Under the supervision of the Manager IT Security, the successful candidate will support a multi-faceted dynamic cyber security program. Strong grasp of various cyber security disciplines including security risk assessment and management architectures. Perform security assessment and user compliance using various assessment tools and procedures. Applicant should be familiar with Security Technical Implementation Guides (STIGs) and/or NIST frameworks in a government setting. Consult agency line departments on the technical implementation of cyber security solutions. Promote the sustainment of cyber security policies across multiple technology areas. Support the research of emerging technology, requisite security requirements, and emerging threats to meet the agency’s technological initiatives.
- Lead the various security and compliance projects.
- Establish good relationships with management and staff. Communicate and coordinate security efforts to ensure that The Port Authority includes security awareness in its culture.
- Coordinate and advocate for security development work among product owners and clients to ensure progress is made on larger security initiatives
- Coordinate and run live table top security exercises and follow up with required education on a periodic basis.
- Review and audit Security policies when necessary to ensure compliance and inclusion of newly adopted technologies.
- Respond to security events when applicable and provide technical expertise during security incidents
- Take part in vulnerability assessments and work with internal teams to remediate vulnerabilities
- Run PCI and HIPAA compliance scans and provide guidance on remediation efforts
- Continually improve technical skills to include a good working knowledge of the following:
- Splunk administration and creation of high-level security dashboards
- Windows and Linux systems security
- Endpoint security (AV, HIPS,etc.)
- Networking, firewall and proxy technologies
- Programming experience - enough to know the basics and spot obvious vulnerabilities such as SQL injection and Cross-Site scripting
- Maintain security policies and understand them in depth.
- Review and audit both physical and cyber security controls when required
- Cross train security staff
- Manage security-related vendor relationships, software products and services, ensuring that they are secure and well-researched.
- Able to meet project deadlines
- Develop and improve the enterprise wide vulnerability management program.
- Develop an understanding of current and forward-looking threat profile.
- Conduct discovery and inventory assessments of enterprise systems and web sites.
- Develop process for scheduling and conducting scans.
- Build automation into vulnerability scanning processes.
- Educate developers and system administrators in secure coding and configuration practices to remediate vulnerabilities.
- Provide expertise, guidance and advice related to all information security issues.
Candidates must present the following qualifications to be considered eligible for this position:
3 + years of experience with security engineering, or operational support to a diverse enterprise, including supporting information operations, cyber operations, system administration, and systems security
- Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related field required.
- Experience with NIST, CIS and related security standards including developing or analyzing security test and evaluation reports
- Understanding of cyber security threats in depth and how they relate to everyday business operations
- Experience with enterprise logging (Splunk)
- Experience with enterprise SIEM (Splunk)
- Experience with enterprise endpoint protection systems
- Experience with vulnerability assessment tools (Tenable - Nessus, Burp Suite or similar)
- Strong understanding of networking concepts (VPN, subnetting, ACLs, VLANs, etc.)
- Familiarity with network IDS/IPS systems
- Experience working with Security Compliance Frameworks (NIST, SOC2 and PCI-DSS)
- Knowledge of popular SaaS applications
- Knowledge of cloud security principles
- Proven ability to manage a vulnerability and application security program.
- Proven experience with Vulnerability Assessment tools (Nessus, Burp) required.
- Knowledge of application security, database security, and secure coding practices.
- Ability to demonstrate expertise in network security architectures, platforms, and protocols.
- Ability to demonstrate working knowledge of Windows (mandatory)
- Ability to demonstrate thorough understanding of current threats and exploits to include experience with threat detection, analysis, and remediation.
- Ability to tune sensors and monitoring thresholds.
- Ability to triage, define criticality, and resolve or escalate alerts.
- Familiar with the following technologies - SIEM, IDS, IPS, HIDS, HIPS
Ideal candidates will present the following profile:
- Ability to demonstrate working knowledge of Windows (mandatory) and Linux servers (preferred).
- Preferred knowledge of iOS and Android operating systems
- Preferred - CISM or CISSP certification
- Preferred experience with GRC implementation and use in a cyber security setting
- Preferred - knowledge of SCADA and Industrial Control systems
- Ability to meet deadlines and adjust to changing priorities
- Ability to communicate technical information in understandable business terms.
- Ability to write clear and decisive technical documentation
- Ability to write well organized policies and standards
- Strong communication skills: Be a good communicator and build relationships with the various line departments you will be working with at the agency. The position will depend on communication between multiple people across multiple line departments, business units and coordinating with project managers. Willing to learn new technologies, security protocols and methods of circumventing our security systems. Ability to adapt to new challenges as they arise, and put out fires without being overwhelmed during busy times. A well-rounded individual with diverse background and experience is preferred.
- Team Player: Become part of a dynamic interactive team focused on providing excellent service to our clients
- Analytical Thinking / Problem Solving skills: The ability to understand an idea, situation, or problem by breaking it into smaller pieces
Compensation & Benefits
The Port Authority of New York and New Jersey offers a competitive salary, an outstanding benefits package and a professional environment that supports development and recognizes achievement.
How To Apply
Interested candidates should apply to this job by clicking on the Apply Now button and submitting a combined cover letter and resume.
Only applicants under consideration will be contacted.
About The Port Authority
Founded in 1921, the Port Authority of New York and New Jersey builds, operates, and maintains many of the most important transportation and trade infrastructure assets in the country. The agency's network of aviation, ground, rail, and seaport facilities is among the busiest in the country, supports more than 550,000 regional jobs, and generates more than $23 billion in annual wages and $80 billion in annual economic activity. The Port Authority also owns and manages the 16-acre World Trade Center site, where the 1,776-foot-tall One World Trade Center is now the tallest skyscraper in the Western Hemisphere.
EQUAL OPPORTUNITY EMPLOYER
The Port Authority of New York & New Jersey/Port Authority Trans-Hudson (PATH) is an Equal Opportunity Employer.