CYBERSECURITY ENGINEER

Metro’s mission is to provide a world-class transportation system that enhances the quality of life for all who live, work, and play within LA County.

Description

Monitors, identifies, and responds to security incidents collaborating with relevant stakeholders to ensure the adequate safeguard of Metro’s digital assets.

The cybersecurity engineer designs, implements, and maintains the technical controls that protect an organization’s systems, networks, and data. Partnering with application owner to deploy and tune security tools, secure cloud and on premises applications and work closely with IT and operations to remediate vulnerabilities and respond to incidents.

Recruitment Timelines: Interviews are projected to be scheduled for the week of April 6, 2026. These dates are subject to change. We encourage you to monitor your governmentjobs.com profile and emails for the latest updates.

Examples of Duties

• Conduct regular vulnerability scans and penetration tests
• Utilize Security Information and Event Management (SIEM) tools to monitor systems for unusual activity, investigate alerts, and respond to potential threats
• Develop scripts and tools to automate security tasks, improving efficiency and reducing manual processes
• Engineer and implement solutions to enhance the Cybersecurity Operations Center (CSOC’s) ability to detect, respond and prevent incidents
• Analyze security data to identify potential security incidents, conduct root cause analysis, and offer actionable recommendations to prevent future occurrences
• Develop containment and remediation strategies and coordination across security and technical teams
• Identify, analyze, and respond to security incidents, coordinating with teams to contain, mitigate, and recover from such breaches
• Engineer detections aligned to the MITRE ATT&CK framework and recommend improvements to leadership
• Support the maintenance and tuning of Cybersecurity Operations Center (CSOC) tools, including Security Information and Event Management (SIEM), Intrusion Detection Systems (IDS)/Intrusion Prevention Systems (IPS), firewalls, and other security technologies
• Validate effective security operations controls are implemented, maintained and adapted to threat landscape
• Monitor cybersecurity events across assigned environment using advanced Security Information, Threat Intelligence, and SIEM tools to detect and respond to security threats and incidents
• Examine log source data across endpoints, databases, applications, identity, network, mobile and cloud
• Work closely with Information Technology Services (ITS), and other teams to ensure effective communication and coordination during security incidents
• Identify areas for improvement in incident response and threat detection capabilities including tools and processes
• Lead improvement plans to the development and enhancement of Cybersecurity Operations Center processes, playbooks, and procedures
• Prepare monitoring and response metrics, Key Performance Indicator (KPIs) for security events and incidents. Upon request, report on the state of the Security Operation Center to cybersecurity leaders and stakeholders
• Maintain detailed and accurate records of security incidents, including timelines, actions taken, and outcomes
• Participate and assist in deploying Managed Security Service Providers solutions
• Manage service providers and ensure the agency is receiving optimal values
• Manage projects associated with Cybersecurity Operations Center controls deployment and improvement
• Serve as a mentor and escalation point for junior Security Operations Center engineers and assist with day-to-day requirements
• Participate in cross-functional security initiatives and projects
  
  

May be required to perform other related job duties

Minimum Qualifications

A combination of education and/or experience that provides the required knowledge, skills, and abilities to perform the essential functions of the position. Additional experience, as outlined below, may be substituted for required education on a year-for-year basis. A typical combination includes:
Education

• Bachelor’s Degree in Information Technology, Cybersecurity, Computer Science, or a related field

Experience

• Six years of relevant experience or three years of relevant supervisory-level experience in cybersecurity (Security Operation Center and incident response) and information technology. Some positions in this class may require specialized experience in area of assignment

Certifications/Licenses/Special Requirements

• Certification in one or more of the following is preferred: GIAC Security Operations Certified (GSOC), GIAC Certified Incident Handler Certification (GCIH), GIAC Defending Advanced Threats (GDAT), Microsoft Certified Security Operations Analyst Associate, CISSP
• Ability to work in a secure CSOC environment, which may require extended periods of time sitting and working at a computer

• This is a 24/7 operation, and the role may require working in shifts, including nights, weekends, and holidays, to ensure continuous monitoring and response

Preferred Qualifications

Preferred Qualifications (PQs) are used to identify relevant knowledge, skills, and abilities (KSAs) as determined by business necessity. These criteria are considered preferred qualifications and are not intended to serve as minimum requirements for the position. PQs will help support selection decisions throughout the recruitment. In addition, applicants who possess these PQs will not automatically be selected.
The following are the preferred qualifications:

• Experience applying strong knowledge of network architecture, identity and access management, endpoint security, and Zero Trust design principles to design secure enterprise solutions
  
