Washington Metropolitan Area Transit Authority - Alexandria, VA
posted about 2 months ago
The Washington Metropolitan Area Transit Authority (WMATA) is establishing a cutting-edge cybersecurity program aimed at protecting the critical transit infrastructure of the nation's capital. We are currently seeking a Cybersecurity Analyst II (Threat Detection and Investigation) to join our Cyber Fusion Center, reporting directly to the Center's Manager. This pivotal role is centered on the continuous monitoring of security events across various tools to detect and mitigate potential threats, thereby ensuring the safety and resilience of our infrastructure. The Cybersecurity Analyst II will adhere to established processes for threat detection and response while also contributing to the refinement and development of new workflows as necessary. This includes optimizing Security Information and Event Management (SIEM) rules, alerts, and other security tools to enhance visibility and improve incident response capabilities. In this role, the analyst will be responsible for the proactive detection of threats by importing Indicators of Compromise (IOCs) into monitoring tools and capturing relevant data to support security operations. As part of a collaborative fusion program, the Cybersecurity Analyst II will work closely with teams across incident response, threat intelligence, and threat hunting to ensure comprehensive threat management. Key responsibilities include configuring and optimizing tools such as SIEM, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and Endpoint Detection and Response (EDR) systems, automating log analysis and detection processes, and performing behavioral analysis to identify insider threats. The analyst will also conduct root cause analysis to understand the origin and spread of incidents, providing valuable insights for improved security measures. The Cybersecurity Analyst II will support data analytics strategies based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which involves analyzing threat information from multiple sources and synthesizing intelligence to draw insights about potential implications. The role requires ensuring that threats and vulnerabilities are identified and mitigated as early as possible, employing best practices for monitoring cyber threat indicators and attacks. The analyst will coordinate and perform the collection, processing, analysis, and dissemination of cyber threat assessments, collecting intelligence from various cyber defense tools and analyzing events within WMATA's environments, both on-premises and in the cloud. This position is essential for maintaining a robust cyber analysis framework and ensuring that WMATA can respond effectively to cyber incidents.