Specialist Cyber Security Engineer Operations Technology

Job ID: 8061

Business Unit: MTA Headquarters

Location: New York, NY, United States

Regular/Temporary: Regular

Department: IT CISO

Date Posted: Aug 8, 2024

Description

JOB TITLE: Specialist Cybersecurity Engineer Operations Technology

SALARY RANGE: $118,404 - $139,755

HAY POINTS: 451

DEPT/DIV: Information Technology / Cybersecurity

SUPERVISOR: Cybersecurity Manager, IT Cyber Security

LOCATION: Various/ 2 Broadway New York, NY 10004

HOURS OF WORK: 9:00 am - 5:30 pm (7.5 hours or as required)

This position is eligible for telework which is currently two day per week. New hires are eligible to apply 30 days after their effective date of hire.

About us:

The MTA transportation network has very large systems and infrastructure for financial, business, automated train, transportation, power, and physical security. The MTA IT Department, is centrally responsible for providing a full range of Information and Operational Technology services to the MTA agencies and administrative units through its operating and support units.

The MTA IT Cybersecurity organization, is responsible for identifying, developing, implementing, and integrating cybersecurity-related processes internal and third-party supplier organizations to reduce the operational risks, reputational risks and financial risks. The organization also has robust cybersecurity operations functions designed to protect the MTA in real-time on a 7/24/365 basis.

Summary of Job

The purpose of this position is to provide technical expertise in managing and analyzing cybersecurity risks within MTA’s critical infrastructure. The Cybersecurity Engineer will be

responsible for designing, building, and maintaining infrastructure, applications and technology to support a secure cybersecurity posture. These include systems that support cybersecurity directly and/or the business operations for Information and Operational Technology disciplines. The configuration, hardening, guidance, response, and analysis of these systems aide in reduction and containment of Cyber Security risk. The Cybersecurity Engineer will also use risk assessments, network monitoring, operational process reviews, and collaboration with security engineers, architects, developers, vendors, business units to constantly improve the overall security of the MTA.

Responsibilities

• Perform risk assessments of new and existing technology solutions to identify opportunities for improvement, and engineering solutions to adequately mitigate associated risks.

• Actively participate in multi-discipline engineering design groups, serving as the core project engineering team OT cybersecurity consultant to facilitate reliable, safe, and secure network and system designs with consideration given to project constraints: Risk, cost, schedule, resources, capabilities, regulations, and industry cybersecurity standards.

• Assisting engineering group leaders in identifying the types and nature of potential OT cybersecurity risks, threats, and equipment selection as it relates to OT cybersecurity.

• Identify areas for architectural, engineering, and operational improvements and to ensure that the security architecture is suitable and supportable

• Collaborate with technology and business teams to ensure that the implementation of new technologies and security solutions can be supported and that they are in alignment with security architecture, industry best practice, principles of secure design, and business strategies.

• Monitor Operational Technology networks for threats and vulnerabilities as an extension to the Security Operations Center.

• Manage and plan the future technical architecture, providing insight into their area of technology and expertise to continually improve effectiveness and efficiency.

• Lead the development and implementation of security technology solutions for complex environments and architecture including cross-platform interoperability, including development of baseline infrastructure and application hardening guides based on industry best practices.

• Define security configurations and operational standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.

• Serve as the engineering security expert in application development; database design; network and operating system security design; access and audit control development; and identity management solutions.

• Develop sets of security principles, technology standards and architectural constructs which guide the solution design, engineering and deployment of OT solutions.

• Ensure security architecture reviews are conducted for new technology to ensure best practices, document security solutions, and enable common solutions across the OT networks.

• Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; and preparing cost estimates.

• Mentor less experienced staff when appropriate.

• Performs other duties and tasks as assigned.

• May need to work outside of normal work hours supporting 24/7 operations (i.e., evenings and weekends).

• Travel may be required to other MTA locations or other external sites.

• Responsible for financial/budgeting/vendor/contract planning and management.

• Observing the work performed by the contractor

• Reviewing invoices and approving them if the work had contractual standards

• Addressing performance issues with the contractor when possible.

• Escalating issues to other parties as needed

  Qualifications:

  Education and experience:

• Education: Bachelor’s Degree

• Experience: At least 3 years of relevant experience. An equivalent combination of education and experience may be considered in lieu of a degree.

• Prefer at least one certification in the current platform/domain/technical skills.

  Knowledge & Skills:

  Preferred Certifications:

• Cybersecurity General Certification (CISSP, CISM, CISA, CRISC, etc.)

• Cybersecurity Specific Certification (OSCP, GICSP, etc.)

  Preferred Technical Skills:

• 7+ years of cybersecurity experience and a deep understanding of technology and cybersecurity domain principles.

• 5+ years of experience working specifically on securing OT/ICS systems.

• Operational Technology (Thorough Knowledge/Fully Proficient)

• PLC network protocols (Thorough Knowledge/Fully Proficient).

• Expert ability to conduct and analyze a security risk assessment.

• Proficient in monitoring network traffic of critical infrastructure to identify threats & vulnerabilities.

• Proficient in Network Engineering/Architecture.

• Demonstrated ability in implementing/solutioning cybersecurity tools/systems (firewalls, IAM, SIEM, etc.)

• Experience in scripting or programming skills (PERL, Python, PowerShell, etc.).

• Proficient in productivity tools (PowerPoint, Excel, Visio, etc.).

• Experience in programming/securing PLC/HMI’s.

• Familiarity with multiple ICS/SCADA equipment manufacturers, system platform architectures, PTC & HMI programming, and OT network communications protocols.

• Industrial Control System (ICS) network segmentation design experience and familiarity with the Purdue Model / IEC-62443.

  Soft Skills:

• Strong team player with excellent communication and documentation skills.

• Ambition to learn and willingness to improvise and compromise based on stakeholder/project resources and needs, project limitations, and stakeholder capabilities.

• Demonstrated ability to work independently and navigate organizational ambiguity.

• Excellent critical thinking, problem-solving, and decision-making skills.

• Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.

  Competencies:

  Core Competency

  Proficiency Level

  Competency Definition

  Collaborates

  Adept

  Building partnerships and working collaboratively with others to meet shared objectives

  Cultivates Innovation

  Capable

  Creating new and better ways for the organization to be successful

  Customer Focus

  Capable

  Building strong customer relationships and delivering customer-centric solutions

  Communicates Effectively

  Adept

  Developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences

  Tech Savvy

  Capable

  Anticipating and adopting innovations in business-building digital

  and technology applications

  Technical Skills

  Capable

  Specialized knowledge and expertise on tools, programs, domains, platforms, and products used for specific tasks

  Values Diversity

  Adept

  Recognizing the value that different perspectives and cultures bring to an organization

  GENERAL:

• May need to work outside of normal work hours (i.e., evenings and weekends)

• Travel may be required to other MTA locations or other external sites

  Pursuant to the New York State Public Officers Law & the MTA Code of Ethics, all employees who hold a policymaking position must file an Annual Statement of Financial Disclosure (FDS) with the NYS Commission on Ethics and Lobbying in Government (the “Commission”).

MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.

The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.