Cybersecurity Analyst at Massachusetts Bay Transportation Authority – Boston, Massachusetts

The Cybersecurity Analyst plays a critical role in safeguarding the organization's digital assets by managing, analyzing, and responding to advanced security threats. This role is part of a dynamic security team that works in partnership with a Managed Security Operations Center (MSOC). As the most senior technical escalation point, the Cybersecurity Analyst is tasked with addressing complex security incidents and service tickets that have been escalated from the MSOC provider. Key technologies in use include Splunk for security information and event management (SIEM), CrowdStrike for endpoint detection and response (EDR), Qualys for vulnerability management, and ServiceNow for workflow and incident management. The analyst must use their experience and judgement to assist with incident investigation, malware analysis, threat intelligence correlation, and mitigation strategies. They also collaborate directly with technology teams to ensure proper security controls are in place, offering guidance, performing deeper root cause analysis, and recommending additional protective measures if necessary. This is a mid-level role requiring hands-on technical expertise, strong coordination skills, and a critical problem-solving mindset to ensure enterprise-wide security against evolving cyber threats.

• Act as the last line of defense in response to escalated security incidents from the MSOC, providing detailed analysis and remediation recommendations.
• Investigate and respond to escalated security alerts and incidents using tools such as Splunk, CrowdStrike, Qualys, and other security platforms.
• Perform in-depth threat detection, investigation, and forensic activities to identify root causes of incidents.
• Partner with technology teams to offer expert recommendations and ensure security controls are operating effectively.
• Analyze and assess potential vulnerabilities across internal systems and recommend mitigation strategies based on Qualys reports and other intelligence sources.
• Collaborate with internal stakeholders on continuous improvements to security policies, processes, and incident response strategies.
• Maintain thorough documentation of security incidents and responses within ServiceNow.
• Participate in ongoing threat research, keeping up to date with evolving attack methods and cybersecurity best practices.
• Perform all other duties and projects that may be assigned.

Supervision

• No direct reports.

• Bachelor's degree from an accredited institution in an IT related field.
• Four (4) years' experience in an information technology field.
• Two (2) years of experience in the areas of incident detection and response, malware analysis, or computer forensics.
• Strong written and verbal communication skills, and the ability to create technical reports based on analytical findings.
• Strong analytical and troubleshooting skills.

• A High School Diploma or GED with an additional seven (7) years of directly related experience substitutes for the bachelor’s degree requirement.
• An associate degree from an accredited institution an additional three (3) years of directly related experience substitutes for the bachelor’s degree requirement.
• A master’s degree in a related subject substitutes for two (2) years of general experience.

Preferred Experience and Skills

• One (1) year of supervisory, managerial, and/or leadership responsibility and experience.
• Experience working with security tools such as Splunk, CrowdStrike, Qualys, and ServiceNow.
• Strong understanding of security event management, threat detection, and incident response processes.
• Ability to perform advanced analysis on escalated security events or vulnerabilities and provide actionable insights.
• Proven experience working with cross-functional technology teams to address security vulnerabilities and drive improvements.
• Knowledge of common attack methods, malware behavior, and threat landscape.