Washington Metropolitan Area Transit Authority - Alexandria, VA

posted about 2 months ago

Full-time - Mid Level
Alexandria, VA
Transit and Ground Passenger Transportation

About the position

The Washington Metropolitan Area Transit Authority (WMATA) is establishing a cutting-edge cybersecurity program aimed at protecting the critical transit infrastructure of the nation's capital. We are currently seeking a Cybersecurity Analyst II (Threat Detection and Investigation) to join our Cyber Fusion Center, reporting directly to the Center's Manager. This pivotal role is centered on the continuous monitoring of security events across various tools to detect and mitigate potential threats, thereby ensuring the safety and resilience of our infrastructure. The Cybersecurity Analyst II will adhere to established processes for threat detection and response while also contributing to the refinement and development of new workflows as necessary. This includes optimizing Security Information and Event Management (SIEM) rules, alerts, and other security tools to enhance visibility and improve incident response capabilities. In this role, the analyst will be responsible for the proactive detection of threats by importing Indicators of Compromise (IOCs) into monitoring tools and capturing relevant data to support security operations. As part of a collaborative fusion program, the Cybersecurity Analyst II will work closely with teams across incident response, threat intelligence, and threat hunting to ensure comprehensive threat management. Key responsibilities include configuring and optimizing tools such as SIEM, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and Endpoint Detection and Response (EDR) systems, automating log analysis and detection processes, and performing behavioral analysis to identify insider threats. The analyst will also conduct root cause analysis to understand the origin and spread of incidents, providing valuable insights for improved security measures. The Cybersecurity Analyst II will support data analytics strategies based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which involves analyzing threat information from multiple sources and synthesizing intelligence to draw insights about potential implications. The role requires ensuring that threats and vulnerabilities are identified and mitigated as early as possible, employing best practices for monitoring cyber threat indicators and attacks. The analyst will coordinate and perform the collection, processing, analysis, and dissemination of cyber threat assessments, collecting intelligence from various cyber defense tools and analyzing events within WMATA's environments, both on-premises and in the cloud. This position is essential for maintaining a robust cyber analysis framework and ensuring that WMATA can respond effectively to cyber incidents.

Responsibilities

  • Continuously monitor security events across various tools to detect and mitigate potential threats.
  • Follow established processes for threat detection and response.
  • Refine and develop new workflows as needed for threat management.
  • Optimize SIEM rules, alerts, and other security tools to enhance visibility and improve incident response.
  • Manage proactive detection of threats by importing IOCs into monitoring tools.
  • Capture relevant data to support security operations.
  • Configure and optimize tools like SIEM, IDS/IPS, and EDR systems.
  • Automate log analysis and detection processes.
  • Perform behavioral analysis to identify insider threats.
  • Conduct root cause analysis to understand the origin and spread of incidents.
  • Support data analytics strategies based on the NIST Cybersecurity Framework.
  • Analyze threat information from multiple sources and synthesize intelligence.
  • Ensure early identification and mitigation of threats and vulnerabilities.
  • Coordinate and perform the collection, processing, analysis, and dissemination of cyber threat assessments.
  • Collect intelligence from various cyber defense tools and analyze events for threat mitigation.
  • Generate routine and urgent reports to support enhanced security procedures and response measures.
  • Investigate and analyze all relevant incident response activities.
  • Provide incident response support functions through technical activities.
  • Collaborate with cyber operations planners to identify and validate requirements for collection and analysis.

Requirements

  • Bachelor's degree from an accredited college or university.
  • Two years of experience as a cybersecurity officer/engineer, information systems security officer, or specialized expertise in cyber policy, intelligence, analytics, budget, audit, metrics, or training.

Nice-to-haves

  • Bachelor's Degree in Computer Science, Cybersecurity, or a related technical field.

Benefits

  • Medical examination for the position if required.
  • Equal opportunity employer status.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service