Amtrak
Principal Incident Response Analyst - 90397444 - Remote
Amtrak, Washington, District of Columbia, us, 20022
Overview
Your success is a train ride away! As we move America's workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees. Are you ready to join our team? Our values of 'Do the Right Thing, Excel Together and Put Customers First' are at the heart of what matters most to us, and our Core Capabilities, 'Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security' are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future. Position
Principal Cyber Threat Incident Response Analyst
will play a critical role within the Amtrak Cyber Fusion Center. In this role, you will support a digital forensic cyber incident response team to effectively respond to and recover from cybersecurity incidents. You will execute the cyber incident response plan and response playbooks, ensuring timely resolution of security breaches. ESSENTIAL FUNCTIONS: As a Principal Cyber Threat Incident Response Analyst, you will provide industry-leading cyber incident response supporting the Cyber Fusion Center mission to effectively detect and respond to threats and reduce the overall impact of business risk before, during, and after an incident You will resolve security incidents quickly, effectively and at scale with complete incident response including investigation, containment to support effective remediation, and crisis management Technically navigate critical and high-profile incidents, performing digital forensic and incident response analysis with support from threat hunting and malware triage analysts Support Amtrak-wide cyber incident response engagements, examine cloud, endpoint, and network-based sources of evidence Recognize and codify attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs) that can be applied to current and future investigations Build scripts, tools, or methodologies to enhance Amtrak's incident investigation processes Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations Support Cyber Incident Exercises, Tabletops, and Cyber Incident Management Response Team with business leaders, stakeholders, and cross-functional teams Support with Crisis Management, Emergency Management, Incident Response, Legal and OIG teams to conduct and coordinate on Cyber Incident Response Activities Preferred knowledge and familiarity with Operational Technology (OT), Industrial Controls Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) systems but not required Cybersecurity certifications, courses, or hands-on experience with some of the following: Advanced Threat Detection; Hacker tools, techniques; Penetration Testing, Exploit Writing, and Ethical Hacking; Offensive Security, Security Operations, Web Application Testing, or Cloud Security; Reverse-Malware Engineering; Digital Forensics and Incident Response; PowerShell, JavaScript and Python; Relevant certifications including GIAC Certified Incident Handler (GCIH), Certified Incident Response Handler (GCFA) or similar; Experience with SIEM systems, network security tools, and log analysis tools; Experience with cyber incident response; Experience with Mitre ATT&CK framework; Experience with threat intelligence, vulnerability management, and security incident response Regularly participate in tabletop exercises designed to identify gaps, improve skills, enhance communication, and engage with stakeholders Review technical reports from vulnerability and penetration testing assessments, as well as results from tabletop exercises to identify potential future incidents Develop, refine, recommend, and maintain playbooks, policies, and procedures to ensure alignment to industry best practices MINIMUM QUALIFICATIONS: Bachelor's degree in computer science, Information Systems, Cybersecurity, or related technical field plus 7-10 years of relevant experience is required Experience on one or the combination of the below to satisfy education and experience requirements: Incident Response Vulnerability Management Digital Forensics Network or Cloud Security Penetration Testing One incident response centric certification: GIAC Certified Incident Handler (GCIH) GIAC Response and Industrial Defense (GRID) GIAC Battlefield Forensics and Acquisition (GBFA) GIAC Certified Forensic Examiner (GCFE) GIAC Advanced Smartphone Forensics GIAC Certified Forensic Analyst (GCFA) GIAC Network Forensic Analyst (GNFA) GIAC Reverse Engineering Malware (GREM) EC-Council Certified Incident Handler (E|CIH) eLearnSecurity Incident Handling & Response Professional (IHRP) SEI Computer Security Incident Handler (CSIH) NICCS Certified Incident Handler Engineer (CIHE) In depth understanding of threats, vulnerabilities and principals of incident response and chain of custody. Hands on experience with forensics tools and log correlation Ability to think like an attacker and hunt within the security tool stack Ability to incorporate the MITRE ATT&CK Framework in everyday processes PREFERRED QUALIFICATIONS: Master's degree in Cybersecurity, Information Technology, Digital Forensics, Computer Science, or equivalent technical field 10+ years of experience within the cybersecurity field Basic knowledge of Operation Technology (OT), SCADA, HVAC and/or IoT Two or more incident response centric certifications: GIAC Certified Incident Handler (GCIH) GIAC Response and Industrial Defense (GRID) GIAC Battlefield Forensics and Acquisition (GBFA) GIAC Advanced