Demo

SENIOR CYBERSECURITY OPERATIONS ANALYST (INFORMATION SECURITY)

Los Angeles County Metropolitan Transportation Authority (CA)
Los Angeles, CA Other
POSTED ON 7/16/2026
AVAILABLE BEFORE 7/29/2026

Monitors, detects, and responds to security incidents and collaborates with various security, crisis and emergency management teams to ensure the safety of Metro’s digital and physical assets.


Recruitment Timelines: Interviews are projected to be scheduled for the week of August 10, 2026. These dates are subject to change. We encourage you to monitor your governmentjobs.com profile and emails for the latest updates.
  • Monitor cybersecurity events across assigned environment using advanced Security Information, Threat Intelligence, and Security Information and Event Management (SIEM) tools to detect and respond to security threats and incidents.
  • Identify, analyze, and respond to security incidents, coordinating with teams to contain, mitigate, and recover from such breaches.
  • Maintain awareness of local, national, and global threats and vulnerabilities and develop mitigation strategies to protect critical networks and assets. 
  • Analyze security data to identify potential security incidents, conduct root cause analysis, and offer actionable recommendations to prevent future occurrences.
  • Identify and remediate vulnerabilities within assigned environments. 
  • Collaborate with Information Security and Information Technology Services (ITS) teams to implement security patches and updates. 
  • Maintain detailed and accurate records of security incidents, including timelines, actions taken, and outcomes. 
  • Prepare and furnish reports for management and relevant stakeholders on Cyber Security Operations Center (CSOC) activities and incident response metrics.
  • Work closely with ITS, and other technical and security teams to ensure effective communication and coordination during security incidents. 
  • Participate in cross-functional security initiatives and projects and take responsibility for associated tasks.
  • Address relevant maintenance and tuning of CSOC tools, including SIEM, IDS/IPS, firewalls, and other security technologies.
  • Address improvement plans to the development and enhancement of CSOC processes, playbooks, and procedures. 
  • Identify areas for improvement in incident response and threat detection capabilities.
  • Address innovative ideas to security awareness campaigns, based on operations and incident response activities.
     
     
May be required to perform other related job duties


A combination of education and/or experience that provides the required knowledge, skills, and abilities to perform the essential functions of the position.  Additional experience, as outlined below, may be substituted for required education on a year-for-year basis.  A typical combination includes:

Education: 
  • Bachelor’s Degree in Information Technology, Cybersecurity, Computer Science, or a related field 

Experience:
  • Five years of relevant experience performing information security, security monitoring, and incident response; some positions in this class may require specialized experience in area of assignment

Certifications/Licenses/Special Requirements
  • A valid California Class C Driver License or the ability to utilize an alternative method of transportation when needed to carry out job-related essential functions
  • Certification in one or more areas of cyber security specialization: Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), or equivalent preferred 
  • Ability to work in a secure CSOC environment, which may require extended periods of time sitting and working at a computer
  • This is a 24/7 operation, and the role may require working in shifts, including nights, weekends, and holidays, to ensure continuous monitoring and response.

Preferred Qualifications

Preferred Qualifications (PQs) are used to identify relevant knowledge, skills, and abilities (KSAs) as determined by business necessity. These criteria are considered preferred qualifications and are not intended to serve as minimum requirements for the position. PQs will help support selection decisions throughout the recruitment. In addition, applicants who possess these PQs will not automatically be selected.


  • Experience supporting day-to-day operations in a Security Operations Center (SOC) or similar security operations environment.
  • Experience analyzing and correlating logs across enterprise tools (like Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), Non-Delivery Report (NDR), Identity and Access Management (IAM), and cloud platforms) to understand endpoint, email, networks, identity, and cloud security controls, identify root causes, and track attacker behavior.
  • Experience contributing to the development or improvement of Security Operations Center (SOC) playbooks, escalation paths, or response workflows.
  • Experience operating in regulated, high-risk, or mission-critical environments, with the ability to communicate technical information clearly to both technical and non-technical audiences.
  • Experience participating in incident response, including triaging alerts, investigating threats, and helping contain, mitigate, or recover from security incidents.
  • Experience utilizing common cybersecurity frameworks (such as National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO 27001), or Cybersecurity and Infrastructure Security Agency (CISA) guidance) to prepare incident or activity reports for technical teams or management.

Knowledge of (defined as a learned body of information that is required for and applied in the performance of job tasks)
  • Information Technology/Operational Technology security challenges and agency-wide Cybersecurity requirements. 
  • Cybersecurity frameworks (e.g., National Institute Standard Technology (NIST), International Organization for Standardization (ISO 27001)), Cybersecurity and Infrastructure Security Agency (CISA) and their application in Cybersecurity Operations Center environments.
  • Diverse IT infrastructure/security environments, with various IT systems, technologies, platforms, concepts, and applications.
  • Applicable local, state, and federal laws, rules, and regulations governing information systems for a public agency.
  • Statutory and regulatory requirements, standards, and ethics pertaining to information access, audit, investigation, security, and privacy, such as PCI-DSS (Payment Card Industry Data Security Standard), California S.B. 1386, California Privacy Rights Act (CPRA), and HIPAA (Health Insurance Portability and Accountability Act).
  • Theories, principles, and practices of management information systems and specified application areas Network operating systems such as Cisco Routing and Switching, Microsoft Windows, Linux/UNIX, Cloud services (SaaS, PaaS, IaaS) and other networks related to the area of assignment
  • Network architecture and design elements
  • Security and contingency planning concepts, including data integrity, authentication and authorization
  • Project management techniques and tools

