A NYC transportation authority located in downtown Manhattan is looking for a Senior Cybersecurity Analyst with expertise in both Threat Hunting and MITRE. Candidates should have experience creating rules utilizing MITRE as well as extensive experience with threat hunting. This position is eligible for telework which is currently two day per week. New hires are eligible to apply 30 days after their effective date of hire. Salary range: $130,245 - $153,731Job Overview: This role is responsible for the cyber threat intelligence through all phases of the intelligence lifecycle including Direction, Collection, Processing, Analysis, Dissemination, and Feedback. The Threat Intelligence Analyst must be able to recommend and develop countermeasures in direct alignment with the current threat landscape for highly-complex networks including networks that are comprised of Industrial Control Systems, Supervisory Control and Data Acquisition Systems, and Internet of Things Systems. Serving as part of the Tier 3 Cyber Security Operations Center (CSOC), the analyst will also provide regular support in identifying intelligence gaps by applying critical thinking with an emphasis on the MITRE ATT&CK framework. This position regularly interfaces with several groups including senior leadership, business partners, and ISACs to provide reports and presentations with tailored findings and recommendations. Responsibilities:
- Administration of Threat Intelligence Platform (TIP)
- Performs threat hunting searches across a variety of technologies that are on-prem, cloud-based, and hybrid.
- Assesses existing MITRE ATT&CK detection capabilities.
- Identifies the tactics, techniques, and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks.
- Create rules from scratch.
- Researching emerging threats and vulnerabilities to aid in the identification of network incidents, and supports the creation of new architecture, policies, standards, and guidance to address them.
- Provide incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary.
- Conducts security monitoring and intrusion detection analysis using various technology and analytic tools, such as web and next generation firewalls, machine and human behavior learning tools, host-based security system, security event and incident monitoring systems, virtual, physical, and cloud platforms, user endpoint (laptop, desktop, mobile, and internet of things/IOT) systems, etc.
- Correlates events and activities across systems to identify trends of unauthorized use.
- Reviews alerts and data from sensors and documents formal, technical incident reports
- Tests new systems and manage cybersecurity risks and remediation through analysis.
- Responds to computer security incidents according to the computer security incident response policy and procedures.
- Provides technical guidance to first responders for handling information security incidents.
- Provides timely and relevant updates to appropriate stakeholders and decision makers.
- Communicates investigation findings to relevant business units to help improve the information security posture.
- Validates and maintains incident response plans and processes to address potential threats.
- Compiles and analyzes data for management reporting and metrics.
- Monitors relevant information sources to stay up to date on current attacks and trends.
- Analyzes potential impact of new threats and communicates risks back to detection engineering functions.
- Performs root-cause analysis to document findings and participate in root-cause elimination activities as required.
- Works with data sets to identify patterns.
- Understands data automation and analysis techniques.
- Uses judgment to form conclusions that may challenge conventional wisdom.
- Hypothesizes new threats and indicators of compromise.
- Monitors threat intelligence feeds to identify a range of threats, including indicators of compromise and advanced persistent threats (APTs)
- Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.
- Perform Contract management and supply management functions appropriate to reduce security risks.
- May mentor less experienced staff.
- Performs other duties and tasks as assigned.
- Responsible for financial/budgeting/vendor/contract planning and management.
- May need to work outside of normal work hours supporting 24/7 operations (i.e., evenings and weekends).
- Travel may be required to other locations or other external sites.
- Observing the work performed by the contractor.
- Reviewing invoices and approving them if the work has contractual standards.
- Addressing performance issues with the contractor when possible.
- Escalating issues to other parties as needed.
Education and Experience
- Education: bachelor's degree
- Experience: At least 10 years of relevant experience. An equivalent combination of education and experience may be considered in lieu of a degree.
- Must possess at least one of the following professional certifications in subject domain including but not limited to: Certified Information Security Professional (CISSP), or Global Information Assurance Certification (GIAC), or Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA), or other related certification(s)
Technical Skills:
- Must possess an expert/highly proficient in deep understanding of technology and cybersecurity domain principles within the context of Operational Technologies, Signaling Systems and Rolling Stock.
- Expert/Highly Proficient, with the intelligence lifecycle including Direction, Collection, Processing, Analysis, Dissemination, and Feedback
- Expert/Highly Proficient, developing countermeasures for a variety of systems including SIEM, Endpoint Security, Network Defenses, WAF, etc.
- Expert/Highly Proficient, system integrations and automation pertaining to intelligence requirements
- Expert/Highly Proficient proven ability to manage projects and initiatives
- Expert/Highly Proficient ability to fit in with the constant shifting needs and demands of the business Departments.