Smartphone Forensics GIAC Certified Forensic Analyst (GCFA) GIAC Network Forensic Analyst (GNFA) GIAC Reverse Engineering Malware (GREM) EC-Council Certified Incident Handler (E|CIH) SEI Computer Security Incident Handler (CSIH) NICCS Certified Incident Handler Engineer (CIHE) eLearnSecurity Incident Handling & Response Professional (IHRP) GIAC Certified Forensic Examiner (GCFE) WORK ENVIRONMENT: Amtrak offers several options for a working environment including 100% remote, on-site, and/or a hybrid schedule This is a position that requires off-hours work and on-call participation Please note your headquarters office may be in any one of Amtrak's locations across the United States. The ability and willingness to travel up to 30% to other office locations is required COMMUNICATIONS AND INTERPERSONAL SKILLS: Must have excellent oral and written communication skills. Compensation and Benefits:
The salary/hourly range is $124,600-$161,352. Pay is based on factors including education, work experience, certifications, internal equity, etc. Amtrak offers a comprehensive benefits package including health, dental, vision, HSA/FSA, 401K with employer match, life and disability insurance, paid time off, education reimbursement, Public Service Loan Forgiveness eligibility, Railroad Retirement benefits, and rail pass privileges. Learn more about benefits here. Requisition ID: 165094 Work Arrangement:
02-Remote Optional. Click here for more information about work arrangements at Amtrak. Relocation Offered:
No Travel Requirements:
0 - 5% You power our progress through your performance. We want your work at Amtrak to be more than a job. We want your career at Amtrak to be a fulfilling experience where you find challenging work, rewarding opportunities, respect among colleagues, and attractive compensation. Amtrak maintains a culture that values high performance and recognizes individual employee contributions. Amtrak is committed to a safe workplace free of drugs and alcohol. All Amtrak positions require a pre-employment background check that includes prior employment verification, a criminal history check and a pre-employment drug screen. Candidates who test positive for marijuana will be disqualified, regardless of state law. Amtrak’s pre-employment drug testing program adheres to DOT regulations. Note that education requirements may be satisfied by equivalent education, training and experience. Amtrak is an equal opportunity employer and all qualified applicants will receive consideration without regard to race/color, religion, sex, national origin/ethnicity, disability, veteran status, marital status, ancestry, sexual orientation, gender identity, gender expression, genetic information, citizenship, or any other protected characteristic.
#J-18808-Ljbffr
Your success is a train ride away! As we move America's workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees. Are you ready to join our team? Our values of 'Do the Right Thing, Excel Together and Put Customers First' are at the heart of what matters most to us, and our Core Capabilities, 'Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security' are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future. Position
Principal Cyber Threat Incident Response Analyst
will play a critical role within the Amtrak Cyber Fusion Center. In this role, you will support a digital forensic cyber incident response team to effectively respond to and recover from cybersecurity incidents. You will execute the cyber incident response plan and response playbooks, ensuring timely resolution of security breaches. ESSENTIAL FUNCTIONS: As a Principal Cyber Threat Incident Response Analyst, you will provide industry-leading cyber incident response supporting the Cyber Fusion Center mission to effectively detect and respond to threats and reduce the overall impact of business risk before, during, and after an incident You will resolve security incidents quickly, effectively and at scale with complete incident response including investigation, containment to support effective remediation, and crisis management Technically navigate critical and high-profile incidents, performing digital forensic and incident response analysis with support from threat hunting and malware triage analysts Support Amtrak-wide cyber incident response engagements, examine cloud, endpoint, and network-based sources of evidence Recognize and codify attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs) that can be applied to current and future investigations Build scripts, tools, or methodologies to enhance Amtrak's incident investigation processes Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations Support Cyber Incident Exercises, Tabletops, and Cyber Incident Management Response Team with business leaders, stakeholders, and cross-functional teams Support with Crisis Management, Emergency Management, Incident Response, Legal and OIG teams to conduct and coordinate on Cyber Incident Response Activities Preferred knowledge and familiarity with Operational Technology (OT), Industrial Controls Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) systems but not required Cybersecurity certifications, courses, or hands-on experience with some of the following: Advanced Threat Detection; Hacker tools, techniques; Penetration Testing, Exploit Writing, and Ethical Hacking; Offensive Security, Security Operations, Web Application Testing, or Cloud