring and intrusion detection analysis using various technology and analytic tools, such as web and next generation firewalls, machine and human behavior learning tools, host-based security system, security event and incident monitoring systems, virtual, physical, and cloud platforms, user endpoint (laptop, desktop, mobile, and internet of things/IOT) systems, etc.
  • Correlates events and activities across systems to identify trends of unauthorized use.
  • Reviews alerts and data from sensors and documents formal, technical incident reports
  • Tests new systems and manage cybersecurity risks and remediation through analysis.
  • Responds to computer security incidents according to the computer security incident response policy and procedures.
  • Provides technical guidance to first responders for handling information security incidents.
  • Provides timely and relevant updates to appropriate stakeholders and decision makers.
  • Communicates investigation findings to relevant business units to help improve the information security posture.
  • Validates and maintains incident response plans and processes to address potential threats.
  • Compiles and analyzes data for management reporting and metrics.
  • Monitors relevant information sources to stay up to date on current attacks and trends.
  • Analyzes potential impact of new threats and communicates risks back to detection engineering functions.
  • Performs root-cause analysis to document findings and participate in root-cause elimination activities as required.
  • Works with data sets to identify patterns.
  • Understands data automation and analysis techniques.
  • Uses judgment to form conclusions that may challenge conventional wisdom.
  • Hypothesizes new threats and indicators of compromise.
  • Monitors threat intelligence feeds to identify a range of threats, including indicators of compromise and advanced persistent threats (APTs)
  • Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.
  • Perform Contract management and supply management functions appropriate to reduce security risks.

The role will provide a proactive approach to cybersecurity while also performing investigation of security incidents related to MTA operations related to Cyber Security.   

Level 1

  • Associate degree in computer science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.
  • Basic knowledge and familiarity with monitoring, installing, maintaining and/or troubleshooting cybersecurity related issues associated with applications and/or infrastructure systems.
  • Understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.
  • Understanding of Operating Systems
  • Scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.

Level 2

  • Associate degree in computer science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree and 2+ years of relevant experience, or a bachelor’s degree in computer science or related fields. 
  • Basic knowledge and familiarity with installing, maintaining and troubleshooting technology systems.
  • Proven ability to troubleshoot and support technical issues.
  • Proven ability to analyze a security risk assessment.
  • Understanding of Operating Systems
  • Understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.
  • Scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.
  • 6 months of experience in a specific (Cloud, Applications, Infrastructure, Security Technology, etc.) cybersecurity domain is preferred. 

Level 3

  • Bachelor’s degree in computer science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.
  • CISSP or other advanced security-related certification preferred but not required.
  • Certifications in technology subdomains preferred but not required (ie. Cloud, Applications, Infrastructure, Security Technology, etc.)
  • 2+ years of relevant experience.
  • Requires prior experience with installing, maintaining and troubleshooting technology systems.
  • Proven ability to troubleshoot and support technical issues using standardized procedures.
  • Proven ability to analyze a security risk assessment or conduct one with guidance.
  • Understanding of Operating Systems and Hardware
  • Understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.
  • Scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.
  • 1 year of experience in a specific (Cloud, Applications, Infrastructure, Security Technology, etc.) cybersecurity subdomain is preferred.

Level 4

  • Bachelor’s degree in computer science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.
  • 3+ years of relevant experience or 18 months of experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.).
  • Current CISSP or other advanced security-related certification preferred but not required.
  • Certifications in technology subdomains preferred but not required (ie. Cloud, Applications, Infrastructure, Security Technology, etc.)
  • Proven ability to independently evaluate and resolve most problems within an area of infrastructure, applications within a security domain context.
  • Proven ability to analyze and/or conduct a security risk assessment.
  • Understanding of Operating Systems and Hardware
  • Advanced understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.
  • Scripting or programming skills (PERL, Python, PowerShell, etc.). 

Level 5

  • Bachelor’s degree in computer science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.

5+ years of relevant experience or 2.5 years of experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.)

Current CISSP or other advanced security-related certification preferred.

Certifications in technology subdomains preferred but not required (ie. Cloud, Applications, Infrastructure, Security Technology, etc.).

  • Progressive cybersecurity related accomplishments
  • Requires broad technical knowledge of multiple technologies, or an in-depth knowledge of one technology including its impact on other technologies.
  • Proven ability to analyze and/or conduct a security risk assessment.
  • Understanding of Operating Systems and Hardware
  • Advanced understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.
  • Scripting or programming skills (PERL, Python, PowerShell, etc.) as needed.

Level 6

  • Bachelor’s degree in computer science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.
  • 8+ years of relevant experience or 4 years of experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.).
  • CISSP or other advanced security-related certification preferred.
  • Certifications in technology subdomains preferred (ie. Cloud, Applications, Infrastructure, Security Technology, etc.).
  • Verifiable implementation of security domain controls for enterprise technologies
  • Requires seasoned expertise in multiple technologies and strong understanding of the current and future technology architecture, including the inter-operability of technologies.
  • Advanced ability to conduct and analyze a security risk assessment.
  • Understanding of Operating Systems and Hardware
  • Expert understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.
  • Some scripting or programming skills (PERL, Python, PowerShell, etc.) as needed.

Level 7

  • Bachelor’s degree in computer science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.
  • 10+ years of relevant technology based or cybersecurity experience or 5 years of experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.).
  • CISSP and other advanced security-related certification preferred.
  • Certifications in technology subdomains preferred (ie. Cloud, Applications, Infrastructure, Security Technology, etc.).
  • Significant practical expertise in cybersecurity related disciplines

Other Information

Please be advised that pursuant to MTA Code of Ethics and New York State Ethics Law, you have been designated as a policy maker. Therefore, you will be required to file an annual financial disclosure statement with the Commission on Ethics and Lobbying in Government. The Commission will notify you of this filing requirement via your work email. Upon receipt of notification from the Commission you will have 30 days to complete your financial disclosure statement.

Equal Employment Opportunity

MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.

The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.

Save Job Saved
Similar Jobs
mail