Cyber Security Operational, Technology & Engineer Fellow (Fall)
Description
Department: MTA IT
Location: 2 Broadway, New York, NY 10004
Position Title: Cyber Security Operational, Technology & Engineer Fellow
Hourly Rate: $21.00 (Undergraduate)
All internship positions are onsite and require regular, in-person attendance at the designated work location.
OVERVIEW OF DEPARTMENT:
The MTA IT Cybersecurity group is responsible for safeguarding the agency’s information systems, operational technology assets, and data through monitoring, incident response, and implementation of security controls. The division ensures visibility, detection, and response capabilities across all mission‑critical environments.
The intern will assist in enhancing cybersecurity incident response readiness by conducting asset discovery, validating visibility across log and detection sources, and identifying monitoring coverage gaps within a selected agency. They will focus heavily on tuning SIEM and IDS tools by reviewing existing configurations, assessing detection logic, and identifying missing or misconfigured log sources. This position begins in Fall 2026; candidates should be ready to commit minimum of 12‑months in the role.
RESPONSIBILITIES:
- Review cybersecurity incident response documentation and identify systems and playbooks in scope.
- Access and evaluate SIEM, IDS, and existing asset inventories.
- Build and maintain an asset coverage matrix for visibility assessment.
- Identify missing log sources, blind spots, and undocumented assets.
- Validate SIEM and IDS detections for key asset categories.
- Categorize identified gaps based on risk, visibility, and detection coverage.
- Recommend prioritized remediation steps, including “quick wins” for monitoring improvements.
- Assist in creating new SIEM dashboards or detection views to improve operational visibility.
PROJECTS:
The intern will be accountable for the following three key projects:
- Creation of a comprehensive asset coverage matrix for a selected MTA agency.
- Analysis and documentation of visibility and detection gaps across SIEM, IDS, and other data sources.
- Development of “quick win” improvements such as identifying missing log sources and building new SIEM dashboards to enhance monitoring.
REQUIRED QUALIFICATIONS:
- Proficiency in Microsoft Office Suite is a must.
- The candidate should possess organizational, analytical and communication skills.
- The candidate should be able to work well under pressure and prioritize tasks effectively.
- The candidate should have a keen eye for detail and be able to work independently while being an active team player.
- Knowledge of cybersecurity fundamentals, including logging, monitoring, SIEM, and incident response.
- Familiarity with networking concepts, asset inventories, and basic security tools.
- Experience with tools like Splunk and OT Network based IDS tools.
REQUIRED EDUCATION:
- Matriculated in an undergraduate program in good standing with at least 2.5 GPA.
- Major(s) Preferred: Cybersecurity, Computer Science, IT, or related field.
All applicants must be authorized to work in the United States at the time of application. Students’ transcript must be submitted.
Equal Employment Opportunity
MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities. The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.