JOB TITLE: Principal Cybersecurity Signals Engineer
SALARY RANGE: $155,012 - $186,014
HAY POINTS: 775
DEPT/DIV: Information Technology / Cybersecurity
SUPERVISOR: Cybersecurity Officer/Director/Sr. Director
LOCATION: Various/ 2 Broadway New York, NY 10004
HOURS OF WORK: 9:00 am - 5:30 pm
This position is eligible for telework which is currently two day per week. New hires are eligible to apply 30 days after their effective date of hire.
The MTAIT Cybersecurity Security Signals Engineer is responsible for assessing, developing and implementing the security architectures and solutions including security frameworks and roadmaps around Operational Technologies (OT), Signaling Systems and Rolling Stock. This position also serves as the engineering security expert in application development; database design; network and operating system security design; and access and audit control development and implementations. This position works closely with the IT and OT Business Managers and has a business-driven mindset which seeks to develop structured inter-relationships between technology and processes to support the long-term needs of the business.
- Identify areas for architectural, engineering, and operational improvements and to ensure that the security architecture is suitable and supportable
- Manage and plan the future technical architecture, providing insight into the future of their area of technology to continually improve effectiveness and efficiency.
- Conduct design and engineering processes to ensure that security architecture solutions maintain the confidentiality, integrity, and availability of information assets.
- Understand, review, and approve Cybersecurity Reference Architectures and solutions for applying them.
- Collaborate with technology and business teams to ensure that the implementation of new technologies and security solutions can be supported and that they are in alignment with security architecture, industry best practice, principles of secure design, and business strategies.
- Revalidate systems to most recent reference architectures to determine gaps, develop and manage programs to align systems to newest standards and reference architectures. Define the appropriate architecture, technical requirements, and standards necessary to address information security needs for the organization.
- Perform risk assessments of new and existing technology solutions to identify opportunities for improvement, and engineering solutions to adequately mitigate associated risks.
- Lead the development and implementation of security technology solutions for complex environments and architecture including cross-platform interoperability, including development of baseline infrastructure and application hardening guides based on industry best practices.
- Define security configurations and operational standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
- Serve as the engineering security expert in application development; database design; network and operating system security design; access and audit control development; and identity management solutions.
- Develop sets of security principles, technology standards and architectural constructs which guide the solution design, engineering and deployment of IT solutions.
- Ensure security architecture reviews are conducted for new technology to ensure best practices, document security solutions, and enable common solutions across the enterprise.
- Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; and preparing cost estimates.
- Address security requirements within cloud architectures, creating new and evolving security services and standards pertaining to cloud services; consulting with internal and external customers; and developing and documenting strategies, standards, and roadmaps for cloud security components and architectures.
- May mentor less experienced staff.
- Performs other duties and tasks as assigned.
- May need to work outside of normal work hours supporting 24/7 operations (i.e., evenings and weekends).
- Travel may be required to other MTA locations or other external sites.
- Responsible for financial/budgeting/vendor/contract planning and management.
- Must possess active listening, attention to detail, customer service, prioritization, and problem-solving skills.
- Ability to work independently and strategically.
- Demonstrated expertise in identifying and analyzing risks and developing effective mitigation strategies.
- Strong technical knowledge and diverse skillset to understand various technologies, systems, and potential risks.
- Excellent critical thinking, problem-solving, and decision-making skills.
- Strong interpersonal and verbal and written communication skills, with the ability to effectively collaborate with both technical and non-technical peers.
- Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.
- Extensive hands-on experience with related tools.
- Solid working knowledge of IT domains.
- Ability to work under pressure and meet deadlines individually and collaboratively. Think logically, assess problems, and be results-oriented.
- Ability to identify complex business and technology risks and associated vulnerabilities. Prioritize multiple tasks and switch between tasks quickly.
- Ability to communicate effectively, both orally and in writing, to interact with team members, customers, management, and support personnel (technical and non-technical).
- Ability to establish and maintain effective working relationships with employees at all levels within the organization, and with both internal and external customers.
Education and Experience:
- Education: bachelor’s degree
- Experience: At least 10 years of relevant experience. An equivalent combination of education and experience may be considered in lieu of a degree.
- Must possess at least two of the following professional certifications in subject domain including but not limited to: Certified Information Security Professional (CISSP), or Global Information Assurance Certification (GIAC), or Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA), or other related certification(s)
- Must possess an expert/highly proficient in deep understanding of technology and cybersecurity domain principles within the context of Operational Technologies, Signaling Systems and Rolling Stock.
- Expert/Highly Proficient, knowledge of Concepts, principals and design of data security and disaster recovery processes including threat and vulnerability management; access control; network design and management; identity and access management; and data protection and management. Legal and regulatory compliance requirements as they relate to data and information privacy and security.
- Expert/Highly Proficient, knowledge of Cybersecurity technologies including identity and access management solutions; intrusion detection/prevention, PKI, security incident and event management solutions and network/firewall technology.
- Expert/Highly Proficient ability to develop and implement enterprise data security architecture. Design secure solutions and accompanying controls. And Ability to quickly learn and understand new technologies.
- Expert/Highly Proficient proven ability to manage projects and initiatives
- Expert/Highly Proficient ability to fit in with the constant shifting needs and demands of the business Departments.
Pursuant to the New York State Public Officers Law & the MTA Code of Ethics, all employees who hold a policymaking position must file an Annual Statement of Financial Disclosure (FDS) with the NYS Commission on Ethics and Lobbying in Government (the “Commission”).
Equal Employment Opportunity
MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.
The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.