• Experience applying security frameworks such as National Institute of Standards and Technology (NIST) and International Organization for Standardization (ISO)
  
• Experience reviewing, analyzing, and documenting security configurations across systems and cloud platforms
  
• Experience assessing and prioritizing vulnerabilities, overseeing patch governance, and aligning remediation efforts with frameworks such as National Institute of Standards and Technology (NIST) and Center for Internet Security (CIS) benchmarks
  
• Experience communicating technical risk and remediation plans to engineering teams, stakeholders, and executive leadership
  

Essential Knowledge

Knowledge of (defined as a learned body of information that is required for and applied in the performance of job tasks)

• Proficiency with Security Orchestration, Automation, and Response (SOAR), SIEM, threat intelligence, identity, sandboxes, vulnerability management and Endpoint Detection and Response (EDR)/extended detection and response (XDR) technologies
• Strong understanding of threats and vulnerabilities and principles of incident response
• Strong understanding of the MITRE ATT&CK framework
• Information Technology/Operational Technology security challenges and agency-wide Cybersecurity requirements
• Applicable local, state, and federal laws, rules, and regulations governing information systems for a public agency
• Statutory and regulatory requirements, standards, and ethics pertaining to information access, audit, investigation, security, and privacy, such as PCI-DSS (Payment Card Industry Data Security Standard), California S.B. 1386, California Privacy Rights Act (CPRA), and HIPAA (Health Insurance Portability and Accountability Act)
• Theories, principles, and practices of management information systems and specified application areas Network operating systems such as Cisco Routing and Switching, Microsoft Windows, Linux/UNIX, Cloud services (SaaS, PaaS, IaaS) and other networks related to the area of assignment
• Cybersecurity frameworks (e.g., National Institute Standard Technology (NIST), International Organization for Standardization (ISO 27001)) and their application in Cybersecurity Operations Center environments
• Diverse IT infrastructure/security environments, with various IT systems, technologies, platforms, concepts, and applications
• Network architecture and design elements
• Security and contingency planning concepts, including data integrity, authentication and authorization
• Project management techniques and tools

Skill in (defined as the proficient manual, verbal, or mental utilization of data, people, or things)

• Researching computer systems, assessing potential risks, and considering possible solutions
• Analyzing situations, conducting research, defining problems, providing recommendations, and implementing solutions and alternatives based on network infrastructure
• Analyzing and evaluating system changes to determine feasibility
• Seeking out and updating knowledge on applicable systems, legislation, practices and techniques
• Communicating effectively orally and in writing and making presentations

Ability to (defined as a present competence to perform an observable behavior or produce an observable result)

• Effectively communicate technical information, issues, and solutions to multiple organizational levels internally and externally in a clear and simple way
• Educate users and explain the importance of cybersecurity and how to protect data
• Interact professionally with various levels of Metro employees and outside representatives
• Think strategically and turn ideas into actions
• Work independently and deliver results
• Prepare documentation, reports, and correspondence

• Read, write, speak, and understand English

Special Conditions

• This job specification is not to be construed as an exhaustive list of duties, responsibilities, or requirements
• The physical demands described are representative of those that must be met by the employee to successfully perform the essential functions of this job
• Metro provides reasonable accommodation to enable individuals with disabilities to perform the essential functions
• This classification is at-will and the incumbent serves at the pleasure of the hiring authority when classified as an Intermittent, Emergency, Annuitant, or Temporary employee, is assigned to the Office of Inspector General (OIG) or Board Clerk's Office, and/or reporting directly to the LACMTA Board of Directors
• Contributes to ensuring that the Equal Employment Opportunity (EEO) policies and programs of Metro are carried out

Working Conditions

• Typical office situation
• Close exposure to computer monitors and video screen
• Work irregular hours, split shifts, weekends, holidays, or 24-hour-a-day on-call assignments
• Work after designated regular hours in case of special assignments or emergencies

Physical Effort Required

• Sitting at a desk or table
• Operate a telephone or other telecommunications device and communicate through the medium
• Type and use a keyboard and mouse to perform necessary computer-based functions
• Standing
• Walking
• Communicating through speech in the English language required

(EH)

Metro is an Equal Opportunity Employer and does not discriminate on the basis of race, color, creed, ancestry, national origin, gender, marital status, sexual orientation, religion, age, veteran status, or disability. Learn more about Metro’s Equal Employment Opportunity Program . Metro does not deny participation in the application process to anyone with prior justice system involvement, in line with Fair Chance hiring practices.

