Cybersecurity Analyst Levels 3 - 5

Job ID

15212

Business Unit

MTA Headquarters

Location

New York, NY, United States

Regular/Temporary

Regular

Department

IT Cyber Security

Date Posted

Apr 1, 2026

Job Title

Cybersecurity Analyst – Security Specialty Levels 3 - 5

Salary Range

• Level 3: $98,807 - $130,862
• Level 4: $105,843 - $143,948
• Level 5: $117,973 - $158,343

Department/Division

Information Technology

Supervisor

Cyber Security Officer, Monitoring

Work Location

2 Broadway, New York, NY 10004

Hours of Work

• 12:00 am – 8:30 am (7.5 hours/day)
• 8:00 am – 4:30 pm (7.5 hours/day)
• 3:30 pm – 12:00 am (7.5 hours/day)

Teleworking

This position is eligible for teleworking, which is currently 2 days per week. New hires are eligible to apply 30 days after their effective date of hire.

Opening

The Metropolitan Transportation Authority is North America's largest transportation network, serving a population of 15.3 million people across a 5,000‑square‑mile travel area surrounding New York City, Long Island, southeastern New York State, and Connecticut. The MTA network comprises the nation’s largest bus fleet and more subway and commuter rail cars than all other U.S. transit systems combined. MTA strives to provide a safe and reliable commute, excellent customer service, and rewarding opportunities.

Summary

The purpose of this position is to provide critical technical expertise in the detection, analysis, and response to cybersecurity events. Cybersecurity Analyst will be responsible for early and accurate detection, prevention, response, containment, and guidance to remediation of threats directed against the MTA on a 24/7 basis. The analysis is conducted through technology risk assessments, data analytics tools, business processes reviews, and collaboration with security engineers, architects, developers, vendors, and business units to constantly improve the overall security of the MTA. The cybersecurity analyst will focus on specific domains and specialties within cybersecurity with a great degree of specialization to detect, protect, and advise the organization proactively and reactively.

The position will have seven (7) levels, which will require a combination of progressive experience, accomplishments, responsibilities, and/or education, and may perform all or some of the responsibilities listed below, depending on level.

Required Qualifications

• Ability to perform analysis and remediation actions on threats from various attack vectors such as malware, viruses, ransomware, phishing, SQL Injection, compromised credentials, DDOS, etc.
• Ability to provide incident response support
• Ability to mitigate actions to contain activity
• Ability to facilitate forensic analysis

Responsibilities

• Research emerging threats and vulnerabilities to aid in the identification of network incidents, and supports the creation of new architecture, policies, standards, and guidance to address them
• Provide incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary
• Conduct security monitoring and intrusion detection analysis using various technologies and analytic tools, such as web and next‑generation firewalls, machine and human behavior learning tools, host‑based security systems, security event and incident monitoring systems, virtual, physical, and cloud platforms, user endpoint (laptop, desktop, mobile, and internet of things/IOT) systems, etc.
• Correlate events and activities across systems to identify trends of unauthorized use
• Review alerts and data from sensors and document formal, technical incident reports
• Test new systems and manage cybersecurity risks and remediation through analysis
• Respond to computer security incidents according to the computer security incident response policy and procedures
• Provide technical guidance to first responders for handling information security incidents
• Provide timely and relevant updates to appropriate stakeholders and decision makers
• Communicate investigation findings to relevant business units to help improve the information security posture
• Validate and maintain incident response plans and processes to address potential threats
• Compile and analyze data for management reporting and metrics
• Monitor relevant information sources to stay up to date on current attacks and trends
• Analyze potential impact of new threats and communicate risks back to detection engineering functions
• Perform root‑cause analysis to document findings and participate in root‑cause elimination activities as required
• Work with data sets to identify patterns
• Understand data automation and analysis techniques
• Use judgment to form conclusions that may challenge conventional wisdom
• Hypothesize new threats and indicators of compromise
• Monitor threat intelligence feeds to identify a range of threats, including indicators of compromise and advanced persistent threats (APTs)
• Identify the tactics, techniques, and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks
• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate
• Perform contract management and supply management functions to reduce security risks

The role will provide a proactive approach to cybersecurity while also performing investigation of security incidents related to MTA operations related to Cyber Security.

Level 3

• Provides proactive monitoring and analysis for a domain of cybersecurity to ensure the system's security baseline targets are met.
• Implements changes to one or more cybersecurity‑related domain technologies, executing tests and reporting on security baselines, violations/anomalies, to meet requested needs.
• Troubleshoot and investigate cybersecurity incidents and issues by analyzing a chain of events and applying technical knowledge following established procedures and standards to resolve immediate customer needs.
• Maintains and updates existing documentation and standard operating procedures to ensure accurate and timely information is available for assigned systems.
• Works with more experienced colleagues and other IT technical resources to improve coordination of cybersecurity requirements and analyze issues as they arise.
• Participate in the evaluation of new products and technologies, under the direction and guidance of senior colleagues, relevant to the assigned cybersecurity area, to enhance cybersecurity posture and reduce risk to the MTA while achieving objectives.
• Performs other duties and tasks as assigned.
• Observing the work performed by the contractor.
• Reviewing invoices and approving them if the work meets contractual standards.
• Addressing performance issues with the contractor when possible.
• Escalating issues to other parties as needed.