Security; Reverse-Malware Engineering; Digital Forensics and Incident Response; PowerShell, JavaScript and Python; Relevant certifications including GIAC Certified Incident Handler (GCIH), Certified Incident Response Handler (GCFA) or similar; Experience with SIEM systems, network security tools, and log analysis tools; Experience with cyber incident response; Experience with Mitre ATT&CK framework; Experience with threat intelligence, vulnerability management, and security incident response Regularly participate in tabletop exercises designed to identify gaps, improve skills, enhance communication, and engage with stakeholders Review technical reports from vulnerability and penetration testing assessments, as well as results from tabletop exercises to identify potential future incidents Develop, refine, recommend, and maintain playbooks, policies, and procedures to ensure alignment to industry best practices MINIMUM QUALIFICATIONS: Bachelor's degree in computer science, Information Systems, Cybersecurity, or related technical field plus 7-10 years of relevant experience is required Experience on one or the combination of the below to satisfy education and experience requirements: Incident Response Vulnerability Management Digital Forensics Network or Cloud Security Penetration Testing One incident response centric certification: GIAC Certified Incident Handler (GCIH) GIAC Response and Industrial Defense (GRID) GIAC Battlefield Forensics and Acquisition (GBFA) GIAC Certified Forensic Examiner (GCFE) GIAC Advanced Smartphone Forensics GIAC Certified Forensic Analyst (GCFA) GIAC Network Forensic Analyst (GNFA) GIAC Reverse Engineering Malware (GREM) EC-Council Certified Incident Handler (E|CIH) eLearnSecurity Incident Handling & Response Professional (IHRP) SEI Computer Security Incident Handler (CSIH) NICCS Certified Incident Handler Engineer (CIHE) In depth understanding of threats, vulnerabilities and principals of incident response and chain of custody. Hands on experience with forensics tools and log correlation Ability to think like an attacker and hunt within the security tool stack Ability to incorporate the MITRE ATT&CK Framework in everyday processes PREFERRED QUALIFICATIONS: Master's degree in Cybersecurity, Information Technology, Digital Forensics, Computer Science, or equivalent technical field 10+ years of experience within the cybersecurity field Basic knowledge of Operation Technology (OT), SCADA, HVAC and/or IoT Two or more incident response centric certifications: GIAC Certified Incident Handler (GCIH) GIAC Response and Industrial Defense (GRID) GIAC Battlefield Forensics and Acquisition (GBFA) GIAC Advanced Smartphone Forensics GIAC Certified Forensic Analyst (GCFA) GIAC Network Forensic Analyst (GNFA) GIAC Reverse Engineering Malware (GREM) EC-Council Certified Incident Handler (E|CIH) SEI Computer Security Incident Handler (CSIH) NICCS Certified Incident Handler Engineer (CIHE) eLearnSecurity Incident Handling & Response Professional (IHRP) GIAC Certified Forensic Examiner (GCFE) WORK ENVIRONMENT: Amtrak offers several options for a working environment including 100% remote, on-site, and/or a hybrid schedule This is a position that requires off-hours work and on-call participation Please note your headquarters office may be in any one of Amtrak's locations across the United States. The ability and willingness to travel up to 30% to other office locations is required COMMUNICATIONS AND INTERPERSONAL SKILLS: Must have excellent oral and written communication skills. Compensation and Benefits:
The salary/hourly range is $124,600-$161,352. Pay is based on factors including education, work experience, certifications, internal equity, etc. Amtrak offers a comprehensive benefits package including health, dental, vision, HSA/FSA, 401K with employer match, life and disability insurance, paid time off, education reimbursement, Public Service Loan Forgiveness eligibility, Railroad Retirement benefits, and rail pass privileges. Learn more about benefits here. Requisition ID: 165094 Work Arrangement:
02-Remote Optional. Click here for more information about work arrangements at Amtrak. Relocation Offered:
No Travel Requirements:
0 - 5% You power our progress through your performance. We want your work at Amtrak to be more than a job. We want your career at Amtrak to be a fulfilling experience where you find challenging work, rewarding opportunities, respect among colleagues, and attractive compensation. Amtrak maintains a culture that values high performance and recognizes individual employee contributions. Amtrak is committed to a safe workplace free of drugs and alcohol. All Amtrak positions require a pre-employment background check that includes prior employment verification, a criminal history check and a pre-employment drug screen. Candidates who test positive for marijuana will be disqualified, regardless of state law. Amtrak’s pre-employment drug testing program adheres to DOT regulations. Note that education requirements may be satisfied by equivalent education, training and experience. Amtrak is an equal opportunity employer and all qualified applicants will receive consideration without regard to race/color, religion, sex, national origin/ethnicity, disability, veteran status, marital status, ancestry, sexual orientation, gender identity, gender expression, genetic information, citizenship, or any other protected characteristic.
#J-18808-Ljbffr