Skill In (defined as the proficient manual, verbal, or mental utilization of data, people, or things)
  • Researching computer systems, assessing potential risks, and considering possible solutions
  • Analyzing situations, conducting research, defining problems, providing recommendations, and implementing solutions and alternatives based on network infrastructure
  • Analyzing and evaluating system changes to determine feasibility
  • Seeking out and updating knowledge on applicable systems, legislation, practices and techniques
  • Communicating effectively orally and in writing and making presentations

Ability to (defined as a present competence to perform an observable behavior or produce an observable result)
  • Effectively communicate technical information, issues, and solutions to multiple organizational levels internally and externally in a clear and simple way
  • Educate users and explain the importance of cybersecurity and how to protect data
  • Interact professionally with various levels of Metro employees and outside representatives
  • Think strategically and turn ideas into actions
  • Work independently and deliver results
  • Prepare documentation, reports, and correspondence
  • Read, write, speak, and understand English

Special Conditions
  • This job specification is not to be construed as an exhaustive list of duties, responsibilities, or requirements
  • The physical demands described are representative of those that must be met by the employee to successfully perform the essential functions of this job
  • Metro provides reasonable accommodation to enable individuals with disabilities to perform the essential functions
  • This classification is at-will and the incumbent serves at the pleasure of the hiring authority when classified as an Intermittent, Emergency, Annuitant, or Temporary employee, is assigned to the Office of Inspector General (OIG) or Board Clerk's Office, and/or reporting directly to the LACMTA Board of Directors
  • Contributes to ensuring that the Equal Employment Opportunity (EEO) policies and programs of Metro are carried out

Working Conditions
  • Typical office situation
  • Close exposure to computer monitors and video screen
  • Work irregular hours, split shifts, weekends, holidays, or 24-hour-a-day on-call assignments
  • Work after designated regular hours in case of special assignments or emergencies
  • Local Travel

Physical Effort Required
  • Sitting at a desk or table
  • Operate a telephone or other telecommunications device and communicate through the medium
  • Type and use a keyboard and mouse to perform necessary computer-based functions
  • Standing
  • Walking 
  • Good distance vision and/or depth perception to judge distances
  • Communicating through speech in the English language required
(TL)

Salary : $109,470 - $164,195

If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a SENIOR CYBERSECURITY OPERATIONS ANALYST (INFORMATION SECURITY)?

Sign up to receive alerts about other jobs on the SENIOR CYBERSECURITY OPERATIONS ANALYST (INFORMATION SECURITY) career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$114,790 - $146,930
Income Estimation: 
$142,618 - $183,267
Income Estimation: 
$115,647 - $153,495
Income Estimation: 
$112,673 - $137,290
Income Estimation: 
$139,945 - $168,577
Income Estimation: 
$140,233 - $181,029
Income Estimation: 
$161,209 - $233,553
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Los Angeles County Metropolitan Transportation Authority (CA)

  • Los Angeles County Metropolitan Transportation Authority (CA) Los Angeles, CA
  • Supervises personnel in the repair and maintenance of rail track, including its supporting infrastructure, to help ensure a safe track structure for the pu... more
  • 8 Days Ago

  • Los Angeles County Metropolitan Transportation Authority (CA) Los Angeles, CA
  • The Workers Compensation Analyst position is required to evaluate claims in accordance with the California Labor Code, and WCAB procedures, ensuring timely... more
  • 9 Days Ago

  • Los Angeles County Metropolitan Transportation Authority (CA) Los Angeles, CA
  • Performs senior-level technical planning, programming, or project support and performs a range of functions in an assigned organizational unit. The Senior ... more
  • 10 Days Ago

  • Los Angeles County Metropolitan Transportation Authority (CA) Los Angeles, CA
  • Basic Function Under moderate supervision, repairs damage to revenue bus bodies. Repairs damaged bodies and body parts of revenue buses using a variety of ... more
  • 10 Days Ago


Not the job you're looking for? Here are some other SENIOR CYBERSECURITY OPERATIONS ANALYST (INFORMATION SECURITY) jobs in the Los Angeles, CA area that may be a better fit.

  • Fox Rothschild Los Angeles, CA
  • As a member of the Information Services Department, the Senior Analyst, Cybersecurity Operations & Response supports the execution and continuous improveme... more
  • 21 Days Ago

  • GFT. Los Angeles, CA
  • GFT is looking for a Cybersecurity Analyst to join our Safety and Security team. This person will work directly with our client, who is located in downtown... more
  • 10 Days Ago

AI Assistant is available now!

Feel free to start your new journey!