Selection Procedure

Applicants who best meet job-related qualifications will be invited to participate in the examination process that may consist of any combination of written, performance, or oral appraisal to further evaluate job-related experience, knowledge, skills and abilities.

Application Procedure

To apply, visit Metro's website at www.metro.net and complete an online Employment Application.
Computers are available to complete online Employment Applications at the following Metro locations:

METRO Headquarters, Employment Office
One Gateway Plaza
Los Angeles, CA 90012
Open: Monday through Friday, 8am-4pm
(Closed Sat & Sun)

Metro Talent Hub
8501 S. Evermont Place
Los Angeles, CA 90044
Open: Monday through Friday, 9am-5pm
(Closed Sat & Sun)

East Los Angeles Customer Center
4501 B Whittier Blvd
Los Angeles, CA 90022
Open: Tuesday through Saturday, 10am to 6pm
(Closed Sun & Mon)

Wilshire/Vermont Customer Center
3183 Wilshire Blvd, Ste 174
Los Angeles, CA 90010
Open: Monday through Friday, 10am-6pm
(Closed Sat & Sun)

Rosa Parks Customer Center
Willowbrook/Rosa Parks Station
11720 Wilmington Ave
Los Angeles, CA 90059
Open: Monday through Friday, 6am to 6:30pm
(Closed Sat & Sun)

Telephone: (213) 922-6217 or persons with hearing or speech impairments can use California Relay Service 711 to contact Metro.

All completed online Employment Applications must be received by 5:00 p.m. on the closing date. Late applications will not be considered.

*Open to the public and all Metro employees

This job bulletin is not to be construed as an exhaustive list of duties, responsibilities, or requirements. Employees may be required to perform other related job duties.

*Please refer to the applicable benefit type (Regular or Temporary)*

BENEFITS FOR REGULAR EMPLOYEES

Benefits cover probationary or regular full-time (working at least 40 hrs/week) employees of Metro.

We offer a range of high-quality medical, dental and vision plan options as well as health care spending accounts for you and your family. Metro will cover a significant portion of your health care premiums.

Medical/Dental/Vision Plan - Employee has the choice of 3 separate medical plans and 3 dental plans. A separate vision plan is included in each medical plan.

Group Life Insurance - PTSC pays for an amount equal to your annual salary, rounded up to the nearest $1,000. Minimum amount of life insurance is $30,000.

Accidental Death & Dismemberment Insurance - PTSC provides $50,000 coverage for each employee. Additional voluntary coverage in amounts up to $500,000 is available at favorable premium rates.

Long-Term Disability Insurance - 100% employer paid. Provides employees with a minimum income of 60% of earnings after six months of disability. Buy up or buy down options available.

Holidays - 12 days a year: New Year's Day, Martin Luther King, Jr. Day, Presidents' Day, Memorial Day, Independence Day, Labor Day, Veterans' Day, Cesar E Chavez, Juneteenth,Thanksgiving Day, Day After Thanksgiving, and Christmas Day.

Time off with Pay (TOWP) - Compensates employees who are on approved absence from work for reasons such as illness, injury, medical and dental appointments, personal business, vacation, or observance of (a) religious holiday.
Years of Service Annual Accrual
Hire date - 5 years 20 days
Beginning of 6th - 10th year 25 days
Beginning of 11th - 15th year 30 days
Beginning of 16th + years 35 days

Pension Plan - PTSC retirement plan is the Public Employees' Retirement System (PERS). Vesting is five (5) years. Minimum retirement age is 52, based on the 2% at 62 formula.

Other Benefits: Transportation passes for employees and/or eligible dependents; Medicare; Tuition reimbursement; credit union membership; SDI; Deferred Compensation Plan; 401(K) Thrift plan; EAP; Medical and Dependent Care Flexible Spending Accounts; Flexible work schedules; and Jury Duty Pay.

BENEFITS FOR TEMPORARY EMPLOYEES

Temporary (Contingent) employees are eligible for the following benefits only:

• Kaiser medical insurance
• Public Pension Plan
• 457/401K Plan
• Flex Spending
• Paid Sick Time
• Fare Media
• Rideshare Subsidies
• Metro One Fitness membership

For more information on the Benefits Enrollment for Contingent Employees, please visit LA Metro’s Pension & Benefits website at benefits.metro.net

Closing Date/Time: 3/13/2026 5:00 PM Pacific

• 

• Los Angeles County Metropolitan Transportation Authority - LA Metro

Show more