Previous Job
Cyber Security Analyst
Ref No.: 17-00092
Location: New York, New York
Start Date: 09/14/2017
Position Summary
Minimum years of experience (check off accordingly for billing): 0-3 Years 4-6 Years
7-9 Years 10 + Years
Functional Title Cyber SOC Analyst
Solicitation/Contract Title Cyber Security Analyst
Number of positions: 7
Duration in months: 12
Reports to IT Division and Unit: MTA IT Security
Reports to IT Project Manager: john Omokpo
Work Location(full street address): 2 broadway
Days & Hours of Work:
24x7, 8:00am-4:00pm, 4:00pm-12:00am, 12:00am-8:00am including 1/2-hour unpaid lunch break
Paid weekly hours per week 37.50
Desired Start Date: 10/2/2017

Critical Key requirements
  • Ability to provide analysis and trending of security events from a large number of heterogeneous security devices
· Ability to triage security events, raise incidents and support the Incident Management process.
  • Ability to provide threat and vulnerability analysis
  • Play an active role supporting continuous monitoring and process improvement
  • Able to learn and perform true and false positive analysis with a high degree of accuracy.
  • Ability to work as part of a 24/7/365 CSOC team delivering real time proactive security monitoring.

The Cyber Security Operation Center (CSOC) is seeking 7 temporary consultants to perform Tier-1 cyber security monitoring and analysis of MTA Corporate and Critical Infrastructure. The cyber security industry consists of combating sophisticated threat actors which are constantly refining their efforts to breach security. One of the functions of the CSOC is 24/7/365 real-time security monitoring of events from 10,000+ devices and supporting the Incident management process for escalated events. Currently, monitored logs can exceed 600GB per day and are expected to increase as more data sources are ingested to support expanding operational needs. Staff currently monitor a multifaceted network architecture consisting of several zones. With the addition of the highly specialized Industrial Control Systems (ICS) and expanded PeopleSoft monitoring business requirements, additional dedicated personnel is required for timely security monitoring and response. The addition of these consultants, will allow the CSOC to adequately review, assess, prioritize, and differentiate between true and false-positives in an ever-evolving threat landscape.


CSOC responsibilities will include, but is not limited to.
  1. Cyber Security Monitoring and Analysis of activities and events to identify suspicious & abnormal activity to prevent potential compromises & early detection of attacks
  1. Provide analysis and trending of security log data from a large number of heterogeneous security devices
  2. Triage security events and perform true and false positive analysis with a high degree of accuracy.
  3. Initiate security Incidents (Work Orders) when positive security attacks or potential compromises are detected and escalated incident to respective resolver groups
  4. Provide CSOC with process improvement recommendation based on experience with current daily process.
  5. Follow established incident response process in the event of an investigated incident.
  1. Monitor the status of all Security Operation related systems to ensure that security controls are always enforced with minimal interruption to business processes.
  1. Monitor system status for security operation system (firewalls, IPS/IDS, Proxy, VPN, and FireEye) and notify/alert the appropriate Security operation group in the event of system issue.
  2. Monitor the status of data source logs feeds into the MTA SIEM Solutions (Splunk) to ensure continuous uninterrupted feeds, and notify/alert the appropriate Security operation group in the event of log .

  • Consultants will be working within a Cyber Security Operation Center (CSOC) located in 2 Broadway building 21st floor. Work consist of mostly sitting at a monitoring workstation.

DELIVERABLES & Due dates - Not Applicable
Documents detailing:
  1. Business Process Flows
  2. Requirements
  3. Test Plans
  4. Test Cases/Scenarios
  5. Action Item Logs
  6. Risk Matrices
  7. Status Report

All source files will be provided to the MTA.

  • Tier-1 level Cyber Security Operation Center Analyst experience (1+ years)
  • Minimum of 1 years of experience in Security Analyst role
  • Basic understanding of security best practices
  • Excellent oral, written, presentation, and communication skills
  • Industry recognized security certification is a plus.
  • Proficiency with Microsoft Office 2013 (Word, Excel, PowerPoint)
  • Familiarity with Microsoft Project version 2010 or higher
  • Proficiency with Microsoft Visio for flow charts/process flows version 2010 or higher
  • Excellent inter-personal skills including the ability to work with individuals at all levels of the organization
  • Strong analytical and problem solving skills
  • Ability to effectively prioritize and execute in a high-pressure environment
  • Ability to independently set priorities and meet deadlines in a fast paced environment; a self-starter.