SR TRAIN CTRL CYBER SEC ANLYST presso Regular Employee

SUMMARY 
Provides technical oversight for the cyber security monitoring of the train control infrastructures of the Authority. Responsible for safeguarding the Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) frameworks.  Develops and implement strategies to secure train control networks from risks, threats and vulnerabilities.  Evaluates, reports and remediates internal and external cyber security risks that may impact train control networks.  Reviews and defines security controls. measures and protocols. Develops and maintains SCADA/ICS cyber security guidelines, policies and procedures.  Evaluates cyber security technologies and conducts feasibility assessments.  Serves as the subject matter expert on complex cyber security matters concerning SCADA/ICS networks.  Works in close collaboration with rail control, technology and cyber security personnel to safeguard train control networks.  Performs in-depth reviews, audits and assessments to identify security risks and areas of improvements.  Stays abreast of critical information security trends, technologies and solutions for safe monitoring and securing of the Authority’s train control networks.

ESSENTIAL DUTIES AND RESPONSIBILITIES

1. Provides technical oversight and monitoring for the cyber security activities of the Authority’s train control, Supervisor Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) infrastructures.

2. Develops and maintains cybersecurity guidelines, policies and procedures for train control networks and infrastructures of the Authority. 

3. Creates, tracks and manages incident responses for SCADA, ICS and train control networks.  Ensures that security protocols are in place and followed in efforts to eliminate or reduce the Authority’s exposure to security risks, threats and vulnerabilities. 

4. Establishes and maintains cybersecurity polices, processes and controls.  Ensures that cybersecurity efforts are adequately designed to address information security protocols and governmental compliance in a timely manner.

5. Evaluates information systems, networks and data processes security risks.

6. Conducts IT security risk assessments for technology and cyber security of SCADA/ICS frameworks.

7. Participates in strategic monitoring and planning efforts concerning SCADA/ICS functions and activities.

8. Works in close collaboration with stakeholders to identify, validate, and mitigate security risks with appropriate solutions and security controls.

9. Ensures that risks are mitigated and reported within a timely manner.  Validates that required security controls and resources are designed to safeguard train control networks and infrastructures.

10. Performs in-depth assessments of train control security related processes and systems.

11. Identifies and anticipates system limitations that could lead to security risks with train control networks and devices.  Develops and implements strategies to mitigate security compliance risks.

12. Communicates security-related concepts to a broad range of technical and non-technical staff.   

13. Performs other duties as assigned.

SUPERVISORY RESPONSIBILITIES 
Serves in lead capacity and provides functional guidance/assistance to contractors and lower level staff.

EDUCATION and/or EXPERIENCE 

Bachelor’s degree in Engineering, Information Technology, Computer Science or a related technical field.  Must have seven years of demonstrated experience safeguarding enterprises, train control, ICS/SCADA systems and/or networks preferred. Must have advanced experience monitoring and managing technology/cyber security incidents, risks, threats and vulnerabilities.  Having working knowledge of one or more of the following frameworks is a PLUS: ICS/SCADA Cyber security controls and NIST Cyber security Framework.  Must have experience with Firewall configurations.   Excellent verbal and written communication skills.  High level organizational and planning skills required.   In lieu of a degree, directly related experience may be substituted on a year-for-year basis.

CERTIFICATES, LICENSES, REGISTRATIONS 

Certification in at least one of the following:  Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified SCADA Security Analyst (CSSA), Security+ and/or a Certified Information Security Manager (CISM) is preferred. Training in SCADA/ICS security is desired. 

Grade: 20A

Salary Range:  $82,912-$124,000 

MARTA is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state or local protected class.