Level 4

Same as Level 3 with the following additional qualifications:

• Executes the defined product lifecycle, manages the product lifecycle for a component of the infrastructure, proposes changes for implementation, gathers data, and analyzes capacity and performance to assure operational availability.
• Analyzes the current state of the infrastructure and identifies opportunities for improvement to ensure systems meet business needs. Contributes to changes to established roadmaps, documents them effectively, and executes the implementation of changes in their area(s) of responsibility.
• Provides ongoing support and troubleshooting for installed technical solutions by analyzing a chain of events and applying technical knowledge, following established procedures and standards to resolve immediate customer needs.
• Investigates, evaluates, and tests new products and technologies relevant to assigned infrastructure subsets to enhance cybersecurity analytics and overall security posture. Implements and/or supports the implementation of new technologies for their area of cybersecurity that affect infrastructure, applications, and/or processes.
• Promotes security standards and supports efforts to expand and migrate to future security architecture to improve security and share learning.

Level 5

Same as Level 4 with the following additional qualifications:

• Provides more advanced analytical capability in several security domains.
• Adds new components to a roadmap, documents them effectively, and directs the testing and implementation of changes.
• When provided with an objective to improve security in their security domain(s) and related technology, develop and implement action plans needed to effect the change.
• Research new technologies/products and their impact on the infrastructure, prepare a preliminary evaluation of technologies/products and associated costs, and develop and present recommendations to support anticipated future business needs.
• Receives security and performance data and analyzes the baselines and efficacy of installed technologies. Proposes and implements any required changes, including identifying and planning for any resulting impacts on other technologies to optimize system availability and continuity.
• Provides ongoing support and troubleshooting for incidents, correlations, and reporting to more junior analysts to resolve immediate security threats and/or customer needs.
• Provides technical leadership to project teams in their area of expertise and/or leads teams to complete projects specific to their area(s) of expertise to maximize and share learning.
• Provides guidance and technical coaching to less experienced staff to support effective workflow and develop technical talent.

Education & Experience

Level 3

• Bachelor’s Degree and minimum 1 year of relevant experience. An equivalent combination of education and experience may be considered in lieu of a degree.
• Bachelor’s degree in Computer Science or related fields preferred.
• CISSP or other advanced security‑related certification preferred but not required.
• Certifications in technology subdomains preferred but not required (e.g., Cloud, Applications, Infrastructure, Security Technology, etc.)
• Requires prior experience with installing, maintaining, and troubleshooting technology systems.
• Proven ability to troubleshoot and support technical issues using standardized procedures.
• Proven ability to analyze a security risk assessment or conduct one with guidance.
• Understanding of Operating Systems and Hardware.
• Understanding of TCP/IP (OSI Layers 1–4) and Internet and Intranet technologies required (OSI Layers 5‑7).
• Scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.
• 1 year of experience in a specific (Cloud, Applications, Infrastructure, Security Technology, etc.) cybersecurity subdomain is preferred.

Level 4

• Bachelor’s Degree and a minimum of 3 years of relevant experience. An equivalent combination of education and experience may be considered in lieu of a degree.
• 3+ years of relevant experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.).
• Prefer at least one certification in the current platform/domain/technical skills.
• Bachelor’s degree in Computer Science or related fields preferred.
• Current CISSP or other advanced security‑related certification preferred but not required.
• Certifications in technology subdomains preferred but not required (e.g., Cloud, Applications, Infrastructure, Security Technology, etc.)
• Proven ability to independently evaluate and resolve most problems within an area of infrastructure, applications within a security domain context.
• Proven ability to analyze and/or conduct a security risk assessment.
• Understanding of Operating Systems and Hardware.
• Advanced understanding of TCP/IP (OSI Layers 1–4) and Internet and Intranet technologies required (OSI Layers 5‑7).
• Scripting or programming skills (PERL, Python, PowerShell, etc.).

Level 5

• Bachelor’s degree required. An equivalent combination of education and experience may be considered in lieu of a degree.
• 5+ years of relevant experience in a specific cybersecurity subdomain (Cloud, Applications, Infrastructure, Security Technology, etc.).
• Must possess at least one of the following professional certifications in subject domain including but not limited to: Certified Information Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or other related certification(s).
• Bachelor’s degree in Computer Science or related fields preferred.
• Progressive cybersecurity‑related accomplishments.
• Requires broad technical knowledge of multiple technologies, or an in‑depth knowledge of one technology, including its impact on other technologies.
• Proven ability to analyze and/or conduct a security risk assessment.
• Understanding of Operating Systems and Hardware.
• Advanced understanding of TCP/IP (OSI Layers 1–4) and Internet and Intranet technologies required (OSI Layers 5‑7).
• Scripting or programming skills (PERL, Python, PowerShell, etc.) as needed.

Competencies

Level 3

Management Level	Proficiency Level	Standard Competencies
	Adept	Values Diversity
		Collaborates
		Capable
		Cultivates Innovation
		Customer Focus
		Communicates Effectively
		Fundamental Awareness
		Tech Savvy
		Technical Skills

Level 4

Management Level	Proficiency Level	Standard Competencies
	Adept	Communicates Effectively
		Values Diversity
		Collaborates
		Capable
		Cultivates Innovation
		Customer Focus
		Tech Savvy
		Technical Skills

Level 5

Management Level	Proficiency Level	Standard Competencies
	Advanced	Communicates Effectively
		Values Diversity
		Collaborates
		Adept
		Tech Savvy
		Technical Skills
		Cultivates Innovation
		Customer Focus

General

• May need to work outside of normal work hours (i.e., evenings and weekends)
• Travel may be required to other MTA locations or other external sites

Other Information

Pursuant to the New York State Public Officers Law & the MTA Code of Ethics, all employees who hold a policymaking position must file an Annual Statement of Financial Disclosure (FDS) with the NYS Commission on Ethics and Lobbying in Government (the “Commission”).

Equal Employment Opportunity

MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.

The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.