Cybersecurity Engineer Levels 1 (Aws Cloud &Amp; Saas Security)

Description

Job Title:  Cybersecurity Engineer Level 1-7 (AWS Cloud & SaaS Security)

Salary Range:  Level 1: $82,857.04 - $105,000
                           Level 2: $87,685.20 -  $115,500
                          Level 3: $95,929.32 -  $127,050
                          Level 4: $102,760.32 -$139,755
                          Level 5: $114,537.24 -$153,731
                          Level 6: $124,311.32 -$169,104
                          Level 7: $140,917.09 -$186,014                                                  

POINTS:            Level 1 - 282
                           Level 2 - 393
                           Level 3 - 451
                           Level 4 - 551
                           Level 5 – 479
                           Level 6 – 551
                           Level 7 – 634

DEPT/DIV:                        MTA Information Technology/ Office of IT Cyber Security
SUPERVISOR:                 Director, Application Security
LOCATION:                      2 Broadway, New York, NY 10004
HOURS OF WORK:         9:00am – 5:30am (7.5hrs)

The purpose of this position is to provide critical technical expertise in managing and analyzing cybersecurity risks. Cybersecurity Analyst will be responsible for early and accurate detection, prevention response, containment, and guidance to remediation of threats directed against the MTA. The analysis is conducted through technology risk assessments, data analytics tools, business processes reviews and collaborate with security engineers, architects, developers, vendors, business units to constantly improve the overall security of the MTA.  The cybersecurity analyst will focus on specific domains and specialties within cybersecurity with a great degree of specialty to detect, protect and advise the organization proactively and reactively

Level 1

• Understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.

Level 2

• Some scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.
• Understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.
• Understanding of security concepts for technical domain
• Proven ability to troubleshoot and support technical issues.
• Proven ability to troubleshoot and support technical issues.
• Proven ability to analyze a security risk assessment
• Basic knowledge and familiarity with installing, maintaining and troubleshooting technology systems.
• Understanding of Operating Systems and Configuration Hardening.

 

Level 3

• Proficient in Operating Systems and Configuration Hardening.
• Some scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.
• Understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.
• Proven ability to troubleshoot and support technical issues using standardized procedures.
• Proven ability to analyze a security risk assessment or conduct one with guidance
• Understanding of security concepts for technical domain.

 

 

 

Level 4

• Some scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.
• Proven ability to analyze and/or conduct a security risk assessment
• Proven ability to independently evaluate and resolve most problems within an area of infrastructure, applications within a security domain context.
• Advanced understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.

 

Level 5

• Advanced understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.
• Progressive cybersecurity related accomplishments.
• Requires broad technical knowledge of multiple technologies, or an in-depth knowledge of one technology including its impact on other technologies.
• Proven ability to analyze and/or conduct a security risk assessment.
• Some scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.
• Advanced understanding of common IT security frameworks, controls and protocols, technologies, threats, and vulnerabilities are necessary.

Level 6

• Requires seasoned expertise in multiple technologies and strong understanding of the current and future technology architecture, including the inter-operability of technologies.
• Advanced ability to conduct and analyze a security risk assessment
• Expert understanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.
• Some scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.

Level 7

• Requires seasoned expertise in multiple security domains, technologies and strong understanding of the current and future technology and security architecture, including the inter-operability of security solutions and technologies.
• Requires proven track record of successful implementation of architectural designs.
• Significant practical expertise in cybersecurity related disciplines
• Requires proven track record in configuration and hardening of systems.

 

Level 1

• Basic knowledge and familiarity with monitoring, installing, maintaining and/or troubleshooting cybersecurity related issues associated to applications and/or infrastructure systems
• Associate degree in Computer Science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.

Level 2

• Associate degree in Computer Science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree and 2+ years of relevant experience, or a bachelor’s degree in Computer Science or related fields. 

Level 3

• 2+ years of relevant experience.
• CISSP or other advanced security-related certification preferred but not required.
• Certifications in technology subdomains preferred but not required (ie. Cloud, Applications, Infrastructure, Security Technology, etc.)
• Requires prior experience with installing, maintaining and troubleshooting technology systems.
• Bachelor’s Degree in Computer Science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.

 

Level 4

• Current CISSP or other advanced security-related certification preferred but not required.
• 3+ years of relevant experience or 18 months of experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.)
• Certifications in technology subdomains preferred but not required (ie. Cloud, Applications, Infrastructure, Security Technology, etc.)
• Bachelor’s Degree in Computer Science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.

Level 5

• CISSP or other advanced security-related certification preferred
• Current and updated security certification
• Certifications in technology subdomains preferred but not required (ie. Cloud, Applications, Infrastructure, Security Technology, etc.)
• Bachelor’s Degree in Computer Science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.
• 5+ years of relevant experience or 2.5 years of experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.).

 

Level 6

• Verifiable implementation of security domain controls for enterprise technologies
• Bachelor’s Degree in Computer Science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.
• 8+ years of relevant experience or 4 years of experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.) CISSP or other advanced security-related certification preferred.
• Certifications in technology subdomains preferred but not required (ie. Cloud, Applications, Infrastructure, Security Technology, etc.)

Level 7

• CISSP and other advanced security-related certification preferred
• 10+ years of relevant technology based or cybersecurity experience or 5 years of experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.).
• Bachelor’s Degree in Computer Science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.  

As an employee of MTA Headquarters, you may be required to complete an annual financial disclosure statement with the State of New York, if your position earns more than $105,472 (this figure is subject to change) per year or if the position is designated as a policy maker.

Qualified employees can submit an online application by clicking on the 'APPLY NOW' button from either the CAREERS HOME page or the JOB DESCRIPTION page.
For instructions on completing the online application, go to the MTA intranet site and click on the PeopleSoft Information hyperlink. From there select the User Guides hyperlink to gain access to the "Viewing/Applying for Jobs On Line" guide under the Recruiting section of the page.

MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.   The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.